Plain-language summary: Round To It is a personal finance app designed to be able to run entirely on your device. No account or internet connection is required to use the app. We do not currently collect, sell, or share your financial data. If you choose to create a free account, we store only your email address and an encrypted backup of your app data, encrypted on your device with a passphrase that only you know. We cannot read your backup.
1. Who We Are
Round To It is developed and operated by Round To It Dev ("we", "us", or "our"), based in Ontario, Canada. If you have any questions or privacy-related requests, you can contact us at:
Privacy Contact: hello@roundtoit.app
2. Scope of This Policy
This Privacy Policy applies to:
- The Round To It mobile application (Android)
- The Round To It website at roundtoit.app
- The optional Round To It cloud account service
This policy does not apply to third-party services you may link to or use alongside the app. We are not responsible for the privacy practices of those services.
3. The Two Ways to Use Round To It
Round To It is designed to work fully on your device without any account or internet connection. Cloud features are entirely optional and do not affect core app functionality.
Offline Mode (Default)
By default, Round To It operates entirely on your device. In this mode:
- All transaction data, categories, budgets, settings, and streak information are stored locally on your device
- No data is transmitted to our servers or any third party
- No account is required
- No personal information is collected by us
When you use Round To It in offline mode, we have no access to any of your data.
Free Cloud Account (Optional)
If you choose to create a free account, the following applies:
- We collect your email address for the purpose of account authentication (magic link sign-in; no password required)
- We store an encrypted backup of your app data on our servers (via our cloud infrastructure provider, described in Section 7)
- Your backup is encrypted on your device using a passphrase that you set. Your passphrase is not transmitted to us or stored on our servers
- We use AES-256-GCM encryption. We are not able to decrypt or read your backup
- Your email address is used solely for authentication and critical account communications (such as account deletion confirmation). We do not send marketing emails without your explicit consent; see Section 5a for details
4. What Data We Collect and Why
| Data | Mode | Why We Collect It | How Long We Keep It |
|---|---|---|---|
| Transaction data, categories, budgets, settings | Offline only | App functionality, stored locally on your device only | Until you delete the app or clear app data |
| Email address | Cloud account only | Account authentication | Until you delete your account |
| Encrypted backup blob | Cloud account only | Lets you restore your data on a new device | Until you delete your account or manually delete the backup |
| Streak (daily-open count, last-open date, milestones) | Both | Powers your daily streak. Stored locally; if you have a cloud account, it is also synced to our servers so your streak follows you to a new device | Local: until you clear app data. Cloud: until you delete your account |
| Account activity (account creation date, last app-open date) | Cloud account only | Operating your account; if you opt in to marketing emails, also used to personalise them (see Section 7) | Until you delete your account |
| App version and device OS (manual error log) | Both | The in-app "Save Error Log" option saves a log to your device only when you trigger it; never transmitted automatically. For optional automatic error reporting, see the Anonymous Diagnostics row below | You control this: saved to your device and shared only if you choose to send it |
| Anonymous Diagnostics (app version, device OS, anonymous usage-event names, and scrubbed error reports) | Both (opt-in, off by default) | Only if you turn on "Share Anonymous Diagnostics" (Settings → Privacy & Data, or during onboarding). Helps us find bugs and understand which features are used. Contains no identity (no email, name, or account link) and no financial data (no amounts, transaction names, notes, or budgets); sent only with your consent to our own cloud infrastructure (Section 7) | Up to 90 days on our servers; collection stops immediately when you turn it off |
We do not currently collect:
- Location data
- Device identifiers or advertising IDs
- Analytics or usage tracking data, except the optional Anonymous Diagnostics described above, which is off by default, requires your explicit consent, and contains no identity or financial data
- Financial account numbers or credentials
- Any data from your device beyond what is explicitly described above
5. How We Use Your Data
We use the data described above only for the following purposes:
- To provide app functionality: all local data is used solely to power the features of Round To It on your device
- To authenticate your account: your email address is used to send you a sign-in link when you request one
- To store and restore your backup: your encrypted backup is stored so you can restore your data on a new device
- To communicate about your account: we may send you transactional emails related to your account (sign-in links, account deletion confirmations). We will not send marketing emails without your explicit opt-in consent; see Section 5a for details
We do not currently use your data for advertising, profiling, or any purpose beyond what is described in this policy. We do not sell your personal information.
