Save Wave logo Save Wave

Privacy Policy

Last updated: 2026-05-14

1. Data Controller

The administrator of your personal data is Ania-Sk, contact email: as.tamashi@gmail.com. For any matters regarding data protection, please contact us via the email address provided above.

2. Data We Collect and Purpose

a) Account Data

During registration, we collect your username, email address, and password (stored only as a bcrypt cryptographic hash). These data are necessary to provide the service.

b) Financial Data

While using the app, we store your incomes, expenses, categories, comments, and savings goals. This data is processed solely at your request to provide the core functionality of the application.

c) Server Logs

Our server automatically records your IP address, browser type, URLs visited, and timestamps. Logs are kept for 30 days for security and technical diagnostic purposes.

d) Receipt Scanning (OCR)

The automatic receipt reading function processes your uploaded image exclusively locally on our server using the Tesseract OCR library. The image is NOT sent to external services and is NOT stored — it is deleted immediately after the amount and date are read.

3. Cookies

SaveWave uses only technical cookies necessary for its operation:

  • Session Cookie – maintains the logged-in user session.
  • CSRF Token – protects against Cross-Site Request Forgery attacks.

These cookies do not serve analytical or advertising purposes and do not require consent under the ePrivacy directive.

4. Data Recipients and Location

Your data is stored on DigitalOcean LLC servers located in Frankfurt (Germany, EU), which acts as a data processor on our behalf under an appropriate data processing agreement. We do not sell or share your personal data with third parties for marketing purposes or any other purposes unrelated to the provision of the service.

5. Transfer of Data Outside the European Economic Area

Your data is not transferred outside the European Economic Area. The DigitalOcean servers used by SaveWave are located in Frankfurt (Germany).

6. Data Retention Period

Data Category Retention Period
Account and transactions data Until the user deletes their account
Server logs 30 days
Receipt photos Deleted immediately after OCR analysis
Session cookies Until logout or browser closure

7. Your Rights

You have the following rights regarding the processing of your personal data:

  • Right to access you may check what data we store about you (account settings panel).
  • Right to rectification you may correct your account data, including your email address and username (profile settings).
  • Right to erasure you may permanently delete your account and all associated data (Settings → Delete Account).
  • Right to data portability you may download your data in JSON format (Settings → Export Your Data).
  • Right to restriction of processing you may request restriction of the processing of your data.
  • Right to object you may object to the processing of your data.

8. Right to Lodge a Complaint

You have the right to lodge a complaint with the President of the Personal Data Protection Office (PUODO):

Address: ul. Stawki 2, 00-193 Warsaw, Poland

E-mail: kancelaria@uodo.gov.pl

Website: www.uodo.gov.pl

9. Data Security

We implement technical and organizational measures to protect your data, including password hashing using the bcrypt algorithm, encrypted HTTPS connections, session protection mechanisms (HttpOnly, SameSite), and safeguards against CSRF and XSS attacks.

10. Policy Updates

We will notify you of any significant changes to the Privacy Policy by e-mail or through an in-app notification at least 14 days before such changes take effect.