Back to Home

Data Processing Agreement (DPA)

Effective Date: July 15, 2025

1. Parties

This Data Processing Agreement ("DPA") is entered into between:

• Data Controller: The User of Actual Budget Savings Tracker ("User", "You")
• Data Processor: DevOrbitLabs / Halim Öztürk ("We", "Us", "Developer")

2. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation performed on Personal Data
• "Data Subject" means the individual to whom Personal Data relates
• "CloudKit" means Apple's cloud storage service

3. Scope and Purpose

This DPA applies to all Personal Data processed through the Actual Budget Savings Tracker app. The primary purpose of processing is to provide personal finance management services to Users.

4. Data Processing Architecture

Important: Actual Budget Savings Tracker uses a unique privacy-first architecture:

• All user data is stored directly in the User's private iCloud container
• We do not have access to, collect, or process any user data
• Apple acts as the infrastructure provider via CloudKit
• Data never passes through our servers

5. Categories of Data

The following data categories may be stored in your iCloud container:

6. Data Security Measures

Technical Measures:

• End-to-end encryption via Apple's CloudKit
• Data encrypted at rest and in transit
• Authentication via Apple ID
• No data stored on our servers

Organizational Measures:

• No employee access to user data
• Privacy-by-design architecture
• Regular security updates

7. Sub-processors

We use the following sub-processors:

8. Data Subject Rights

Users have the following rights, exercisable through iCloud settings:

• Access: View all data in the app or iCloud
• Rectification: Edit any data within the app
• Erasure: Delete data via app or iCloud settings
• Portability: Export data through iCloud
• Restriction: Disable sync or delete app

9. International Data Transfers

Since all data is stored in your iCloud account, data location is determined by Apple's data center locations for your iCloud account. We do not control or influence data location.

10. Data Retention

• Data is retained as long as you maintain it in your iCloud account
• Deleting the app does not delete iCloud data
• You can delete all data through iCloud settings
• We have no access to delete your data

11. Data Breach Procedures

In the unlikely event of a security issue:

• We will notify affected users within 72 hours
• Notification will include nature of breach and recommended actions
• Since we don't store data, breaches would be limited to app integrity

12. Compliance

This DPA ensures compliance with:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Turkish Personal Data Protection Law (KVKK)
• Other applicable data protection laws

13. Audit Rights

Users can verify our data practices by:

• Reviewing app permissions in iOS Settings
• Checking iCloud data storage
• Monitoring network activity (no external data transmission)

14. Termination

Upon termination:

• Stop using the app
• Your data remains in your iCloud
• Delete iCloud data if desired
• We cannot access or delete your data

15. Liability

Our liability is limited as we do not process or have access to personal data. Users are responsible for their own data management through iCloud.

16. Amendments

We may update this DPA to reflect changes in data protection laws or our practices. Significant changes will be communicated through the app.

17. Governing Law

This DPA is governed by the laws of the United States and applicable international data protection regulations.

18. Contact Information

19. User Acknowledgment

By using Actual Budget Savings Tracker, you acknowledge that:

• You are the data controller for your personal data
• All data is stored in your iCloud account
• We do not access or process your personal data
• You are responsible for managing your data through iCloud