klikli
Privacy

What we collect, what we don't, and what we never will.

Klikli is built privacy-first. The default mode keeps every transaction on your device. Cloud sync, when you turn it on, lives in EU-region Firestore, and that's it. No analytics, no third-party SDKs, no cross-site tracking, no advertising, on the web or in the iOS app.

The short version

  • No analytics. Klikli ships zero analytics, telemetry, or third-party SDKs in the client. We don't know how often you open the app, what you spend on, or even that you exist, unless you opt into cloud sync.
  • Local-first by default. Transactions, budgets, and categories live in your browser's IndexedDB. They never leave your device.
  • Cloud sync is opt-in. If you enable it, your records live in Google Firestore in the EU (Frankfurt, europe-west3), under a per-user path nobody else can read.
  • No advertising, ever. Klikli is free, ad-free, and has no plans to monetise your data.
  • iOS app: same rules. The Klikli iOS app ships zero third-party analytics, zero crash SDKs, zero tracking. Face ID and Touch ID never leave your device. Push notifications, when you enable them, exist only to alert you about your own budget.

What we collect

Local mode (default)

Nothing. There is no backend in local mode. There is no account.

Cloud mode (opt-in)

When you enable cloud sync we store an email address and the transactions, budgets, categories, and recurring-income records you create in the app. We don't run analytics, profiling, or marketing across this data.

The email we receive depends on how you sign in:

  • Email + password, the address you typed.
  • Sign in with Google, the address on your Google account.
  • Sign in with Apple (iOS), if you choose Hide My Email we receive a private-relay forwarding address (…@privaterelay.appleid.com) instead of your real email. Apple forwards mail from us to you; we never see your real address. If you revoke access to Klikli in iOS Settings, the relay stops forwarding.

On the iOS app, if you opt into push notifications we additionally receive an Apple Push Notification service device token, an opaque per-install identifier used only to deliver budget-threshold and monthly-summary notifications to your device. We do not use it for tracking, analytics, or marketing. The token rotates when you reinstall the app or reset your device.

Where your data lives

Local mode, IndexedDB on your device. The PWA can be used fully offline.

Cloud mode, Google Firestore, region europe-west3 (Frankfurt, Germany), under the path /users/{your-firebase-uid}/.... Firestore enforces a per-user isolation rule: nobody other than you can read or write under your own document tree. The local IndexedDB cache is preserved as a performance and offline layer; the Firestore documents are the source of truth.

Encryption

At rest in Firestore. Google encrypts your data with their own keys (standard Cloud Storage encryption). We do not currently add a client-side encryption layer in cloud mode, Google can technically read the records.

In transit. TLS 1.2+ between your device and Firestore.

Local passcode. The 6-digit (or longer) passcode is hashed with Argon2id (memory-hard) and the hash, salt, and KDF parameters are stored on a gate document under your user path. The passcode gates the local UI; it is not used as an encryption key.

Network requests we make

Endpoint Purpose Frequency
api.frankfurter.dev Daily ECB exchange rates (no API key) Once per day
*.firebaseapp.com & *.googleapis.com Firebase Auth + Firestore RPC Cloud mode only
Apple identity servers (appleid.apple.com, account.apple.com) Sign in with Apple, on iOS and on the web sign-in page At sign-in
Apple Push Notification service (*.push.apple.com) iOS push notifications for budget alerts and monthly summary iOS app only, when you opt in
Firebase Cloud Messaging (fcm.googleapis.com) Server-side delivery of those same iOS push notifications iOS app only, when you opt in
Hosting CDN (Vercel) App shell, fonts, icons On install & update

Mobile (iOS) app

The Klikli iOS app shares the same backend, the same data model, and the same privacy posture as the web PWA. A few things are iOS-specific and worth being explicit about.

Face ID and Touch ID

When you enable biometric unlock, the app asks iOS to verify it's you using Face ID or Touch ID. Apple's biometric matching happens entirely inside the iPhone's Secure Enclave; iOS only tells the app “yes, this is the registered owner” or “no”. Klikli never sees, stores, or transmits your biometric data, fingerprint template, or face geometry. There is nothing biometric in our database.

If biometric unlock fails or you cancel it, the app falls back to your numeric passcode. The passcode is hashed with Argon2id (memory-hard) and the hash, salt, and KDF parameters are stored on a gate document under your user path, the same scheme used on the web. The passcode gates the local UI; it is not used as an encryption key.