5a. Email Communications
Transactional Emails (required for account function)
If you have a Round To It cloud account, we send the following transactional emails as part of the account relationship. These cannot be opted out of while your account is active:
- Magic link sign-in emails: sent only when you request a sign-in link
- Security notices: in the event of any action that may affect your account security
- Account deletion confirmation: sent when you delete your account
Marketing Emails (strictly opt-in)
We may send product update and tip emails to users who explicitly opt in. This is completely optional and is never required to use Round To It or any of its features.
- Opt-in: Check the optional "Send me news and updates" checkbox on the sign-in screen, or enable it at any time in Settings → Account → Email Preferences in the app.
- Withdrawal: Unsubscribe via the link in any marketing email, via roundtoit.app/account, or via Settings → Account → Email Preferences in the app. Withdrawal takes effect immediately.
- CASL compliance: In accordance with Canada's Anti-Spam Legislation (CASL), we only send commercial electronic messages to users who have provided express consent. We record the timestamp of each consent change.
- No implied consent: Creating an account or downloading the app does not constitute consent to receive marketing emails.
For questions about email communications, contact hello@roundtoit.app.
6. Data Sharing and Disclosure
We do not currently sell, rent, or share your personal information with third parties for their own purposes.
We may share your data only in the following limited circumstances:
- Service providers: We use a cloud infrastructure provider (described in Section 7) to host account authentication and backup storage, and a transactional email provider to deliver account emails such as sign-in links. These providers act as data processors on our behalf and are bound by data processing agreements. They do not have access to the content of your encrypted backup
- Legal obligations: We may disclose information if required by law, court order, or to protect the rights and safety of our users or the public. Where permitted by law, we will notify you before disclosing your information
- Business transfer: In the unlikely event of a merger, acquisition, or sale of assets, your data would be transferred to the successor entity. You would be notified in advance and given the option to delete your account
7. Our Infrastructure Partners
For cloud account users, we rely on the following service providers:
- Cloud authentication and backup storage provider: manages account authentication and stores your encrypted backup. They do not have access to the content of your encrypted backup; they store only the encrypted blob.
- Transactional email delivery provider: delivers account emails, such as your magic sign-in links and account notices. They process your email address for the purpose of sending these messages. The emails they deliver contain no financial data, only account-related information such as sign-in links.
- Marketing email platform: when you opt in to marketing emails, we share certain profile attributes with our marketing email platform to enable personalisation and targeting. This includes your email address and the following attributes: marketing consent status, account sign-up date, date the app was last opened, and current streak count. This platform does not have access to your financial data or encrypted backup.
- Cloud infrastructure provider (Anonymous Diagnostics): if you opt in to Anonymous Diagnostics (Section 4), the anonymous diagnostics are stored on the same cloud infrastructure provider that hosts our authentication and backup. This is our own backend, not a third-party analytics service, so it introduces no new third party. Diagnostics apply to any user who opts in (a cloud account is not required) and contain no identity and no financial data.
By creating a cloud account, you acknowledge that your email address and encrypted backup will be stored or processed on these providers' servers, which may be located outside of Canada.
Before any transfer of personal information outside of Quebec, we have assessed that these providers offer protection adequate to the requirements of Quebec Law 25. These providers are SOC 2 certified and operate under Data Processing Agreements with us.
8. Data Security
We take the security of your data seriously:
- Local data is stored using your device's built-in security model (sandboxed app storage)
- Cloud backups are encrypted with AES-256-GCM using a passphrase only you know, before leaving your device
- Authentication uses magic link email sign-in; no passwords are stored
- Transmission of data to our servers uses TLS encryption in transit
- Access to our backend infrastructure is restricted to authorized personnel only
No security system is perfect. In the event of a data breach that poses a real risk of harm to you, we will notify you and the applicable privacy regulator as required by law.
9. Your Rights
Depending on where you live, you may have the following rights regarding your personal information:
All Users
- Access: You can request a copy of the personal information we hold about you
- Correction: You can ask us to correct inaccurate information
- Deletion: You can delete your account and all associated data at any time, either in the app (Settings → Account → Delete Account) or on the web. See Deleting Your Account and Data for the full steps and what is removed
- Data portability: You can export your app data at any time using the built-in Export feature (Settings → Export App Data), regardless of whether you have a cloud account
Quebec Residents (Law 25)
In addition to the above, Quebec residents have the right to:
- Withdraw consent for the collection or use of your personal information at any time
- Request that we stop disseminating your personal information (right to be forgotten)
- Be informed of any automated decision-making that affects you (note: Round To It does not currently use automated decision-making)
- Receive your personal information in a structured, portable format upon request
- File a complaint with the Commission d'accès à l'information (CAI) at www.cai.gouv.qc.ca
California Residents (CCPA)
California residents have the right to:
- Know what personal information is collected, used, shared, or sold
- Request deletion of personal information
- Opt out of the sale of personal information (note: we do not sell personal information)
- Non-discrimination for exercising your privacy rights
To exercise any of these rights, contact us at hello@roundtoit.app. We will respond within 30 days.
