lg.01Updated 26 May 2026

Privacy

This policy covers the Chara hosted service operated by Dow Technology. If you self-host Chara on your own server, you are the data controller and this policy does not apply — you set your own.

0 · What this policy covers

This policy applies to the Chara hosted service operated by Dow Technology. If you connect the Chara app to a self-hosted server run by someone else, the operator of that server is the data controller for data stored on it; this policy does not cover that data. Your local device data (PIN, Face ID, cached avatars) is processed by your operating system on your device — Chara never sees it.

1 · Who we are

This service is operated by Dow Technology, a Swedish enskild firma owned by Lucas Dow, who acts as the data controller. We are not required to appoint a formal Data Protection Officer; privacy inquiries are handled directly by the data controller at privacy@dowtech.dev.

2 · What we collect

Stored against your account:

  • Email address — required to sign in.
  • Display name — shown to people in your groups.
  • Avatar URL — optional.
  • Phone number — optional; used so people can pay you back via Swish or a similar app. We do not send SMS.
  • Locale — your preferred language, defaulted from your device.

Stored against your groups and expenses:

  • Expense entries — amount, currency, date, description, payer, split, and group members.
  • Settlements — who paid whom and when.
  • Receipts — any photos or PDFs you choose to attach. If you opt in to receipt scanning, the image is sent to Google's Gemini API for text extraction; the extracted text is stored next to the receipt.
  • Activity log — for each group we record what changed so the group has a coherent history.

Stored for operations:

  • Push tokens — an opaque identifier from Expo, plus platform and last-used timestamp.
  • Magic-link tokens — one-time random tokens, hashed at rest, valid 15 minutes, deleted after use.
  • Request logs — IP, user agent, path, and status code. Retained for security monitoring and operational diagnostics.

Product analytics and diagnostics:

  • Pseudonymous product-interaction events via PostHog (host: eu.i.posthog.com, EU region). Pseudonymous user ID only; no IDFA, no cross-app tracking. Can be disabled in Settings → Privacy.
  • Crash diagnostics — stack traces, device model, OS version. Not linked to your identity.

We do not collect: your contacts, your location, advertising identifiers, or payment card data.

Sign in with Apple. If you sign in via Apple's Hide My Email, your relay address (*@privaterelay.appleid.com) is stored like any other email. You can revoke the link at any time via iOS Settings → Apple ID → Sign in with Apple → Chara.

Biometric data. Face ID, Touch ID, and the optional in-app PIN are processed entirely on your device by iOS or Android. Chara never sees them or transmits them. The PIN is stored hashed in the device's secure enclave.

3 · Why we collect it (lawful basis)

  • Contract (GDPR Art. 6(1)(b)) — to provide the service you signed up for.
  • Legitimate interest (Art. 6(1)(f)) — request logs for security, abuse prevention, and debugging.
  • Consent (Art. 6(1)(a)) — push notifications, product analytics, and the optional Gemini receipt-scanning feature.

Where processing is based on consent, you have the right to withdraw your consent at any time without penalty. You can do so in Settings → Privacy (analytics), Settings → Notifications (push), or by simply not using the receipt-scanning feature. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

4 · Who sees your data

The people you share groups with see the expenses in those groups. Outside that, we use these subprocessors:

SubprocessorPurposeRegion
Dow Technology private infrastructure (Stockholm, Sweden)Primary hosting, database, file storageSweden / EU
CloudflareDNS, edge, email routingUS / global
Brevo (Sendinblue SAS)Transactional email delivery (magic links)France / EU
Expo (EAS)Mobile app builds, push notification deliveryUS
PostHog Cloud EUProduct analyticsGermany / EU
Google (Gemini API)Optional receipt OCRUS
Apple Sign InOptional sign-inUS
Google Sign InOptional sign-inUS
European Central BankPublic FX rates (no PII sent)EU
Google FontsMarketing site fonts onlyUS

US transfers rely on Standard Contractual Clauses and the EU–US Data Privacy Framework where the recipient is certified. We do not sell, rent, license, or trade personal data.

The marketing website (getchara.lovable.app) loads Google Fonts and is hosted on Lovable; it does not run product analytics or advertising trackers.

5 · Where your data lives

Primary storage and backups are in the EU. Transfers to US-based processors rely on Standard Contractual Clauses with supplementary measures as required under EU law.

6 · How long we keep it

  • Active accounts: as long as the account exists.
  • Account deletion: on request to privacy@dowtech.dev or in-app (Profile → Delete Account). We action requests within 30 days; backups rotate out within 90 days.
  • Request logs: retained for security monitoring and operational diagnostics.
  • Billing records: not applicable while the service is free. Once paid plans launch, 7 years per Swedish accounting law.

7 · Your rights

Under GDPR you can access your data, correct it, export it, restrict processing, object, withdraw consent, and delete your account. Email privacy@dowtech.dev; we respond to verified requests within 30 days. You may also complain to your local supervisory authority — in Sweden, that's Integritetsskyddsmyndigheten (IMY).

You can delete your account from inside the app: Profile → Delete Account. All open balances on a server must be settled before deletion is allowed on that server.

Automated decision-making. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects. The optional receipt OCR feature extracts text from images you submit; it does not make decisions about you.

8 · Security

Transport is TLS, terminated at the network edge. Database and object storage volumes are encrypted at rest using industry-standard encryption. Access to production environments is restricted to authorized administrative personnel. Magic-link tokens are random and hashed at rest. See the security overview for the full picture.

9 · Children

Chara is not directed at children under 13. If you believe a child has signed up, contact us and we'll remove the account.

10 · California residents

If you are a California resident, you have the rights described in §7 (access, correction, portability, deletion, restriction, objection). We do not "sell" or "share" personal information as those terms are defined under the CCPA/CPRA. Contact privacy@dowtech.dev to exercise your rights.

11 · Changes

If we change this policy materially, we'll email active users and post a notice in-app. The "last updated" date above always reflects the current version.

Chara · Stockholm
CHARA