Privacy Policy

To create and run your account, we store:

• Your email address and full name (from sign-up or Google OAuth).
• An optional avatar URL when you sign in with Google.
• A bcrypt hash of your password — never the password itself.
• Contribution records you log: project, time entries, expense amounts, descriptions, attached proof URLs, and approval status.
• Audit log entries for status changes and edits to contribution records, so your team has an honest history of who changed what.
• Standard server logs (IP address, request path, timestamp) retained for up to 30 days for abuse detection and debugging.

We use your data only to operate mycontri. Specifically:

• Authenticate you and protect your account.
• Show your contributions to the right people in your space.
• Send transactional email (invites, password resets, contribution approvals or rejections) via Resend. You cannot opt out of these — they're required for the app to function.
• Diagnose bugs and prevent abuse.

We do not run advertising, do not sell your data, and do not share it with third parties for marketing. The only sub-processors we use are infrastructure providers required to run the app: Railway (hosting), Vercel (hosting), Resend (email delivery), and Google (OAuth, when you choose it).

You can request account deletion at any time by emailing hello@mycontri.in from the address tied to your account. We'll permanently remove your profile and authentication credentials within 30 days.

Contribution records you logged while a member of a space remain visible to that space's owner so the space's history stays consistent — but they are de-identified (your name and email are removed, your contributor entry shows as "Former member"). If you owned a space, transfer ownership before deletion; we will not delete a space without owner consent.

Passwords are hashed with bcrypt at twelve rounds. Sessions use short-lived JWT access tokens with longer refresh tokens. Traffic is HTTPS-only. We rate-limit authentication endpoints to slow credential-stuffing.

mycontri is in beta. We try hard, but we make no warranty that the service is free of vulnerabilities. If you find one, please report it to hello@mycontri.in.

If we materially change how we collect or use your data, we'll email account holders before the change takes effect. Editorial changes (typos, clarifications) are made without notice — the effective date at the top tracks the latest revision.