Privacy Policy

The company MoneyTracky (referred to as the “Company” in this document) defines and presents the privacy policy, which protects and maintains the confidentiality of the personal data of users who use the 'personalfinan' application on mobile devices in order to resolve any complaint or claim. The terms defined in this document comply with:

• Colombian Habeas Data legislation (Law 1581 of 2012).
• United States of America legislation.....

By downloading and using the 'personalfinan' application, the user acknowledges that they know and accept the terms of this Privacy Policy document, which is defined according to the following articles:

1. Purposes of Using Personal Information

The “Company” collects and uses personal information for the following purposes:

1.1 Membership registration and management: confirmation of the intention to use or subscribe to the application's membership according to the license type, delivery of contract/invoice, identification/authentication, membership maintenance and management, identity verification (identification/authentication), invoice settlement, debt or outstanding balance collection, prevention of illegal use of services, sending of various notices, among others.

1.2 Consumer complaint management: identification of the interested party, confirmation of complaints, contact/notification for investigation and notification of processing results.

1.3 Marketing and Advertising: provision of personalized ads, opportunities to participate in online events, statistics on the use of services by interested parties, etc.

1.4 Improvement of existing services and development of new and personalized services.

2. Processed Personal Information Data

The “Company” collects and processes:

2.1 The Google® Gmail® account email entered by the user, and through it, obtains the user's name, once they grant the respective permissions upon entering the application for the first time. Therefore, if required, you must update your data in your Gmail® account.

2.2 When making a payment for a service, the following information is collected:

1. Credit Card Payments: name, card number, and issuing company.
2. Payments with a cell phone number: phone number and mobile operator.
3. History of payments made with the description of the acquired license and its validity period.

2.3 With the use of the application, the following information is stored:

• User's country of residence.
• Language.
• URL value (internet address https://…) of the folder in the User's Google Drive® environment, clarifying that only the application installed on the User's mobile device has access to the subfolders to upload the corresponding files. The value of this URL is stored only as evidence that the user has entered the application and created this folder, which is the critical requirement to be able to use the service and, if required, to provide timely support to the User.
• Sessions: entry and exit dates and times.
• Name (sequential) and type (printed or digital) of the processed document, with the corresponding number of input and output tokens, to track the use of Google® Gemini services.

2.4 Information collected automatically through information provided by the user, such as receiving text messages or application notifications, or the user's reconnection to the application.

2.5 For the management of consumer claims: collects and processes the necessary user information, among those mentioned above.

3. Retention Period and Use of Personal Information

3.1 The “Company” retains and uses the user's personal information as long as they use the services as a member. When the user requests to unsubscribe or the “Company” fulfills the purpose for which the personal information was collected and used, it will be deleted after a period of three months. However, if the “Company” terminates the service use contract according to the Terms of Use, the personal information will be retained for one year to prevent unauthorized registration and use of the service, and will be immediately deleted after the end of said period.

3.2 Notwithstanding the foregoing, the following information will be retained for the period specified for the following reasons:

• Personal information related to service use (activity logs): 3 months (Communications Secrecy Protection Act)
• Records of contract or subscription cancellation, etc., and records of payment and supply of goods: 5 years (Consumer Protection in Electronic Commerce Act, etc.)
• Records of consumer claim or dispute management: 3 years (Consumer Protection in Electronic Commerce Act, etc.)

4. Provision of personal information to third parties

4.1 The “Company” may provide personal information to third parties only with the consent of the data subject or when there are special provisions in the Personal Data Protection Act or other laws.

4.2 The “Company” may provide pseudonymized information to third parties, in which case it will comply with the Personal Data Protection Act.

5. Processing of personal data after outsourcing of services and international transfer

5.1 Users residing in Colombia: The "Company" may entrust the processing of your personal information to a third party (processor) to ensure the provision of the service. In such case, the contract with the third party will include clauses guaranteeing compliance with the Personal Data Protection Law of Colombia, prohibiting the processing of such personal information for purposes other than those provided for in the contract, the adoption of technical and administrative security measures, and the limitation of sub-processing. In the event that the User is located outside the national territory of Colombia and requests the use of the service, the "Company" may transfer or transmit their personal data to a third party located in a country that does not have adequate levels of personal data protection. In such case, the "Company" will obtain the prior, express, and informed consent of the User to carry out such transfer or transmission.

5.2 Users residing in the United States of America (CCPA/CPRA): If you are a resident of California, you have the following additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to Know and Access: You have the right to request that we inform you what personal information we collect, use, disclose, and sell.
• Right to Delete: You have the right to request the deletion of your personal information collected or maintained by us.
• Right to Correct: You have the right to request the correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: You have the right to opt-out of the sale or sharing of your personal information by the "Company" to third parties.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights under the CCPA/CPRA.

6. User Rights and Methods for Exercising Them

6.1 The user may at any time exercise their rights related to access, rectification, deletion, and proof of the authorization granted to the "Company" regarding the personal information it maintains.

6.2 The exercise of the aforementioned rights by the User may be done at any time through an email addressed to help@moneytracky.com. The "Company" will handle the request in accordance with the terms and procedures of the current legislation.

6.3 The exercise of the aforementioned rights may also be carried out by a proxy of the User, in which case the quality of such must be accredited by means of a power of attorney duly granted before a notary public or competent authority.

6.4 Rectification or deletion of personal information may not be requested when the User has a legal or contractual duty to remain in the "Company's" database.

6.5 The "Company" confirms whether the person who made the request related to personal information processing rights, such as the right of access, rectification, deletion, and revocation of consent, is the User themselves or their legal representative.

7. Procedures and methods of destruction of personal information

7.1 The "Company" will proceed to delete the User's personal information once it has fulfilled the purpose for which it was collected, or when the User requests its deletion.

7.2 If personal information must be retained in accordance with other laws or regulations, even after the retention period has expired or when the purpose of processing is fulfilled, the personal information will be kept separately from other personal information.

7.3 The procedures and methods of destruction are as follows:

• Destruction procedure: the personal information whose cause for destruction has occurred is selected and deleted under the supervision of the person responsible for personal information management at the "Company".
• Destruction method: personal information stored in the form of electronic files is permanently deleted using technical means that prevent its recovery.

9. Technical and Administrative Measures to guarantee the Security of personal information

• 9.1 Administrative measures: establishment and implementation of internal personal information management plans, periodic employee training, etc.
• 9.2 Technical measures: password encryption, installation of security programs, etc.

10. Protection of Children's Personal Data

Given that it is an essential requirement to have a Google® Gmail® account to use the service, this company already has a defined protocol and regulation to ensure that the User is over 13 years old, which is the equivalent minimum age established by applicable legislation. Therefore, the service does not require performing a second validation on the minimum age.

Children's Online Privacy Protection Act (COPPA): In compliance with the U.S. Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under 13 without verifiable parental consent. If we become aware that we have collected information from a child under 13 without verifiable parental consent, we will take the necessary measures to delete this information from our servers.

11. Personal Data Management Staff

The “Company” has designated the person responsible for the management of personal data and handling complaints related to such data. Their contact details are as follows:

Personal Data Manager:

• Name: Edgar Rodriguez
• Position: Director
• Email: help@moneytracky.com
• MoneyTracky

12. Modifications

In case of adding, deleting, or modifying the privacy policy in accordance with changes in security laws and regulations, notification will be given through the “Announcements” option of our website at least (7) days in advance. However, in case of significant changes, such as those relating to user rights or the purposes of personal information collection, notification will be given at least (30) days in advance.

This privacy policy will come into effect on January 2, 2026.