Sensitive local storage

On iOS, any sensitive local material (for example, an authenticated-session marker after a successful biometric unlock) is stored in the iOS Keychain with a per-device, post-first-unlock accessibility class. It is not synchronised to iCloud Keychain and is wiped when you reset or erase your device. Your transaction data itself lives in Firestore (and in the on-device Firestore offline cache), not in the Keychain.

Push notifications

Push notifications are off by default. We ask for permission only when the feature first becomes useful (typically after you've added a transaction and configured a budget), not on the first launch. You can revoke push permission at any time in iOS Settings → Notifications → Klikli.

We send only two kinds of notification:

  • Budget threshold alerts, e.g. “You've used 80% of your Food budget this month.”
  • Monthly summary, a single end-of-month notification with your total spend versus budget.

Notifications are derived from data you already gave us; no third party generates them, no marketing or promotional messages are ever sent.

Crash diagnostics

The Klikli iOS app does not ship Sentry, Firebase Crashlytics, or any third-party crash-reporting SDK. The only crash data that may reach us comes through Apple's standard developer channel (TestFlight crash reports and the App Store crash dashboard), and only when your iOS device is set to Settings → Privacy & Security → Analytics & Improvements → Share With App Developers. Apple anonymises and aggregates that data before we see it; we never receive your name, email, or transactions through it.

Tracking, analytics, ads

None. The Klikli iOS app does not show an App Tracking Transparency (ATT) prompt because we do not track you across other apps or websites. We ship no analytics SDK (no Firebase Analytics, no Mixpanel, no Amplitude, no Segment), no advertising SDK, and no attribution SDK. The App Store privacy nutrition label for Klikli will reflect this.

Cookies & storage

  • No cookies for analytics or marketing.
  • Firebase Auth uses an IndexedDB token store on the web, and a Keychain entry on iOS.
  • IndexedDB and Cache Storage hold the precache and the Firestore offline cache (web).
  • On iOS, the Firestore offline cache lives in the app's sandboxed Documents directory. It is included in iCloud / iTunes device backups by default; you can exclude Klikli from backups in iOS Settings → [your name] → iCloud → Manage Account Storage → Backups.
  • No fingerprinting. No third-party scripts. No SDKs that read the IDFA.

Your rights (GDPR)

You have the right to access, correct, delete, export, and restrict processing of your personal data, and to withdraw consent at any time. Most rights are exercisable directly in the app:

  • Access & export. Settings → Account → Export. Your data downloads as JSON.
  • Correction. Edit any transaction, budget, or category at any time.
  • Sign out. Settings → Account → Sign out. Terminates the session and wipes the local cache.
  • Deletion. Settings → Account → Delete account. Deletes the Firebase user and every Firestore document under your tree. Irreversible. Requires typed-name confirmation.

For anything you can't accomplish in-app, questions, complaints, or formal requests, email privacy@klikli.app. We respond within 30 days, as GDPR requires.

You can also lodge a complaint with your local supervisory authority. For users in the EU/EEA the operator's lead authority is the Czech Office for Personal Data Protection (ÚOOÚ).

Third-party services

  • Google Firebase (Auth, Firestore, Cloud Messaging), cloud mode only, EU region for Auth and Firestore, governed by Google's Cloud Data Processing Addendum. Firebase Cloud Messaging is used only by the iOS app and only to deliver your own push notifications; the FCM transport itself routes through Google-operated infrastructure.
  • Apple (iOS app), for Sign in with Apple authentication and the Apple Push Notification service. Apple's handling of these flows is governed by the Sign in with Apple privacy disclosure and Apple's general Privacy Policy.
  • Vercel (web hosting) sees only the static asset requests any web host would see. No application data flows through it.
  • Frankfurter (open-source ECB exchange-rate API). One unauthenticated request per day. No personal data is sent.

Data retention

In local mode, retention is in your hands, your device, your data. In cloud mode, your records remain in Firestore until you delete individual records or your account. Backups follow Google's standard Firestore retention schedule and are purged with the account.

Children

Klikli is not directed at children under 13 (or under 16 in some EU jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided us with data, contact privacy@klikli.app and we'll delete it.

Changes

This document is versioned in git alongside the project. Material changes will be announced on this page and dated below.

Who we are

Klikli is built by Andrej Prazenica, an independent developer based in Czechia. For data-protection inquiries: privacy@klikli.app.

Last updated: 6 May 2026.