Privacy Policy

Last updated: 2 July 2026

Who is responsible for your data

The data controller for VotaWallet — the votawallet.app website, the my.votawallet.app web application and the VotaWallet Telegram bot — is Denis Lipatov, a private individual residing in the Republic of Serbia.

For anything related to your personal data, write to [email protected].

What we collect

  • Account data: name (optional), email address and password (stored only as a secure hash). If you sign in through Telegram: your Telegram ID, first and last name, and username. If you skip email during Telegram sign-up, a technical placeholder address is created for your account.
  • Settings: language, timezone, currencies, interface and notification preferences.
  • Financial records you create: accounts, transactions and their notes, itemized purchases, categories, budgets, tags, custom store names and payment habits.
  • Fiscal receipt data: when you scan a receipt QR code or send a receipt photo to the bot, we retrieve the official receipt record (store, items, prices, VAT, payment method) from the Serbian Tax Administration portal (suf.purs.gov.rs) using the link encoded in the QR code. Receipt photos you upload or send to the bot are stored with your account.
  • Family sharing data: your family's name, member names or labels you add, and email addresses you invite. An invited address is stored even if that person never registers.
  • Support data: if you send feedback from the app, we receive your message, the page you were on, browser information, recent technical console entries and a screenshot if you attach one.
  • Technical data: IP addresses and browser details in server, session and error logs.

What we do not do

  • No advertising or analytics trackers — neither on the website nor in the app.
  • No selling or sharing of your data for marketing. Ever.
  • No card or payment processing inside the app — donations run through external platforms (Boosty or direct crypto transfers).
  • No geolocation tracking.

Why we process it

  • To provide the service you signed up for: storing and displaying your finances, parsing receipts, suggesting categories, family sharing (performance of a contract).
  • To keep the service secure and fix errors: sessions, technical logs, error monitoring (legitimate interest).
  • To send notifications you have enabled in settings (consent — you can withdraw it at any time in settings).
  • To honor donor perks and promo codes you redeem (performance of a contract).

Providing an email address or a Telegram account is a contractual requirement — without one we cannot create or maintain your account. Everything else (name, receipts, notes, family data) you provide voluntarily; the related features simply will not work without it.

Where your data lives

Production data — the database, uploaded files and backups — is stored on Google Cloud in Frankfurt, Germany (EU). Germany and the EU are recognized as providing an adequate level of data protection under the Serbian Government's adequacy decision (Official Gazette of RS 55/2019), so this transfer is lawful without additional safeguards.

The marketing website is delivered through the Cloudflare CDN. Messages you exchange with the bot pass through Telegram's infrastructure.

If you sign in or chat through Telegram, your messages are processed on Telegram's servers, which may be located in countries without a Serbian adequacy decision — that transfer happens at your request and is necessary to provide the Telegram features you use. Cloudflare may process technical connection data (such as your IP address) on servers worldwide, subject to its contractual data-protection safeguards.

Who receives data

  • Google Cloud — hosting, database, file storage, backups and technical logs.
  • Cloudflare — content delivery for the marketing website only.
  • Telegram — sign-in via Telegram, bot conversations (including receipt photos you choose to send in chat) and service notifications you have enabled, such as password-reset links. Technical error alerts delivered to the operator via Telegram may include your account identifier.
  • Serbian Tax Administration portal (suf.purs.gov.rs) — we fetch the official receipt record using the link from the QR code; no personal identifiers are attached to that request.
  • Product databases (Open Food Facts and similar) — only product names and barcodes from receipts are used as search queries to enrich product data; your identity is never attached.
  • Exchange-rate services — currency codes only, no personal data.

Family sharing — what others can see

Records you share with a family — shared accounts, categories and transactions — are visible to and editable by every member of that family. If shared analytics is enabled, aggregate statistics include family data too. Only join a family with people you are comfortable sharing your finances with.

Cookies and local storage

We use only what is strictly necessary to run the service — which is why there is no cookie banner:

  • Session cookies in the app (laravel-session, XSRF-TOKEN) — sign-in and security; they expire after about two hours of inactivity.
  • Browser localStorage: your theme choice on the website and your sign-in token in the app.
  • No tracking, advertising or analytics cookies of any kind. If that ever changes, we will ask for your consent first.

How long we keep data

Your data stays in your account until you remove it. In the app you can wipe your financial records (accounts, transactions, receipts) yourself; uploaded receipt photos and support attachments are removed when your account is deleted. Deleted records also disappear from database backups within 14 days.

To delete your account entirely, write to [email protected] — we will remove your account data within 30 days.

Technical logs and error records are kept only as long as needed for security and diagnostics.

Your rights

Under the Serbian Personal Data Protection Act (ZZPL) you have the right to:

  • access your data and receive a copy of it;
  • receive the data you provided in a structured, machine-readable format (portability);
  • correct inaccurate data;
  • have your data deleted;
  • restrict or object to processing;
  • withdraw consent at any time, without affecting prior processing.

To exercise any of these, email [email protected].

You also have the right to lodge a complaint with the Serbian supervisory authority: Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti, Bulevar kralja Aleksandra 15, Belgrade — poverenik.rs.

Security

All traffic is encrypted (TLS). Passwords are stored only as bcrypt hashes. Access to production systems is restricted, and secrets are kept in a managed vault.

Children

VotaWallet is not directed at children under 15, and we do not knowingly collect their data.

Changes to this policy

We will post any changes on this page and update the date above. Significant changes will be announced in the app or the Telegram channel.