529 TRACKER PRIVACY POLICY

Last Updated: November 8, 2025

Version 1.0

Our Privacy Commitment

We are committed to protecting your personal and financial information. 529 Tracker securely stores your data using Google Firebase, employs industry-standard encryption, and never sells your information.

What We Collect and Why

1 • Financial Information

  • Your expense and reimbursement entries, 529-eligible spending records, and related amounts.

  • Used only to generate reports, sync data across your devices, and calculate COA caps and compliance totals.

  • No banking, card, or account-number information is stored.

2 • User Content

  • Receipt images or photos you choose to upload.

  • Stored in Firebase Storage to let you organize and retrieve receipts for tax documentation.

  • Administrative access is used only when necessary to:

  • Provide direct support at your request

  • Diagnose and fix technical problems

  • Investigate suspected abuse, fraud, or security issues

  • Comply with valid legal requests or obligations

  • We do not routinely review or analyze individual user data, and we never sell, share, or use this content for marketing or advertising. Console access is restricted to a minimal number of authorized personnel, protected by multi-factor authentication, and governed by strict internal confidentiality controls.

3 • Identifiers

  • A randomly generated Firebase User ID and anonymous Device ID.

  • Each entry stored in Firestore is linked to your unique Firebase User ID to ensure that only you can access your own records.

  • These identifiers are used solely for authentication, syncing, and data protection — never for marketing, profiling, or advertising.

4 • Contact Information

  • Email address and name (if entered).

  • Used for authentication, subscription management, and customer support.

  • The name field may also be used within the app to label student profiles, personalize exports and reports for tax preparation, and help users differentiate between multiple students or accounts.

  • This information is never sold, shared, or used for marketing or advertising purposes.

5 • How We Protect Your Data

  • Encryption in Transit: All communication uses HTTPS (TLS 1.2+).

  • Encryption at Rest: Firebase encrypts data with AES-256.

  • Authentication: Secure sign-in via Firebase Auth; passwords are never visible to us.

  • Access Controls: Only you (and authorized family-sharing users) can view your records.

6 • How We Use Your Data

  • Provide core features such as syncing, exporting, and report generation.

  • Process your subscription through Apple’s StoreKit.

  • Maintain anonymized logs for error detection and performance analytics.
    We do not use your data for advertising, profiling, or resale.

7 • Data Access and Administrative Visibility

  • Receipt images and financial entries you upload are securely stored in Google Firebase. While these files are private to your account inside the app, authorized administrators of Charlie Mike Studios (the operator of 529 Tracker) can technically access stored data through the Firebase Console.

  • Administrative access is used only when necessary to:

  • Provide direct support at your request

  • Diagnose and fix technical problems

  • Investigate suspected abuse, fraud, or security issues

  • Comply with valid legal requests or obligations

  • We do not routinely review or analyze individual user data, and we never sell, share, or use this content for marketing or advertising. Console access is restricted to a minimal number of authorized personnel, protected by multi-factor authentication, and governed by strict internal confidentiality controls.

8 • Data Retention

  • Active accounts: kept while your account remains active.

  • Deleted accounts: all personal data and receipts are permanently erased.

  • Minimal pseudonymized compliance records (hashed ID + timestamp + policy version) are retained for legal confirmation only.

9 • Third-Party Services

We rely on:

  • Firebase (Google Cloud) for authentication, storage, and sync.

  • Apple StoreKit for subscription purchases.
    These services follow their own published privacy policies and industry certifications (SOC 2 Type II, ISO 27001).
    No other third parties receive or process your data.

10 • Your Rights & Choices

  • Export reports (PDF or CSV) anytime.

  • Delete your account and all data.

  • Contact support for questions or assistance.

11 • Transparency Promise

Your information is used only to operate and improve 529 Tracker.
We will promptly notify users of any material policy changes.

Contact

Questions about privacy or security: support@charliemikestudios.com

_______________

529 Tracker - Privacy Policy © 2025 All Rights Reserved

Version 1.0