Privacy Policy

Last updated: 17 May 2026

Tangerine ("we", "our", "the app") is a shared-expense tracker for iOS. This Privacy Policy explains what data we collect, why, and how it's used. By using Tangerine you agree to the practices described below.

1. Data we collect

• Account information. When you sign up via Sign in with Apple or Sign in with Google, we receive your email address and (if you choose to share it) your display name and avatar URL.
• Profile data. Display name, avatar emoji and colour, and default currency, all of which you choose in the app.
• Phone number. After signing in, you're asked to add a phone number with country code. We store it to let other Tangerine users add you as a friend or to a group by phone, and so we can show you the people you already share groups with by name. Your phone number is never shared with anyone outside the groups and friendships you've explicitly joined. You can change or remove your phone number at any time in Account → Phone number; removing it frees the number for someone else to claim. We do not currently verify ownership of the phone number (no SMS/WhatsApp code) — that may be added in a future release.
• Contacts data (only when you tap "Choose from Contacts"). When you tap that button in Add Friend or Add Members, iOS shows its system contact picker. The contact you pick — and only that contact — is returned to us; we never read the rest of your address book and we do not request the iOS Contacts permission. The picked name and phone are pre-filled in the form so you can add the friend or member with one tap. We do not upload your contacts to our server, hash them, or share them with anyone.
• Group cover photos. If you upload a custom photo as a group icon, the JPEG is stored on Supabase Storage in a bucket readable only by members of that group via signed-URL convention. You and other members of the group can replace or remove the photo at any time.
• Expense data. Group names, member lists, expense descriptions, amounts, currencies, dates, payers and split details, settle-up payments, and comments. This is the core data the app exists to manage.
• Device tokens. An Apple Push Notification Service (APNs) token so we can deliver push notifications about activity that involves you.
• Diagnostic logs. Crash reports and performance metrics provided by Apple's built-in App Analytics, only if you opted in via your iPhone's Privacy & Security settings.

2. How we use your data

• To run the app: store and sync expenses, groups, friendships, and your phone-number-to-account link across your devices and the people you share groups with.
• To authenticate you and protect your account.
• To let you and other users find each other by phone number when adding friends or group members.
• To send notifications about new expenses, settle-ups and comments that involve you.
• To deliver non-personalised advertising via Google AdMob (unless you have an active "Remove Ads" subscription).
• To respond to your support requests.

3. Where your data lives

Account, profile and expense data is stored on Supabase's managed Postgres infrastructure (eu-central-1, Frankfurt). Authentication is handled by Apple and Google's identity providers. Subscription billing is handled by Apple. Avatars and profile imagery, where present, are stored on Supabase Storage.

4. Third parties we share data with

• Supabase (database, storage, push delivery infrastructure)
• Apple (authentication, push delivery, in-app purchases, App Store analytics)
• Google (authentication, AdMob non-personalised advertising, User Messaging Platform consent)

We do not sell your data. We do not run personalised advertising — every ad request is sent with the npa=1 flag.

5. Data retention

Account and expense data is kept for as long as your account is active. When you delete your account in the app (Account → Delete my account), the row is marked for deletion immediately and the data is permanently removed within 30 days.

6. Your rights

If you live in the EU (including the Czech Republic) or the UK, you have the right under the GDPR to access, correct, port and delete your personal data, and to object to processing. Most of these rights you can exercise directly in the app. For anything you can't do in-app, email harryattenborough@gmail.com and we'll respond within 30 days. The data controller is Harry Attenborough, Czech Republic.

7. Children

Tangerine is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we'll delete it.

8. Changes

We'll update this policy when our practices change. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

Questions, concerns, or requests: harryattenborough@gmail.com.

This document is a starting point and not legal advice. Have a solicitor review before relying on it for a public launch.