Privacy Policy

Effective date: June 3, 2026

This Privacy Policy explains how Fenla ("Fenla", "we", "us", or "our") collects, uses, and shares information when you use the Fenla mobile application and related services (the "Service"). It also describes the rights and choices you have, including under the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

By using the Service, you agree to the practices described in this Policy. If you do not agree, please do not use the Service.

1. Who We Are

Fenla provides a bill-splitting and expense-tracking app that helps friends record and settle shared expenses. For data-protection purposes, Fenla is the controller of the personal information described in this Policy.

2. Information We Collect

Information you provide

• Account information: your email address, nickname, and password. Passwords are stored only in a hashed (irreversible) form — we never store your plain-text password.
• Profile information: an optional bio and avatar reference. (Fenla does not support avatar image uploads; a monogram is shown instead.)
• Expense data: bills you create or take part in, including titles, amounts, taxes, tips, items, split methods, and the participants involved.
• Friend connections: the friend requests you send and accept, and your list of friends.
• Payment records (payouts): records you create to indicate that a debt has been settled. These are records only — Fenla does not process or transfer actual money.
• Communications: information you provide when you contact us for support.

Information collected automatically

• Authentication tokens: when you log in, secure access and refresh tokens are stored locally on your device in the system Keychain. They are used to keep you signed in.
• Device and log data: limited technical information such as app version, device type, and diagnostic or error logs, used to operate and improve the Service and to keep it secure.

Information we do not collect

Because Fenla does not move money, we do not collect payment card numbers, bank account details, or other financial-account credentials.

3. How We Use Information

We use the information we collect to:

• Provide, maintain, and operate the Service, including creating your account and authenticating you.
• Calculate and display balances between you and your friends, and record payouts.
• Enable friend connections and the sharing of bills with the people involved.
• Respond to your support requests and communicate with you about the Service.
• Monitor, secure, troubleshoot, and improve the Service.
• Comply with legal obligations and enforce our Terms of Service.

4. Legal Bases for Processing (GDPR)

If you are in the EEA or the UK, we process your personal information on the following legal bases:

• Performance of a contract — to provide the Service you have signed up for, such as managing your account, bills, balances, and payouts.
• Legitimate interests — to secure, troubleshoot, and improve the Service, and to prevent fraud and abuse, balanced against your rights.
• Consent — where we ask for it, such as for optional features. You may withdraw consent at any time.
• Legal obligation — where we must process information to comply with the law.

5. How We Share Information

We share personal information only as described below. We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

• With other users: When you interact with friends, certain information is shared with them. For example, your friends can see your nickname, the bills you share with them, the balances between you, and payouts you are part of.
• With service providers: We use third-party infrastructure providers (such as hosting) that process information on our behalf and are bound to protect it.
• For legal and safety reasons: We may disclose information if required by law, or to protect the rights, safety, and security of Fenla, our users, or the public.
• Business transfers: If Fenla is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this Policy.

6. Data Retention

We keep your personal information for as long as your account is active or as needed to provide the Service. Some information may be retained longer where necessary to comply with legal obligations, resolve disputes, or enforce our agreements. When information is no longer needed, we take reasonable steps to delete or anonymize it.

Note that expense data and balances may be retained where they are part of a shared record with another user.

7. Data Security

We use reasonable technical and organizational measures to protect your information, including encryption of data in transit, hashed password storage, and storing authentication tokens in your device's secure Keychain. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Your Rights and Choices

If you are in the EEA or the UK (GDPR)

You have the right to:

• Access the personal information we hold about you.
• Rectify information that is inaccurate or incomplete.
• Erase your information ("right to be forgotten") in certain circumstances.
• Restrict or object to certain processing.
• Portability — receive your information in a portable format.
• Withdraw consent where processing is based on consent.
• Lodge a complaint with your local data-protection supervisory authority.

If you are a California resident (CCPA/CPRA)

You have the right to:

• Know what personal information we collect, use, and disclose.
• Delete the personal information we hold about you, subject to exceptions.
• Correct inaccurate personal information.
• Opt out of the sale or sharing of personal information — note that we do not sell or share your personal information.
• Non-discrimination — we will not discriminate against you for exercising your rights.

How to exercise your rights

To make a request, contact us at the email address below. We will respond as required by applicable law. We may need to verify your identity before acting on your request.

9. International Data Transfers

We may process and store information in countries other than the one in which you live. Where we transfer personal information across borders, we take steps to ensure it is protected in accordance with applicable law, such as using appropriate safeguards.

10. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. In the EEA and the UK, the Service is not intended for anyone under 16 without the consent of a parent or guardian where required. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Third-Party Links and Services

The Service may rely on or link to third-party services. This Policy does not apply to those services, and we are not responsible for their privacy practices. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify you, such as by posting the updated Policy in the app. Changes are effective when posted unless stated otherwise. Your continued use of the Service after changes take effect means you accept the updated Policy.

13. Contact Us

If you have questions about this Privacy Policy or how we handle your information, contact us at:

Email: fenla@kozylab.org