Privacy Policy

Last updated: July 20, 2025

1. Introduction

Summitt ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your financial data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our financial dashboard service.

We are committed to complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws. By using Summitt, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Personal Information

  • Account Information: Email address, name, and profile picture from Google authentication
  • Financial Data: Transaction amounts, descriptions, categories, and dates
  • Usage Data: How you interact with our service, features used, and preferences
  • Technical Data: IP address, browser type, device information, and usage analytics

2.2 How We Collect Information

  • Direct Input: Information you provide when using our service
  • Google Authentication: Account information from Google Sign-In
  • Google Sheets Integration: Financial data stored in your Google Sheets
  • Automated Collection: Usage analytics and technical data

3. How We Use Your Information

We use your information for the following purposes:

  • Service Provision: To provide and maintain our financial dashboard service
  • Authentication: To verify your identity and secure your account
  • Data Processing: To categorize transactions and generate insights
  • Analytics: To improve our service and user experience
  • Communication: To send important updates and notifications
  • Legal Compliance: To comply with applicable laws and regulations

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on the following legal grounds:

  • Consent: You have given clear consent for us to process your personal data
  • Contract: Processing is necessary to provide our service to you
  • Legitimate Interest: Processing is necessary for our legitimate interests in improving our service
  • Legal Obligation: Processing is necessary to comply with legal requirements

5. Data Storage and Security

5.1 Data Storage

  • Google Sheets: Your financial data is stored in your own Google Sheets account
  • Firebase: User authentication and account information
  • Vercel: Application hosting and temporary data processing

5.2 Security Measures

  • Encryption of data in transit and at rest
  • Secure authentication through Google OAuth
  • Regular security audits and updates
  • Access controls and authentication requirements
  • Data backup and disaster recovery procedures

6. Data Sharing and Third Parties

We may share your information with the following third parties:

6.1 Service Providers

  • Google: Authentication and Google Sheets integration
  • Firebase: User management and authentication services
  • Vercel: Application hosting and deployment
  • Analytics Services: Usage analytics and performance monitoring

6.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

7. Your GDPR Rights

Under GDPR, you have the following rights:

Right to Access

Request a copy of your personal data

Right to Rectification

Correct inaccurate personal data

Right to Erasure

Request deletion of your personal data

Right to Portability

Receive your data in a portable format

Right to Restrict Processing

Limit how we process your data

Right to Object

Object to processing of your data

To exercise these rights, please contact us at privacy@summitt.app

8. Data Retention

We retain your data for the following periods:

  • Account Data: Retained while your account is active
  • Financial Data: Stored in your Google Sheets (you control retention)
  • Usage Analytics: Retained for up to 2 years for service improvement
  • Legal Requirements: Retained as required by applicable laws

9. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place through:

  • Adequacy decisions by the European Commission
  • Standard contractual clauses
  • Certification schemes
  • Other appropriate safeguards

10. Cookies and Tracking

We use cookies and similar technologies to enhance your experience:

  • Essential Cookies: Required for basic functionality
  • Analytics Cookies: Help us understand usage patterns
  • Preference Cookies: Remember your settings and preferences

You can control cookie settings through your browser preferences.

11. Children's Privacy

Summitt is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected such information, please contact us immediately.

12. Data Breach Procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected users without undue delay
  • Document the breach and our response
  • Take steps to mitigate any adverse effects

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Displaying in-app notifications

14. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: privacy@summitt.app

Data Protection Officer: dpo@summitt.app

Address: [Your Business Address]

Supervisory Authority: [Your Local DPA]

15. Complaints

If you believe we have not addressed your concerns satisfactorily, you have the right to lodge a complaint with your local data protection authority.

← Back to Summitt