Privacy Policy
1. Data Protection at a Glance
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified.
⚠️ Important Notice
ExpensesCalc ExpensesCalc is a simple web application for calculating shared expenses on short trips and private outings. This application is not intended for professional or business use.
The application is intended exclusively for private purposes and is designed for use on short trips with friends or family. For professional accounting, tax purposes or business applications, appropriate professional software should be used.
We provide ExpensesCalc free of charge and “as is”. We do not guarantee error-free calculations, uninterrupted availability, or that your data will never be lost. You use the service at your own risk. To the extent permitted by law, we are not liable for damages from calculation mistakes, data loss, or disputes within your group.
This notice does not limit our statutory obligations under the GDPR (including liability for unlawful processing or negligence where the law applies).
Receipt photos may contain card numbers, addresses, or full names. Do not upload documents you are not allowed to share with everyone in the group. If you attach a receipt, cover or crop sensitive details (account/IBAN, address, personal names) when you can — or only upload the part that shows the shop and amount.
2. Data Controller
The controller within the meaning of Art. 4(7) GDPR is:
This natural person is legally responsible for ExpensesCalc and all decisions about how personal data is processed on this website, including as operator of an individual online service without a separate company entity.
Shoaib Sarwar
Germany, Hamburg
info@expensescalc.com
Phone: +49 173 5732949 · Imprint
3. Legal Bases (Art. 6 GDPR)
We process personal data only when a legal basis applies: (a) your consent (e.g. analytics/advertising cookies), (b) performance of a contract or pre-contractual steps (providing the expense calculator and your account), (c) legitimate interests (security, fraud prevention, improving the service), and (d) legal obligations (e.g. retaining server logs where required). You may withdraw consent at any time with effect for the future via the cookie settings link in the footer.
4. Data We Collect and Store
We collect data you provide (account registration, group names, member names and emails, expenses, optional receipt files) and limited technical data when you visit the site (browser, IP address, access time — see section 11). Application data is stored in our database on Hostinger solely to operate ExpensesCalc and is not sold to third parties.
Note: Important: Since this is a simple application for private purposes, you should not store sensitive or business-critical data in this application.
5. Browser Storage (localStorage)
The app stores a list of your joined groups (group ID, name, and PIN) in your browser's localStorage so you can reopen them quickly on this device. This data stays on your device until you remove a group from “My Groups” or clear site data in your browser. We do not use localStorage for advertising or cross-site tracking.
6. Receipt Uploads
You can optionally attach receipt photos or PDF files when adding an expense (JPG, PNG, or PDF, up to 5 MB per file). You may choose files from your device or take a photo with your camera. Uploading is voluntary and serves only to document shared costs within your group.
- Files are sent to our server and stored with the related expense in our database as Base64-encoded data inside a JSON field (not as separate files on disk).
- Only logged-in users who have joined the group with the group ID and PIN can view attached receipts. The PIN is also required to add or change expenses.
- If you use “Take photo”, your browser asks for camera access. We only use the camera when you start capture; no background recording.
- Receipts are deleted when the group is deleted or reaches its auto-delete date, together with the expense data.
- We do not use receipts to train AI, for marketing profiles, or for purposes unrelated to displaying them in your group.
Note: Receipts may show card numbers, addresses, or other personal details. Only upload documents you are allowed to share with everyone in the group. Do not upload business, medical, or other sensitive documents unless all members agree.
The Account page export does not include receipt files. To request copies (GDPR access or portability), email us via the imprint from your registered account email. Include the group ID and, if possible, which expense(s) you mean. We verify that you belong to that group, then provide the files within one month (usually as a ZIP or secure download link).
7. User Accounts
If you register, we store your name, email address, and a hashed password. Session cookies keep you logged in. You can export or delete your account on the Account page, or email us via the imprint.
8. Who Can See Group Data
Groups are private shared spaces: only logged-in members who joined with the group ID and PIN can view that group's member list, expenses, receipts, and activity history.
The group PIN is an access-control mechanism — it limits who can join or change data. It is not encryption and does not by itself constitute a technical security measure under the GDPR. Choose a PIN known only to your group.
Only add people if you agree they may see your name, email, and shared expense details. Do not share the group ID and PIN publicly.
9. Transactional Emails
We send service emails through the mail system of our hosting provider (Hostinger), using PHP mail() from an address such as noreply@expensescalc.com. We do not use these emails for marketing newsletters.
