Plain English summary: TrackMyFees stores your account details and the tutoring data you enter (student names, phone numbers, fees, schedules). This data is stored on your device and optionally backed up to Firebase (Google Cloud, India region). We do not sell your data, show you ads, or share it with anyone except Google's infrastructure services.
1. Who We Are
TrackMyFees is a mobile application ("App") built for private tutors to manage student fee records, class schedules, and payment tracking. The App is developed and operated by an individual developer based in India.
Data Controller: Arnab Majumder
Contact: trackmyfees.app@gmail.com
This Privacy Policy applies to all users of the TrackMyFees Android application and this website.
2. Data We Collect
We only collect data that is necessary to provide the App's functionality. Here is a full list:
| Data | Example | Required? |
|---|---|---|
| Email address | you@example.com | Yes — for account login |
| Display name | Rajesh Kumar | Yes — shown in the app |
| Password | (hashed, never stored in plain text) | Yes — for authentication |
| Security PIN | 4-digit number (hashed) | Yes — for account recovery |
| Student names | Priya Sharma | Yes — core app function |
| Student phone numbers | +91 9876543210 | Optional — for WhatsApp/call |
| Fee records | Amount, date, status | Yes — core app function |
| Class schedules | Day, time, subject, batch | Yes — core app function |
| Subject / Batch labels | Maths, Grade 10 | Optional |
We do not collect: location data, device contacts, camera or microphone access, advertising identifiers, or any biometric data.
3. Why We Collect It (Legal Basis)
Under India's Digital Personal Data Protection Act, 2023 (DPDPA), we process your personal data for the following purposes:
- Account creation and authentication — email, name, password are needed so you can log in securely and your data is kept private from other users.
- Providing the core service — student records, fees, and schedules are the primary function of the App. Without this data the App cannot work.
- Cloud backup — if you enable cloud backup, your data is synced to Firebase so you can restore it on a new device.
- Account recovery — your security PIN (hashed) allows you to reset your password without contacting support.
We do not use your data for marketing, advertising, or analytics beyond basic crash reporting.
4. How Your Data Is Stored
Your data is stored in two places:
- On your device (local storage) — all App data is stored locally using AsyncStorage. The App works fully offline. No data leaves your device unless you enable cloud backup.
- Firebase / Google Cloud (cloud backup) — if you choose to enable cloud backup, your data is stored in Google Firebase Firestore and Firebase Authentication. Firebase stores data in the asia-south1 (Mumbai, India) region, keeping your data within India.
Passwords and PINs are hashed using a deterministic hash function before being stored anywhere — they are never stored in plain text.
5. Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. The only third party that processes your data is:
- Google Firebase (Firebase Authentication, Firestore) — used for account management and cloud backup. Governed by Google's Firebase Privacy Policy.
We may disclose data if required by Indian law or a valid court order. In such cases, we will notify you to the extent permitted by law.
6. Your Rights (DPDPA 2023)
As a data principal under the DPDPA, you have the following rights:
- Right to access — you can view all data stored in the App at any time.
- Right to correction — you can edit your profile and any student/payment record directly in the App.
- Right to erasure (deletion) — you can delete your account and all associated data from Settings → Danger Zone → Delete Account. This permanently removes your data from both the device and Firebase.
- Right to withdraw consent — you may stop using the App and delete your account at any time. Deleting your account constitutes withdrawal of consent.
- Right to grievance redressal — if you have a complaint about how your data is handled, contact us at trackmyfees.app@gmail.com. We will respond within 30 days.
7. Data Retention
Your data is retained for as long as your account is active. When you delete your account:
- All local data on your device is cleared immediately.
- Your Firebase Authentication account and Firestore profile document are deleted immediately.
- Any residual data in Firebase infrastructure may take up to 90 days to be fully purged from backups, in accordance with Google's data deletion policies.
If you simply uninstall the App without deleting your account, your data remains on Firebase until you delete the account or contact us to do so.
8. Children's Privacy
TrackMyFees is intended for use by adult private tutors (18 years and above). We do not knowingly collect personal data from children under the age of 18 as app users.
The App may store names and phone numbers of students who are minors — this data is entered by the tutor (an adult) for the sole purpose of fee management and is never shared with third parties.
9. Security
We take reasonable measures to protect your data:
- All communication with Firebase uses HTTPS/TLS encryption.
- Firebase Security Rules ensure each user can only access their own data.
- Passwords and PINs are stored as hashed values — never in plain text.
- The App works offline-first, minimising the amount of data transmitted over the network.
No system is 100% secure. If you believe your account has been compromised, contact us immediately at trackmyfees.app@gmail.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify you via the App.
Continued use of the App after changes constitutes acceptance of the updated policy.
11. Contact Us
For any questions, data requests, or complaints about this Privacy Policy:
TrackMyFees — Data Controller
Email: trackmyfees.app@gmail.com
We aim to respond to all privacy-related requests within 30 days.