cashlog.

Privacy Policy

Last updated: May 21, 2026

Cashlog is a time tracking and invoicing app for freelancers, available at cashlog.co and as a mobile app on iOS and Android. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data. By creating an account or using Cashlog, you agree to the practices described here.

1. Information we collect

Information you provide

  • Account information — your name, email address, and password, or your identity via Sign in with Apple or Sign in with Google
  • Profile photo — if you upload one (stored securely via Supabase Storage)
  • Business information — business name, address, VAT number, and invoicing preferences
  • Work data — clients, projects, time sessions, invoices, and reports you create
  • Payment information — handled entirely by Polar; we never see or store your card details

Information collected automatically

  • Push notification token — if you grant notification permission on the mobile app, we store your device push token to send you session reminders and other alerts
  • Technical data — IP address, browser or device type, and basic usage patterns, used to operate and improve the service

Information from third-party sign-in

If you use Sign in with Apple, Apple shares with us your name (if you choose to share it) and an email address (which may be a private relay address). We use this only to create and identify your account. If you use Sign in with Google, Google shares your name, email address, and profile photo. We do not receive your Apple or Google password.

2. Device permissions (mobile app)

The Cashlog mobile app may request the following permissions. All permissions are optional — you can use the app without granting them.

  • Photo Library — requested only when you choose to upload a profile photo. We access your photo library solely to let you select an image. Photos are uploaded to your account and stored securely; we do not scan or process your photo library.
  • Notifications — requested to send you optional alerts (for example, a reminder that a timer is running). You can disable notifications at any time in your device settings.

3. How we use your information

  • To create and manage your account
  • To provide the time tracking, invoicing, and reporting features of Cashlog
  • To sync your data across your devices in real time
  • To send transactional emails (account confirmation, password reset)
  • To send push notifications you have opted into
  • To process subscription payments via Polar
  • To respond to your support requests
  • To operate, maintain, and improve the service

We do not sell your data. We do not use your work data (clients, sessions, invoices) for advertising or share it with third parties beyond what is necessary to operate the service.

4. Third-party services

Cashlog uses the following third-party services to operate:

  • Supabase — database, authentication, and file storage (EU-hosted infrastructure)
  • Polar — subscription billing and payment processing
  • Vercel — web application hosting
  • Expo — mobile app infrastructure, including delivery of push notifications via Apple Push Notification Service (APNs) and Firebase Cloud Messaging (FCM)
  • Apple — optional Sign in with Apple authentication, and APNs for push notifications on iOS
  • Google — optional Sign in with Google authentication, and FCM for push notifications on Android

Each of these services operates under its own privacy policy. We share only the minimum data necessary for each service to function.

5. Data storage and security

Your data is stored securely using Supabase, hosted on infrastructure in the European Union. We use industry-standard encryption in transit (TLS) and at rest. Access to your data is restricted to authenticated requests only, enforced through row-level security policies. We do not store your payment card details — these are handled entirely by Polar.

6. Data retention

We retain your data for as long as your account is active. When you delete your account, your personal data and work data are deleted immediately and permanently. Subscription and payment records are retained by Polar according to their own policy. We do not retain your data for any minimum period beyond what is required to provide the service or comply with applicable law.

7. Your rights and choices

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data via your account settings
  • Delete your account and all associated data — from the Settings page in the app or website. Deletion is immediate and permanent.
  • Export your data — contact us and we will provide it in a portable format
  • Opt out of push notifications — at any time via your device notification settings
  • Revoke photo library access — at any time via your device settings

If you are in the EU or UK, you also have rights under the GDPR and UK GDPR, including the right to lodge a complaint with your local supervisory authority.

8. Children's privacy

Cashlog is not directed at children under the age of 13 (or 16 in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at hello@cashlog.co and we will delete it promptly.

9. Cookies

The Cashlog website uses cookies only for authentication (session tokens). We do not use advertising cookies or third-party tracking cookies. The mobile app does not use cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify you of significant changes by email or via an in-app notice at least 14 days before they take effect. Continued use of Cashlog after changes take effect constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions, data requests, or to delete your account, contact us at hello@cashlog.co.