Emails may include: group created (group ID, PIN, delete date), password reset link, group delete or PIN change confirmation, member removal confirmation, and delete requests to the group creator. They contain only what is needed for that action (e.g. your name, group name, links with tokens).
Password-reset links use a random token stored as a hash in our database, valid for 1 hour and deleted after use or when you delete your account. We do not store the plain reset link.
Messages are sent from addresses on expensescalc.com. We configure SPF, DKIM, and DMARC on this domain through Hostinger to authenticate mail and improve deliverability.
10. Cookies, Consent & Google Services
Essential cookies: PHP session (login) and language preference (up to 1 year). Non-essential scripts (Google Analytics GA4, Google Tag Manager, Google AdSense) are loaded only after you consent via the cookie banner. You can change your choice anytime using “Cookie settings” in the footer. Rejecting non-essential cookies does not limit use of the calculator.
With your consent we load Google Analytics 4 (measurement ID G-3RYC2M9GW3) via Google Tag Manager and Google AdSense. Google may set cookies and process usage or advertising data on servers in the USA. IP anonymisation is enabled where supported. Google privacy policy: https://policies.google.com/privacy. You can change consent anytime via “Cookie settings” in the footer or opt out in your Google account.
11. Hosting, Server Logs & Technical Backups
This site is hosted by Hostinger. The host processes server log files (IP address, browser, time of request, referrer) on our behalf to deliver the site securely. Logs are not merged with other data unless required for security investigations.
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are: browser type and browser version, operating system used, referrer URL, hostname of the accessing computer, time of the server request, and IP address. This data is not combined with other data sources.
Hostinger creates routine technical backup copies of the server and database as part of standard disaster recovery. These are not a separate product feature and may temporarily still contain data you deleted from the live app until the backup cycle overwrites them. We do not actively restore individual deleted groups from backups; backups are used only in exceptional cases to recover the entire service after a major failure. Backup retention periods are set by Hostinger and are outside ExpensesCalc's direct control.
12. SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
13. Retention & Deletion
Each group has an auto-delete date (default: 30 days after creation). You can also delete a group manually (creator with PIN, confirmation email, or remove from “My Groups”).
When a group is deleted, we remove it and the related data described in section 4 from our live database without undue delay. ExpensesCalc does not keep a separate archive or in-app backup of deleted groups.
Technical backup copies at Hostinger may temporarily still contain deleted data until overwritten (section 11). They are used only for disaster recovery of the entire service, not for individual restore requests.
14. Data Security
We use technical and organizational security measures to protect your personal data against manipulation, loss, destruction, or access by unauthorized persons. Our security measures are continuously improved in line with technological developments.
15. Your GDPR Rights
If you are in the European Union, you have the rights under the GDPR: access, rectification, erasure, restriction of processing, data portability, and objection to processing based on legitimate interests.
Use the Account page (export or delete account), cookie settings in the footer, or email us via the imprint. For receipt files not included in export, email from your registered address with the group ID (see section 6). We respond within one month (Art. 12(3) GDPR); complex requests may take up to three months with notice.
16. Processors & International Transfers
We use processors who handle personal data on our behalf: Hostinger (web hosting, database, server logs, routine technical backups) and Google Ireland Limited / Google LLC (Google Analytics, Google Tag Manager, Google AdSense when you consent). They may use your data only to provide their services to us.
We have concluded Data Processing Agreements with all processors in accordance with Art. 28 GDPR (Hostinger via their standard hosting terms; Google via their commercial/data-processing terms when you consent to their services).
Google may process analytics and advertising data on servers in the United States. Transfers are based on the EU–US Data Privacy Framework and/or Standard Contractual Clauses (SCCs) as applicable. Google's data processing terms: https://business.safety.google/intl/en/privacy/
17. Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority. For users in Germany, the authority for Hamburg (where our operator is based) is: Der Hamburgische Beauftragte fĂĽr Datenschutz und Informationsfreiheit, Ludwig-Erhard-Str. 22, 20459 Hamburg, https://datenschutz-hamburg.de
18. Account Deletion
Logged-in users can delete their account on the Account page (enter your password to confirm) or by emailing info@expensescalc.com. We remove your user profile, memberships, and password-reset tokens. Expense groups you created may remain until their auto-delete date so other participants are not disrupted.
19. Changes to This Policy
We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy. The current privacy policy can be accessed at any time on this page.
Last updated: June 17, 2026
20. Contact
If you have questions about data protection, you can contact us via the imprint.