← Privacy policy

GrandTracker Subprocessors

The third parties that process GrandTracker user data on our behalf. We do not share data with anyone not on this list. If we add or change a subprocessor, this page is updated and (for material changes) we notify users in-app.

Last updated: 2026-05-05

# Subprocessor Purpose Data types processed Processing location DPA / Privacy reference
1 Supabase, Inc. Primary backend: managed Postgres, authentication, realtime sync, file storage, Edge Functions. Hosts the canonical copy of every spend, recurring template, receipt, household membership record, and FCM token. Name, phone number, household name, all spends (amount, description, category, date, note), recurring templates, receipt photos, FCM device tokens, engineering telemetry. United States (us-east-1, AWS) https://supabase.com/privacy · https://supabase.com/legal/dpa
2 Twilio Inc. Sends the SMS one-time code used for sign-in (delivered through Supabase Auth's phone provider). Phone number, six-digit OTP code (transient), country code. Sees only what's needed to deliver the SMS; no spend data. United States (with global SMS routing) https://www.twilio.com/legal/privacy · https://www.twilio.com/legal/data-protection-addendum
3 Google LLC — Firebase Cloud Messaging (FCM) Delivers push notifications from our backend to your Android device when a household member adds or edits a spend. FCM device token, notification payload (e.g. "Sarah added $1,820 — Bathroom plumbing repair"). The push payload contains a short summary; no receipt content. United States + global Google infrastructure https://firebase.google.com/support/privacy · https://cloud.google.com/terms/data-processing-addendum
4 Functional Software, Inc. (Sentry) Application error tracking for the Android app and the Supabase Edge Functions. Receives stack traces, breadcrumbs, and runtime context. Phone numbers, descriptions, and notes are scrubbed by beforeSend before transmission. Crash reports, error stack traces, anonymous device + release identifiers, OS/version/locale. Not spend amounts, descriptions, notes, receipts, or full phone numbers. United States https://sentry.io/privacy/ · https://sentry.io/legal/dpa/
5 Cloudflare, Inc. DNS for the grandtracker.panabakers.com domain and CDN/TLS for the public website (privacy policy, status page, assetlinks.json). Does not proxy in-app API traffic to Supabase. IP address + standard HTTP request metadata for visitors to the public website. No in-app data. Global (Cloudflare anycast) https://www.cloudflare.com/privacypolicy/ · https://www.cloudflare.com/cloudflare-customer-dpa/
6 Better Stack (BetterStack Sp. z o.o.) Receives heartbeat pings from our backend cron jobs (e.g. materialize_recurring), uptime checks against the health Edge Function, and structured operational logs. Alerts us if a heartbeat is missed or a check fails. We share an existing BetterStack workspace with another product (TBOD) but with a GrandTracker-scoped API token and separate monitor IDs. Heartbeat ping metadata only (timestamp, check ID, our IP) + Edge Function structured logs (no PII). No user-content data. European Union (Poland / Germany) https://betterstack.com/privacy · https://betterstack.com/terms
7 Doppler, Inc. Secrets manager. Stores API keys, service-account JSON, and signing credentials we use to operate the service. Does not store user data. None. Holds operator credentials only. United States https://www.doppler.com/privacy · https://www.doppler.com/security
8 Google LLC — Google Play Distributes the GrandTracker Android app to users' devices. Subject to Google Play's standard install / update telemetry. Install + update events, device model, Android version, country, anonymized device identifiers used by Play. We do not receive personally identifiable Play data. United States + global Google infrastructure https://policies.google.com/privacy · https://play.google.com/about/developer-distribution-agreement.html

Notes

For privacy questions: privacy@panabakers.com.