Cookie & Tracking Policy
Rules on app-level tracking, Firebase Analytics and AdMob data processing.
Cookie & Tracking Policy
Cashletics mobile application — English version
⚠️ GOVERNING LANGUAGE NOTICE This document is an English translation of the Hungarian Cookie & Tracking Policy (CK-001). In case of any discrepancy between the Hungarian and English versions, the Hungarian version shall prevail. Hungarian version: https://cashleticsapp.com/legal.php?slug=cookie-tracking&lang=hu |
| Data Controller | Mózer Ferenc (sole trader / egyéni vállalkozó) 6044 Kecskemét, Hetény-Belsőnyír 268/2., Hungary |
| Effective date | 5 July 2026 |
| Version | v1.5 | 2026 |
| Scope | App-side Firebase services only — the website is tracker-free |
| Governing language | Hungarian (CK-001) — this EN version is a translation |
1. Introduction and Scope
| ✅ The cashleticsapp.com website is completely tracker-free. No Google Analytics, Meta Pixel, Google Tag Manager, Firebase web SDK, or any other cookie / tracking script is used. No cookie banner is required on the website. |
This policy applies exclusively to the in-app tracking technologies used by the Cashletics mobile application: Firebase Analytics, Crashlytics (future), Firebase Cloud Messaging (future), and Google AdMob. These do not use traditional cookies but app-level identifiers.
This policy also forms the basis for completing the Google Play Data Safety form (GPS-001).
2. Cookies vs App-Level Tracking
| Type | Description | In Cashletics |
|---|---|---|
| Web cookie | Small text file stored in browser; used by websites to track visitors | NOT used — website is tracker-free |
| App-level identifier | Unique ID used by mobile app (e.g. Firebase Instance ID) | Used by Firebase Analytics and AdMob |
| Device identifier | Android ID, Advertising ID (GAID) | Used by AdMob for advertising (consent-gated) |
3. Firebase Analytics
| Parameter | Value |
|---|---|
| Provider | Google LLC / Firebase Analytics |
| Purpose | Usage data analysis, app development, error detection |
| Data collected | Usage events, session duration, screen views, device type, OS version, app version |
| Identifier | Firebase Instance ID (unique per app install, resettable) |
| IP address handling | Anonymised (last octet masked) |
| Data storage location | Google LLC servers (USA) — EU-US DPF basis |
| Retention period | 14 months (Firebase default) |
| Legal basis | GDPR Art. 6(1)(a) consent for Firebase Analytics; GDPR Art. 6(1)(f) legitimate interests only for technical bug/crash diagnostics |
| Can be disabled? | Yes — App > Settings > Data & Privacy > Disable Analytics |
| Play Store Data Safety | Must declare: “Analytics” and “App interactions” data types |
Google Consent Mode v2
In GDPR regions (EU/EEA), Firebase Analytics operates on user consent. Without consent, Analytics collection is disabled or may operate only in a legally permitted non-personal/aggregated mode.
4. Firebase Crashlytics (currently inactive)
| Crashlytics is currently NOT active. If activated in future, this policy will be updated and the trigger in the SZ-001 Internal Policy update matrix will apply. |
Expected data scope (if activated): crash reports, stack traces, device state at time of crash. Legal basis: Art. 6(1)(f) legitimate interests (bug fixing). Retention: 90 days.
5. Firebase Cloud Messaging — FCM (currently inactive)
| FCM is currently NOT active. If activated in future, this policy will be updated. |
Expected data scope (if activated): FCM token (push identifier), device identifier. Purpose: sending push notifications. Legal basis: Art. 6(1)(a) consent (opt-in required). Withdrawable at any time.
