Legal

Privacy Policy

Last updated: March 2026

Privacy Policy for Closebills

Version 2.0 Effective date: 15 March 2026

1. Information about the collection of personal data and contact details of the person responsible

1.1 Personal data is all data with which you can be personally identified. This Privacy Policy explains how We collect, use, and protect Your personal data when You use the Closebills application (the "Application").

1.2 The data controller responsible for Your personal data within the meaning of the General Data Protection Regulation (GDPR) is:

Closebills (operated by Felipe Fernandes) Via Marchese Visconti 2, Torino, Italy Email: felipe@closebills.com Website: closebills.com

2. Description of Service

Closebills is a mobile application that allows You to track Your recurring or fixed expenses such as subscriptions, bills, rent, and utilities. You can add, manage, and monitor Your fixed payments to better organise Your personal finances. The Application does not provide financial advice, banking services, or payment processing.

3. Contact

When You contact Us through email or other channels, the personal information You provide (e.g. name, email address, message content) is collected exclusively to respond to Your request. This data is stored and used exclusively for the purpose of answering Your request and is deleted once the matter is resolved, unless legal obligations require further retention.

4. Data Collected and Purposes

We collect only the data needed to provide and improve the Service.

Account Information — Email address, User ID (Firebase Auth)

  • Purpose: Create and manage Your account; authenticate login.
  • Legal Basis: Contract (service performance).
  • Retention: Until account deletion. No data retained after deletion.
  • Shared With: Firebase Authentication (Google).

Device/Usage Identifiers — Device identifiers (Firebase Auth token, IDFV), Analytics IDs

  • Purpose: App functionality; analytics and improvements.
  • Legal Basis: Legitimate interest (analytics) / Consent (where required by ePrivacy).
  • Retention: 26 months (Google Analytics default), or shorter if law requires.
  • Shared With: Google Analytics (Firebase Analytics).

Usage Data — App usage logs (pages viewed, features used), Crash/error reports

  • Purpose: App performance improvement and troubleshooting.
  • Legal Basis: Legitimate interest.
  • Retention: 26 months (per Google Analytics settings).
  • Shared With: Google Analytics, Firebase Crashlytics.

System and Device Data — IP address, Hardware/OS info

  • Purpose: Security, performance monitoring, fraud prevention.
  • Legal Basis: Legitimate interest.
  • Retention: 1–2 years (for security) or as required by law.
  • Shared With: Firebase (Google).

We do not collect location, contacts, photos, health, or payment information. We do not collect or share user-generated content (none is uploaded in-app). We do not collect the Advertising Identifier (IDFA) and do not perform cross-app tracking. We do not make automated decisions that produce legal or similarly significant effects about You, and We do not use Your data for profiling purposes.

5. Data processing for contract processing

5.1 To fulfil the contract (Your use of the Application), We may rely on service providers who assist with hosting, authentication, and payment infrastructure.

5.2 In-app subscriptions are processed through the respective Application Store (Apple App Store or Google Play Store). We do not directly process or store Your payment information. Payment data is handled entirely by Apple or Google according to their respective privacy policies.

6. Third-Party Services and Sharing

We use the following Google services to process user data:

  • Firebase Authentication — manages user sign-up and login.
  • Cloud Firestore — stores user account data and app data.
  • Google Analytics (Firebase Analytics) — collects anonymous usage data for app improvement.
  • Firebase Crashlytics — collects crash logs and device information for troubleshooting. This information does not contain personal data. You may disable crash reporting at any time through the Application settings.

Firebase services may process data on Google Cloud servers worldwide. Google maintains appropriate safeguards (e.g. Standard Contractual Clauses for data transfers outside the EU) and certifications (ISO 27001 and SOC 2).

We will not sell or share Your personal data with advertisers or other third parties beyond Google's services listed above.

7. Cookies and Tracking

Closebills uses cookies and similar technologies. We use Firebase (which uses tokens/cookies for authentication and performance) and Google Analytics (which uses cookies and device identifiers to measure usage).

We do not use the Advertising Identifier (IDFA) for ads and do not perform cross-app advertising tracking. We may use the Identifier for Vendors (IDFV) for analytics within our own apps, which under Apple's rules does not require an ATT prompt.

Where EU ePrivacy law requires consent before placing analytics cookies or using tracking identifiers, We will obtain Your consent via an in-app prompt before analytics are activated. You can opt out of analytics by disabling tracking on Your device (e.g. iOS Settings > Privacy > Tracking) or by declining the in-app analytics consent prompt.

8. Rights of the data subject

8.1 Under GDPR (and Italian law) Your data is processed lawfully. Account data is processed to fulfil Our contract with You (account creation, subscription). Analytics and security data rely on Our legitimate interest in improving the Application and protecting it — We have conducted a Legitimate Interest Assessment balancing Our interests against Your rights, and a summary is available on request. If We ever send marketing emails, We will do so only with Your consent.

You have the following rights under GDPR:

  • Access — request a copy of Your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of Your data.
  • Restriction — limit how We process Your data.
  • Objection — object to processing based on legitimate interest.
  • Portability — receive Your data in a structured, machine-readable format.
  • Withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact Us at felipe@closebills.com. We will respond within 30 days of receipt. If Your request is complex, We may extend this period by a further two months, in which case We will notify You within the first 30 days.

8.2 Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes at any time. To do so, contact Us at felipe@closebills.com.

If unsatisfied with Our response, You may lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

9. Account Deletion and Data Erasure

You may delete Your account at any time directly within the Application by navigating to Settings > Account > Delete Account. You may also request deletion by emailing Us at felipe@closebills.com.

When You delete Your account:

  • All Your personal data (account information, bills, preferences, and any other data associated with Your account) will be permanently erased within 30 days.
  • No personal data will be retained after deletion. We do not keep backups of deleted user data.
  • Anonymised, aggregated analytics data (which cannot identify You) may remain in Google Analytics.
  • This action is irreversible.

10. Security

We implement technical and organisational measures to protect Your data. Firebase and Google Cloud are ISO 27001 certified and undergo regular SOC 2 audits. Communication is encrypted (HTTPS), and databases are secured. Access to personal data is restricted to Felipe Fernandes and Google's infrastructure.

11. Children's Privacy

Closebills is not directed at children under 14. We do not knowingly collect data from minors below Italy's digital consent age (14). If We become aware of data from such minors, We will promptly delete it. Parents should supervise usage of apps by their children.

12. International Data Transfers

Your data may be processed on Google Cloud servers located outside the European Economic Area (EEA). When this occurs, Google ensures adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission and maintains certifications including ISO 27001 and SOC 2. We do not independently transfer data outside the EEA beyond what is necessary for the third-party services listed in Section 6.

13. Updates to This Policy

We may update this Privacy Policy occasionally. The latest version is always available at closebills.com/privacy and within the Application. We will notify You of material changes by email or in-app notification at least 30 days before they take effect.

By continuing to use the Application following that notice period, You accept the updated Policy for processing based on contract or legitimate interest. Where changes affect consent-based processing, We will seek fresh consent.

14. Contact

For any questions, data requests, or privacy concerns, contact:

Closebills (operated by Felipe Fernandes, Data Controller) Via Marchese Visconti 2, Torino, Italy Email: felipe@closebills.com Website: closebills.com

We will respond to all inquiries within 30 days.