Privacy Policy
Last updated: January 2026
1. Introduction
EazyTrack ("we", "our", or "us") is committed to protecting your privacy. This Privacy
Policy explains how we collect, use, disclose, and safeguard your information when you use
our personal document management application. EazyTrack helps you centralize and automatically
classify all your personal documents including invoices, identity documents, housing papers,
health records, vehicle documents, work files, insurance policies, and more.
2. Information We Collect
2.1 Personal Information
- Email address and name (for account creation)
- Profile picture (optional)
- Gmail account information (when you connect Gmail for document synchronization)
- Microsoft Outlook account information (when you connect Outlook for document synchronization)
2.2 Document Data
We collect and process various types of personal documents across 10 categories:
- Identity & Permits: ID cards, passports, driving licenses, permits
- Housing: Rental agreements, utility bills, property documents
- Taxes & Finance: Tax returns, bank statements, financial documents
- Health: Medical records, prescriptions, health insurance documents
- Vehicles & Transport: Vehicle registration, insurance, maintenance records
- Work & Training: Employment contracts, diplomas, certificates
- Invoices & Quotes: Purchase invoices, quotes, receipts
- Insurance & Legal: Insurance policies, legal documents, contracts
- Travel: Boarding passes, hotel reservations, travel documents
- Other: Miscellaneous personal documents
For each document, we may extract:
- Document images and PDFs you upload or sync from email
- Extracted text and metadata (dates, names, reference numbers, amounts)
- AI-generated classifications and categories
2.3 Technical Information
- Device information (type, operating system)
- App usage analytics (features used, frequency)
- Error logs for debugging purposes
- Location data (when enabled for location-based features)
3. Legal Basis for Processing (GDPR)
We process your personal data based on the following legal grounds:
| Processing Activity |
Legal Basis |
| Account creation and authentication |
Contract performance |
| Document storage and organization |
Contract performance |
| AI-powered document classification |
Contract performance / Legitimate interest |
| Email synchronization (Gmail/Outlook) |
Explicit consent |
| Analytics and service improvement |
Legitimate interest |
| Payment processing |
Contract performance |
| Legal compliance and tax records |
Legal obligation |
4. How We Use Your Information
We use your information to:
- Provide and maintain our document management service
- Automatically extract and classify document data using AI technology
- Synchronize documents from your connected email accounts (Gmail, Outlook)
- Send notifications about document processing status
- Provide subscription and expense tracking features
- Improve our services and develop new features
- Comply with legal obligations
5. Email Integration
Gmail Integration: When you connect your Gmail account, we use read-only access
(gmail.readonly scope) exclusively to:
- Search for emails containing document attachments
- Download document attachments (PDFs and images)
- Extract sender information for document identification
We NEVER modify, delete, or send emails from your Gmail account.
Microsoft Outlook Integration: When you connect your Outlook account, we use
read-only access (Mail.Read scope) exclusively to:
- Search for emails containing document attachments
- Download document attachments (PDFs and images)
- Extract sender information for document identification
We NEVER modify, delete, or send emails from your Outlook account.
6. Data Storage and Security
Your data is stored securely using:
- Firebase Cloud Storage: For document files (encrypted at rest)
- Firestore Database: For document metadata and user data
- AES-256-GCM Encryption: For sensitive data including OAuth tokens
- Google Secret Manager: For secure storage of API credentials
- HTTPS/TLS: For all data transfers
- Regular security audits and updates
7. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA),
including the United States, where our cloud infrastructure providers (Google Cloud, Firebase)
operate data centers. These transfers are protected by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Google's compliance with the EU-U.S. Data Privacy Framework
- Additional technical safeguards including encryption
8. GDPR Compliance
In accordance with the General Data Protection Regulation (GDPR), you have the following
rights:
8.1 Your Rights
- Right to Access (Article 15): Request a copy of your personal data
- Right to Rectification (Article 16): Request correction of inaccurate data
-
Right to Erasure (Article 17): Request deletion of your data ("right to be forgotten")
-
Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
- Right to Object (Article 21): Object to certain types of processing
-
Right to Restrict Processing (Article 18): Request limited processing of your data
-
Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
You can exercise these rights directly through the app settings (Privacy section) or by contacting us.
8.2 Data Retention
We retain your data only as long as necessary to provide our services:
- Documents and invoices: 7 years (to comply with tax regulations)
- Account data: Until you delete your account
- Processing logs: 90 days
- Temporary files: 7 days
You can delete your data at any time through the app settings. Upon account deletion,
all your data is permanently removed within 30 days.
8.3 Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms,
we will notify you and the relevant supervisory authority within 72 hours of becoming aware
of the breach, as required by GDPR Article 33.
9. Third-Party Services
We use the following third-party services:
- Blackbox AI (Gemini 2.5 Flash, Sonar Pro): For AI-powered document classification and text extraction
- Google Vertex AI: Fallback AI service for document processing
- Firebase (Google): For authentication, storage, and database services
- Gmail API (Google): For email synchronization (with your explicit consent)
- Microsoft Graph API: For Outlook email synchronization (with your explicit consent)
- Stripe: For secure payment processing
- Brandfetch: For merchant logo retrieval
These services have their own privacy policies and data handling practices.
10. Data Sharing
We do NOT:
- Sell your personal information to third parties
- Share your document data with other users
- Use your data for advertising purposes
- Train AI models on your personal documents
We may share data only when:
- You explicitly consent to sharing
- Required by law or legal process
- Necessary to protect rights and safety
- With service providers who process data on our behalf (under strict data processing agreements)
11. Children's Privacy
Our service is not intended for children under 16. We do not knowingly collect data from
children under 16 years of age. If you believe we have collected data from a child under 16,
please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by
posting the new Privacy Policy on this page, updating the "Last updated" date, and sending you
an in-app notification or email where appropriate.
13. Contact Us