Privacy Policy

Effective Date: May 13, 2026

This Privacy Policy describes how SaBooks ("we", "us", or "the app") handles information when you use the SaBooks mobile and web application. By using SaBooks, you agree to the practices described below.

1. What We Collect — and What We Don't

We do not collect, read, or share the data you enter into the app. Your clients, projects, proposals, invoices, line items, payments, expenses, agenda events, materials lists, account name, phone number, address, company name, and logo are stored only in your own private Firestore database under your authenticated email. We — the developers — have no scheduled access to those records, do not run analytics over them, and have no plans to do so. They are not used for advertising, profiling, training models, or any commercial purpose.

We do collect anonymous, aggregate app-usage statistics through Firebase Analytics so we can see how many people install and use the app, where they sign in from, and which screens get the most use. This data is keyed to an anonymous, app-install identifier — not your name, email, or any record you've entered. We never associate analytics events with your identity, and we do not call any "user ID" function in the analytics SDK. The specific events the app reports and the data each one carries are listed in Section 5.

We also collect anonymous crash and error reports through Firebase Crashlytics so we can see when the app crashes or hits an unexpected error and fix it. Each report contains a stack trace, the device model and operating system, and the app version — nothing else from your account. We strip email-pattern substrings out of every error message before it leaves your device so a Firestore path like users/jane@example.com/clients/... appearing inside an error never reaches Crashlytics. Crash reports are keyed to the same anonymous install identifier as analytics; we do not call any "user ID" function in the crash SDK either.

2. Data You Enter — Stored in Your Own Cloud Account

So the app can work across your devices, the records you enter are stored in a private Google Firebase (Firestore) database. The data is scoped to your authenticated email, and Firestore security rules block all access except by the signed-in account that owns it. The records stored on your behalf are:

• Your account profile: name, phone number, business address, company name, and an optional company logo.
• Your business records: clients, projects, proposals, invoices, line items, payments, and expenses that you choose to enter.
• Authentication identifiers from your chosen sign-in provider (Google, Apple, or a hidden email/password reviewer account).

If you sign in with Apple's "Hide my email" option, Apple substitutes a private relay address. SaBooks treats that relay address as your account key — the same way it would treat any other email.

3. Data Usage

The records you enter are used solely to:

• Generate proposals, invoices, payment receipts, and expense entries.
• Display your records back to you across your signed-in devices.
• Pre-fill recipient fields when you choose to send a document by email.

The records you enter are never used for advertising, profiling, behavioral analytics, ad targeting, or model training, and we do not sell or trade your information to third parties. Anonymous app-usage analytics, described in Sections 1 and 5, are kept entirely separate from the records you enter and are not linked to your identity.

4. Device Permissions

The app may request access to the following device features. Each is used only for the stated purpose, and the captured data never leaves your device unless explicitly noted:

• Camera — to photograph a receipt or payment slip on the Expense or Payment edit pages. The image is processed entirely on your device by Apple Vision (on iOS) or Google ML Kit (on Android), and only the extracted text is kept. The photo itself is discarded after recognition and is never uploaded, never saved to your camera roll, and never stored on our infrastructure.
• Photo Library — to read an existing receipt or logo image you select from your library. Same handling as above: on-device only, never uploaded.
• Mail / Share Sheet — to attach a generated PDF to an outgoing email or hand it off to another app of your choice.
• Network — to sign you in and to read and write your own records to your private cloud database.

SaBooks does not request access to your contacts, location, microphone, health data, or any tracking identifiers.

5. Anonymous Analytics

SaBooks uses Firebase Analytics (operated by Google) to understand how the app is being used while it is in open beta. Analytics events are keyed to an anonymous app-install identifier — the same identifier the operating system would assign for any app on your device — and are not linked to your name, email, or any record you have entered.

The events SaBooks reports are limited to:

• first_open, app_open, session_start, screen_view — standard mobile-app activity, fired automatically by the Firebase SDK.
• sign_up — fired the first time a new account is created, with the sign-in provider (Google, Apple, or email/password) as the only parameter.
• login — fired on each subsequent sign-in, with the sign-in provider as the only parameter.
• sign_out — fired when you sign out of the app.
• account_deleted — fired when you delete your account through the Danger Zone.

No event ever carries your email, name, business data, or any record you have entered. Firebase Analytics also automatically attaches general information about your device (operating system, model, app version, country-level location, language). It does not access your IDFA, your contacts, your photos, or any cross-app tracking identifier, and SaBooks does not use Apple's App Tracking Transparency framework.

Application crashes and uncaught JavaScript errors are reported to Firebase Crashlytics. Each report contains a stack trace, device model, operating system, and app version. Error messages are sanitised on-device to remove email-pattern substrings before they are sent. The Crashlytics SDK is not given a user ID, so reports cannot be linked back to a specific account.

If you choose to email us for support, only the information you voluntarily include in that email (such as a screenshot or device model) is shared with us beyond what is described above.

6. Third-Party Services

SaBooks uses the following third-party services to operate. Their handling of data is governed by their own privacy policies:

• Google Firebase Authentication and Cloud Firestore — provides sign-in and per-user encrypted database storage. See Firebase Privacy and the Google Privacy Policy.
• Firebase Analytics (Google) — anonymous app-usage statistics as described in Section 5.
• Firebase Crashlytics (Google) — anonymous crash and error reports as described in Section 5.
• Google Sign-In and Sign in with Apple — used to authenticate your account when you choose either provider.

SaBooks does not embed advertising SDKs, ad-targeting libraries, cross-app tracking SDKs, or third-party data brokers of any kind.

7. Data Retention and Backups

Your records remain in your private Firestore database for as long as your account exists. You may edit or delete any individual client, project, proposal, invoice, payment, or expense from within the app at any time.

The developers periodically take ad-hoc backups of the Firestore database for disaster-recovery purposes only. These backups are not on a guaranteed schedule, are not provided as a service, and we make no commitment to their availability or retention. You are responsible for exporting or otherwise preserving any data you consider critical. See the Terms & Conditions for the full disclaimer.

8. Account Deletion

You can request deletion of your SaBooks account and all associated data at any time. Open the app, go to Account → Danger Zone and type DELETE to confirm — this immediately removes every record under your account. Alternatively, email michalsabo9@gmail.com from the address associated with your account and we will remove your authentication record and any remaining data within 30 days.

9. Children's Privacy

SaBooks is intended for business and freelance use by adults. The app is not directed at children under the age of 13, and we do not knowingly collect information from children. If you believe a child has provided information through the app, please contact us so the relevant account can be removed.

10. Security

Communication between the app and Firebase is encrypted in transit using TLS. Data is stored in Google Cloud and is protected by Firestore security rules that restrict each record to the authenticated user that owns it. While no system is perfectly secure, we use industry-standard practices to protect your information.

11. Your Rights

Depending on your jurisdiction (including the EU/UK under GDPR and California under CCPA), you may have the right to access, correct, export, or delete the personal information associated with your account. You can exercise most of these rights directly within the app, or by contacting us using the email below.

12. International Users

If you use SaBooks from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where Google Firebase operates.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective Date” at the top of this page. Continued use of the app after a change indicates your acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us at michalsabo9@gmail.com.