6. Google AdMob — Ad Tracking
In the free version, the Google AdMob SDK is active. Pro subscribers use the application ad-free — AdMob is NOT active for them.
| Parameter | Value |
|---|---|
| Provider | Google LLC / AdMob |
| Purpose | Ad serving, advertising effectiveness measurement |
| Identifiers | Google Advertising ID (GAID), Android ID |
| Data collected | Ad impressions, clicks, rewarded ad completions, IP address (anonymised) |
| Data storage location | Google LLC servers (USA) — EU-US DPF basis |
| Legal basis | GDPR Art. 6(1)(a) consent |
| Applies to | Free users only — inactive for Pro subscribers |
| Can be disabled? | Yes — withdraw consent, or upgrade to Pro |
| Play Store Data Safety | Must declare: “Advertising or marketing”, “Device or other IDs” |
Ad personalisation and opt-out
The Google Advertising ID (GAID) can be reset or disabled at any time by the user: Android > Settings > Google > Ads > Delete Advertising ID.
7. Website (cashleticsapp.com) — Tracker-Free
| ✅ The website uses only essential functional cookies (session management where required). No analytics, marketing, or tracking cookies are used. |
| Tracker / tool | Status | Note |
|---|---|---|
| Google Analytics 4 (GA4) | ❌ NOT active | Not integrated |
| Google Tag Manager (GTM) | ❌ NOT active | Not integrated |
| Meta Pixel (Facebook) | ❌ NOT active | Not integrated |
| Firebase web SDK | ❌ NOT active | Not integrated |
| Hotjar / Microsoft Clarity | ❌ NOT active | Not integrated |
| Google Consent Mode v2 | ❌ Not required | No trackers to manage |
| Cookie banner | ❌ Not required | No trackers present |
8. Consent and Withdrawal
For tracking methods that require consent (Analytics in GDPR regions, AdMob), the application uses the following mechanism:
| Tracking tool | How consent is given | How to withdraw |
|---|---|---|
| Firebase Analytics | In-app consent flow — step 5 (CK-001-EN basis) | App > Settings > Data & Privacy > Disable Analytics |
| AdMob (free version) | In-app consent flow — step 5 | App > Settings > Ads / upgrade to Pro |
| FCM (when active) | System-level push permission request | System Settings > Notifications > Cashletics |
| Crashlytics (when active) | At app launch | App > Settings > Data & Privacy |
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal (GDPR Art. 7(3)).
9. Google Play Data Safety — Pre-filled Overview
Detailed field-by-field Play Console guide: GPS-001. The table below summarises declarations relevant to CK-001-EN:
| Data Safety question | Cashletics answer | Reason |
|---|---|---|
| Does the app collect data? | YES | Firebase Analytics, AdMob, account data |
| Is data shared with third parties? | YES (AdMob, Analytics) | Google LLC data processors |
| Is data encrypted in transit? | YES | HTTPS/TLS |
| Account deletion request mechanism? | YES | fiok-torlese.php + privacy@cashleticsapp.com |
| Independent security review? | NO (at launch) | optional later / not a launch blocker |
| Health info collected? | YES (optional) | Step count — Health Connect / HealthKit |
| Financial info collected? | YES (user-provided) | Income/expense records |
| Device or other IDs? | YES | Android ID (AdMob), Firebase Instance ID |
10. Contact and Complaints
| Cookie/tracking questions | privacy@cashleticsapp.com |
| Supervisory authority (NAIH) | www.naih.hu | ugyfelszolgalat@naih.hu |
| Current version (EN) | https://cashleticsapp.com/legal.php?slug=cookie-tracking&lang=en |
| Hungarian version (CK-001) | https://cashleticsapp.com/legal.php?slug=cookie-tracking&lang=hu |
⚠️ GOVERNING LANGUAGE NOTICE This document is an English translation of the Hungarian Cookie & Tracking Policy (CK-001). In case of any discrepancy between the Hungarian and English versions, the Hungarian version shall prevail. Hungarian version: https://cashleticsapp.com/legal.php?slug=cookie-tracking&lang=hu |
Next review: 5 July 2027.