nexo

Legal

Privacy Policy

Last updated: July 12, 2026

1. Who We Are

Nexo ("the App", "we", "us") is an expense-tracking application operated by Khaw Jyh Boon, an individual. This Privacy Policy explains what personal data we collect, why, how we protect it, and the rights you have over it.

If you have any questions, contact us at support@nexoexpenses.com.

2. Data We Collect

a. Account data

b. Financial records you enter

c. Subscription & purchase data

d. Technical data

What we do NOT collect

3. How We Use Your Data

PurposeData usedLegal basis
Provide the core service (storing and displaying your records)Account data, financial recordsContract performance
Sync data across your devices and with shared usersAccount data, financial recordsContract performance
Managing your subscription (activating Premium features, verifying entitlements, preventing trial abuse)Subscription & purchase data, account dataContract performance
Account security and fraud preventionAccount data, technical dataLegitimate interest
Fixing bugs and improving the AppTechnical dataLegitimate interest
Service emails (e.g., password resets, important notices)Email addressContract performance
Promotional emails and messages (optional)Email addressConsent — you can opt out anytime

4. Emails & Messages Settings

You can turn off all promotional and marketing communications at any time in Settings → Personal Data & Privacy (or by using the unsubscribe link in any email). Turning this off does not affect essential service messages such as password-change alerts or security notices.

5. Where Your Data Is Stored

Your data is stored on secure cloud infrastructure provided by Supabase, Inc., with servers located in Mumbai, India (AWS ap-south-1). Data is encrypted in transit (TLS) and at rest.

6. Data Sharing

We share data only with:

  1. Users you choose to share with — when you join or create a shared expense group, members of that group can see the records within it.
  2. Service providers — providers that process data on our behalf under contractual safeguards:
    • Supabase, Inc. — database, authentication, and file storage
    • RevenueCat, Inc. — subscription management. RevenueCat receives an anonymized app-user ID, purchase history, subscription status, and basic device information in order to validate purchases and manage your entitlements. See RevenueCat's privacy policy at www.revenuecat.com/privacy for details.
    • Apple App Store / Google Play — payment processing for subscriptions. They handle your payment details under their own privacy policies; we never see your card information.
  3. Legal requirements — if required by law, court order, or to protect the rights and safety of users.

We never sell or rent your personal data to third parties for marketing.

7. Data Retention

8. Your Rights

Depending on your location, you have rights under the Philippine Data Privacy Act of 2012 (RA 10173), the GDPR (if you are in the EU), and similar laws, including the right to:

To exercise any of these rights, email us at support@nexoexpenses.com. We will respond within 30 days.

In-app controls

9. Security

We use industry-standard measures to protect your data, including encrypted connections, hashed credentials, role-based access controls, and row-level security so users can only access their own or shared records. No system is 100% secure, so please use a strong, unique password.

10. Children

Nexo is not intended for anyone under 18, and we do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it.

11. International Transfers

Because our infrastructure may be located outside your country, your data may be transferred and stored internationally. We take reasonable steps to ensure equivalent protection wherever data is processed.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be announced in the App or by email, and the "Last updated" date will be revised. Continued use after changes take effect constitutes acceptance.

13. Contact & Data Protection