Skip to main content

Privacy Policy

Last updated: January 17, 2025

This Privacy Policy describes how StediPay ("the App", "we", "our") handles your information. StediPay is developed by an independent developer.

Summary

StediPay is a local-first, privacy-focused expense tracking application. Your data is stored on your device and is never shared with third parties for advertising or analytics purposes. We do not track you, and we do not collect telemetry.

Information We Collect

Data You Provide

When you use StediPay, the following data is stored locally on your device:

  • Bill information: names, amounts, currencies, payment frequencies, due dates
  • Payment history: dates, amounts paid, notes
  • Categories: names and icons for organizing bills
  • Settings: preferred currency, theme, language, notification preferences
  • Attachments: documents or images you attach to bills (stored locally)

Optional Features

Google Calendar Integration

If you choose to sync bills with Google Calendar:

  • We request access to your Google Calendar via Google OAuth
  • We store OAuth tokens locally on your device
  • Bill information (name, amount, date, category) is sent to Google Calendar API
  • You can revoke access at any time in the App settings or your Google Account

Cloud Sync

If you enable cloud sync:

  • Your data is end-to-end encrypted using AES-256-GCM before leaving your device
  • Encrypted data is stored on DigitalOcean Spaces (S3-compatible storage)
  • Your passphrase never leaves your device
  • We cannot read your data — only you can decrypt it
  • You can delete all cloud data at any time from the App settings

Information We Do NOT Collect

  • Personal identification (name, email, phone number)
  • IP addresses
  • Location data
  • Usage analytics or telemetry
  • Crash reports
  • Advertising identifiers
  • Cookies or tracking pixels

Data Storage

Local Storage

All data is stored in a SQLite database on your device:

  • macOS: ~/Library/Application Support/com.vadymlutsyk.stedipay/
  • Windows: %APPDATA%\com.vadymlutsyk.stedipay\
  • Linux: ~/.config/com.vadymlutsyk.stedipay/

Cloud Storage (Optional)

If you enable cloud sync, encrypted data is stored on DigitalOcean Spaces servers. The data is encrypted on your device before upload — we have no way to decrypt it.

Third-Party Services

Service Purpose Data Shared
Google Calendar API Optional calendar sync Bill name, amount, date, category (only if you enable this feature)
DigitalOcean Spaces Optional encrypted backup Encrypted blob (unreadable without your passphrase)

We do not use any analytics, advertising, or tracking services.

Data Security

  • Encryption: Cloud sync uses AES-256-GCM encryption with keys derived from your passphrase using Argon2id and HKDF-SHA256
  • Local storage: Data is stored in a local SQLite database accessible only to the App
  • No accounts: No email/password accounts are required — cloud sync uses a passphrase you choose

Your Rights

You have full control over your data:

  • Access: All your data is stored locally and can be viewed in the App
  • Export: You can export your data at any time
  • Delete: You can delete all local data by uninstalling the App or clearing App data
  • Delete cloud data: If using cloud sync, you can delete all cloud data from Settings

Children's Privacy

StediPay is not intended for children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the "Last updated" date above.

Contact

If you have questions about this Privacy Policy, contact us at:

Email: [email protected]

StediPay is focused on privacy and user control.