Privacy Policy
1. Responsible
Responsible within the meaning of the General Data Protection Regulation (GDPR):
Adrian Berisha
Kaiserstraße 42
73760 Ostfildern
Germany
mail@adrianberisha.de
2. General Information on Data Processing
The protection of your personal data is important to us. This privacy policy informs you about which data is processed in the iOS app “Cash Goat”, for what purpose, and on what legal basis.
The app can be used entirely without online services. In this case, no personal data is transmitted.
3. Use of the App Without Online Services (Offline Mode)
3.1 Processed Data
When using the app exclusively offline, all data is stored locally on the user’s device only. This includes in particular:
- Income and expenses (transactions)
- Created accounts, categories, and other budgeting data
3.2 Personal Reference
In offline mode, no personal data within the meaning of the GDPR is processed. There is no cloud storage, no synchronization, and no disclosure to third parties.
4. Use of Online Services
4.1 User Account
To use certain features (e.g. data synchronization or sharing debts), the creation of a user account is required.
The following login options are available:
- Sign in with Apple
- Anonymous login
Optionally, the user may voluntarily provide a display name that is visible to other users.
4.2 Data Processed When Using Online Services
When using online services, only the data that the user actively enters into the app is processed, in particular:
- Transactions (income and expenses)
- Debt information
- Accounts, categories, and other budgeting data
- Optional: display name
4.3 Cloud Storage
To provide the online features, the data entered by the user is stored in a cloud infrastructure.
Among others, the following cloud providers are used:
- Amazon Web Services (AWS)
- Google Cloud Platform
These providers are used exclusively as data processors in accordance with Art. 28 GDPR.
5. International Data Processing
The app is intended for users worldwide, including outside the European Union.
When processing data outside the EU or the EEA, it is ensured that an adequate level of data protection exists, in particular through the use of EU standard contractual clauses and appropriate technical and organizational measures.
6. Legal Bases for Data Processing
The processing of personal data is carried out on the basis of the following legal grounds:
- Art. 6(1)(b) GDPR – Performance of a contract
7. Deletion and Data Retention Period
7.1 Offline Data
Data stored offline remains exclusively on the user’s device and can be deleted by the user at any time.
7.2 Online Data and User Accounts
- Anonymous login: Deletion of the user account and all associated data after approximately 30 days of inactivity.
- Sign in with Apple: Deletion of the user account and all associated data after approximately 2 years of inactivity.
Manual deletion by the user is possible at any time.
8. Data Sharing
Personal data is not shared with third parties unless it is technically necessary to provide the online services or required by law.
The data is not used for advertising, tracking, or analytics purposes.
9. Rights of Data Subjects
Users have the following rights in particular:
- Right of access (Art. 15 GDPR)
- Right to rectification (Art. 16 GDPR)
- Right to erasure (Art. 17 GDPR)
- Right to restriction of processing (Art. 18 GDPR)
- Right to data portability (Art. 20 GDPR)
10. Data Security
Appropriate technical and organizational measures are implemented to protect the data against misuse and unauthorized access.
11. Changes to This Privacy Policy
This privacy policy may be updated in the event of legal or functional changes.
12. Contact
If you have questions about data protection or about exercising your rights:
Status: December 2025
Back to Homepage