9a. Deleting Your Account and Data
You can permanently delete your Round To It cloud account and everything we store for you, at any time. This section explains how, what is removed, and how long it takes.
If you only use Round To It offline (no cloud account), we hold no data about you, so there is nothing to delete on our side. Your on-device data is removed when you uninstall the app or use Settings → Clear All Data.
How to delete your account
- In the app: Settings → Account → Delete Account.
- On the web: sign in at roundtoit.app/account and choose Delete Account in the Danger Zone. Signing in simply verifies that you own the account. You do not need to reinstall the app.
What gets deleted
- Your account and email address
- Your account profile and settings stored on our servers
- Your streak data (count, last-open date, milestones)
- All of your encrypted cloud backups and their metadata
- Your contact record with our marketing email provider, if you had one
Data stored only on your device (offline mode) is not affected by account deletion. Remove it by uninstalling the app or using Settings → Clear All Data.
Timeline
Your account is removed as soon as you confirm deletion. All associated data and encrypted backups are permanently deleted from our servers within 30 days. Account deletion cannot be undone.
10. Children's Privacy
Round To It is intended for general audiences. The cloud account feature (which involves collection of an email address) is intended for users aged 13 and older.
If you are under 13 years of age, please do not create a cloud account. The offline mode of Round To It does not collect any personal information and may be used by anyone.
If we become aware that we have collected personal information from a child under 13 without appropriate consent, we will delete that information promptly. If you believe we have collected information from a child under 13, please contact us at hello@roundtoit.app.
For users in Quebec: in accordance with Law 25, we will not knowingly collect personal information from children under 14 without parental or guardian consent.
11. Data Retention
| Data | Retention Period |
|---|---|
| Local app data (offline mode) | Stored on your device until you uninstall the app or clear app data |
| Email address (cloud account) | Retained until you delete your account |
| Encrypted backup (cloud account) | Retained until you delete your account or manually delete the backup in-app |
| Anonymous Diagnostics (opt-in, off by default) | Sent to our servers only with your consent; retained up to 90 days then automatically deleted; collection stops immediately when you turn it off |
| Manual error log (in-app "Save Error Log") | Stored locally on your device only; never automatically transmitted; retained until you delete the file |
When you delete your account, we remove your email address and all associated backups from our servers within 30 days. See Deleting Your Account and Data for how to delete your account.
12. Cookies and Browser Storage
Mobile App
Round To It does not use cookies, advertising identifiers, or any cross-app tracking technologies. We do not use any third-party analytics SDKs. The optional Anonymous Diagnostics feature (Section 4) is first-party: when you turn it on, it sends anonymous, non-financial data only to our own backend, never to a third-party analytics provider.
Website (roundtoit.app)
The Round To It website does not use cookies and does not run any advertising, analytics, or tracking scripts. To keep you signed in to your account, it stores a small amount of functional sign-in data in your browser. This data is used only to operate your account session — never for advertising, tracking, or analytics — and is not shared with third parties.
These functional items are necessary for account sign-in to work. They are not used for advertising, tracking, or analytics, and are not shared with third parties.
Future Changes
If a future version of Round To It or roundtoit.app introduces advertising, analytics, or any tracking technology, this policy will be updated to describe what is collected and why, and you will be notified before the change takes effect.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last Updated" date at the top of this document
- Notify you via a notice within the app on your next app open
- For significant changes affecting cloud account users, send a notification to your registered email address
Continued use of Round To It after changes take effect constitutes acceptance of the updated policy. If you do not agree with the updated policy, you may delete your account and/or uninstall the app.
14. Language
This Privacy Policy is provided in English. As required by Quebec law, a French version will be made available prior to any marketing or distribution activities directed at Quebec residents. Until a French version is published, Quebec residents may request a French summary by contacting us at hello@roundtoit.app.
15. Contact Us
For any privacy-related questions, requests, or complaints, please contact:
Round To It Privacy
hello@roundtoit.app
We will acknowledge your request within 5 business days and provide a full response within 30 days.