Privacy Policy

Renew+ (“the App”) is developed and operated by Crafted by Ellis, a sole trader based in New Zealand (“we”, “us”, “our”). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and your rights. We are the data controller for all personal information collected through the App.

1. Information We Collect

Information You Provide Directly

• Account: Email address, display name, profile photo
• Financial records: Income amounts and frequency, employer details, bill amounts and due dates, expense records, bank account numbers (for identification only), CSV-imported transaction data, KiwiSaver / superannuation contribution rates, savings goal names and targets, piggy bank balances, budget records, financial year records
• Planning data: Meal plans, recipes, shopping lists, pantry items
• Personal records: Goals, journal entries, mood entries
• Social data: Community posts, friend connections, family group membership
• Preferences: Home region, currency, theme, notification settings, food allergies and preferences

Information Collected Automatically

Firebase (our cloud infrastructure provider, operated by Google LLC) automatically collects certain technical data including authentication tokens, session identifiers, app crash reports, and general usage data (feature interactions, timestamps). We do not collect your precise device location.

Device Permissions

• Calendar: Display bills, goals, and meal plans alongside your personal calendar events. We do not store your calendar contents on our servers.
• Face ID / Touch ID: Authenticate you quickly and protect Finance and Journal sections. Biometric data never leaves your device.
• Push notifications: Send reminders for bills, goals, and alerts you configure.
• Camera / Photo Library: Upload a profile avatar photo, stored in Firebase Storage.

You may revoke any permission at any time in iOS Settings without affecting other App functionality.

2. How We Use Your Information

• Create and manage your account and provide all App features
• Sync your data across your devices via Firebase
• Perform tax and financial calculations based on data you enter
• Send push notifications you have enabled
• Respond to support requests
• Improve the App using aggregated, anonymised usage data
• Comply with legal obligations

We do not use your data for targeted advertising, credit scoring, automated decision-making with legal effects, or sale to third parties.

3. Legal Basis for Processing (UK / EU Users)

• Contractual necessity (Art. 6(1)(b) UK/EU GDPR) — account creation, App features, data sync
• Consent (Art. 6(1)(a)) — calendar access, Face ID, push notifications
• Legitimate interests (Art. 6(1)(f)) — anonymised analytics to improve the App
• Legal obligation (Art. 6(1)(c)) — compliance with applicable law

4. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

• Google Firebase (Firestore, Auth, Storage) — database, authentication, file storage. Operates under Google's data processing terms and is certified under the EU–US Data Privacy Framework. Privacy Policy
• Apple (StoreKit, App Store) — subscription management and payments. Privacy Policy
• Anthropic — AI features (goal planning, recipe scanning). Privacy Policy

We may also disclose information where required by law, court order, or to protect the rights, property, or safety of our users or others.

5. Data Storage, Security, and Retention

Your data is stored in Google Firebase's Cloud Firestore and Firebase Storage. All data is encrypted in transit (TLS) and at rest. We retain your data for as long as your account is active.

When you delete your account (Settings → Delete Account), we permanently delete all records associated with your account, including: financial records, bank account numbers, CSV imports, goals, journals, meal plans, recipes, shopping lists, pantry items, mood entries, social data, and profile photos. Deletion is irreversible.

6. International Data Transfers

Your data is processed on Firebase infrastructure operated by Google LLC, and may be stored on servers in the United States or other countries. For UK/EU users, we rely on Standard Contractual Clauses approved by the European Commission. For Australian users, we comply with the Australian Privacy Principles regarding cross-border disclosure. By using the App, you consent to this transfer.

7. Your Rights

All Users

You may access, correct, or delete your data directly within the App at any time, or contact us at braden@craftedbyellis.com.

New Zealand — Privacy Act 2020

You have the right to request access to and correction of personal information we hold. We will respond within 20 working days. Complaints may be made to the NZ Privacy Commissioner.

Australia — Privacy Act 1988

You have the right to access and correct your personal information and to complain about breaches of the Australian Privacy Principles. Unresolved complaints may be escalated to the Office of the Australian Information Commissioner (OAIC).

United Kingdom / European Union — UK GDPR / EU GDPR

In addition to access and correction, you have the right to:

• Erasure — request deletion of your personal data
• Restriction — request we limit processing in certain circumstances
• Data portability — receive your data in a structured, machine-readable format
• Object — object to processing based on legitimate interests
• Complain — to the UK Information Commissioner's Office (ICO) or relevant EU supervisory authority

We respond to GDPR requests within one calendar month.

United States — California (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt out of the “sale” of personal information — we do not sell personal information. Categories collected include: identifiers (email, display name), financial information (income, bills, bank account numbers), commercial information (subscription tier), internet/network activity (app usage), and inferences (preferences, settings).

Canada — PIPEDA / Quebec Law 25

You have the right to access, correct, and withdraw consent for processing your personal information. Quebec residents additionally have data portability rights. Contact braden@craftedbyellis.com. We respond within 30 days.

India — DPDP Act 2023

You have the right to access, correct, and erase your personal data, and to nominate another person to exercise these rights on your behalf. Contact braden@craftedbyellis.com.

Singapore — PDPA

You have the right to access and correct personal data we hold, and to withdraw consent for its collection and use. Contact braden@craftedbyellis.com.

8. Data Breach Notification

In the event of a data breach likely to cause harm, we will notify affected users and regulators:

• New Zealand: As soon as practicable (Privacy Act 2020)
• Australia: Within 30 days (Notifiable Data Breaches scheme)
• UK / EU: Within 72 hours (UK/EU GDPR)
• Canada: As soon as feasible where real risk of significant harm exists (PIPEDA)

9. Children's Privacy

Renew+ is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has created an account, contact us at braden@craftedbyellis.com and we will delete the account promptly.

10. Cookies and Tracking

Renew+ is a native iOS application and does not use cookies. Firebase may use device identifiers for session management and crash reporting — these are not used for advertising.

11. Changes to This Policy

When we make material changes, we will update the version date at the top of this page and prompt you to review and re-accept within the App before continuing. Previous versions are available on request.

12. Contact

Crafted by Ellis
Privacy enquiries: braden@craftedbyellis.com
General support: braden@craftedbyellis.com
Location: New Zealand

We take privacy complaints seriously and will respond within 10 business days. If we cannot resolve your complaint, you have the right to escalate to the relevant regulator in your jurisdiction (listed in Section 7 above).