MassroufakTerms & Conditions →

Privacy Policy

Last updated: March 23, 2026

1. Who We Are

Massroufak ("we", "our", "us") is a personal finance management application that helps individuals and households track expenses, split costs, and manage building charges. We are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR) and applicable privacy laws.

For any privacy-related enquiries, contact us at hello@massroufak.com.

2. Data We Collect

We collect the following categories of personal data:

Account data

Email address, display name, profile photo (if uploaded), preferred language, default currency, and subscription tier.

Financial data

Transaction records you create (amounts, descriptions, categories, dates, notes), wallet and project names, budget settings, and balance information. This data is entered entirely by you.

Split & group data

Split group names, member lists, shared expense records, and settlement history.

Building management data

Building names, apartment information, charge records, and payment history — only if you use the Building feature.

WhatsApp integration data

Your phone number and the content of messages you send to our WhatsApp bot, solely to parse and create transactions on your behalf — only if you enable this feature.

Technical data

Device push notification tokens (if you enable push notifications), browser session data, and authentication tokens.

3. Legal Basis for Processing

Under GDPR, we rely on the following legal bases:

  • Contract performance — to provide the service you signed up for (account management, transaction storage, split tracking).
  • Legitimate interest — to maintain security, prevent fraud, and improve app performance.
  • Consent — for optional features such as push notifications and WhatsApp integration. You can withdraw consent at any time in Settings.

4. How We Use Your Data

  • To create and manage your account.
  • To store, display, and analyse your financial transactions.
  • To facilitate expense splitting with other users you invite.
  • To send push notifications about your financial activity (with your consent).
  • To process WhatsApp messages and create transactions on your behalf (with your consent).
  • To manage your subscription and billing.
  • To respond to support requests.

We never sell your data to third parties or use it for advertising purposes.

5. Third-Party Services

We use the following sub-processors to deliver our service:

Supabase

Our database, authentication, and file storage provider. Your data is stored on Supabase-managed PostgreSQL databases. Supabase is GDPR-compliant and processes data under a Data Processing Agreement (DPA).

WhatsApp Business API

Used only if you choose to connect WhatsApp. Messages sent to our bot are processed to extract transaction data. We do not store raw message content beyond the moment of parsing.

Web Push (browser-native)

Device tokens are stored to deliver push notifications. No third-party marketing platform is used.

6. Data Storage & Security

Your data is stored on secure, encrypted servers managed by Supabase. We implement row-level security (RLS) so that each user can only access their own data. Profile photos are stored in access-controlled cloud storage.

Passwords are never stored in plain text — authentication is handled via Supabase Auth using industry-standard hashing. We enforce HTTPS for all data in transit.

7. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, your profile and all associated data (transactions, split groups, building records) are permanently deleted within 30 days.

WhatsApp session data is deleted immediately upon unlinking. Push notification tokens are removed when you disable notifications or delete your account.

8. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of access — request a copy of all personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data via Settings → Profile.
  • Right to erasure — delete your account and all data via Settings → Account.
  • Right to data portability — request your data in a machine-readable format.
  • Right to object — object to processing based on legitimate interest.
  • Right to restrict processing — request we limit how we use your data.
  • Right to withdraw consent — disable WhatsApp or push notifications at any time in Settings.

To exercise any of these rights, contact us at hello@massroufak.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority (e.g., CNIL in France, ICO in the UK).

9. Children's Privacy

Massroufak is not intended for children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us immediately at hello@massroufak.com.

10. Cookies & Local Storage

We use browser session cookies strictly necessary for authentication (managed by Supabase Auth). We do not use advertising cookies, tracking pixels, or third-party analytics. We use localStorage to store UI preferences (e.g., sidebar state) — this data never leaves your device.

11. International Data Transfers

Supabase may store data on servers in the United States or European Union. Where data is transferred outside the EEA, Supabase ensures adequate protection through Standard Contractual Clauses (SCCs) as approved by the European Commission.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or in-app notification. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Massroufak after changes constitutes acceptance of the updated policy.

13. Contact Us

For any privacy questions or data requests, please contact us at:

Massroufak

Email: hello@massroufak.com

Terms & ConditionsBack to app