Privacy Policy

Last updated: May 2, 2026

1. Information We Collect

Percentrade ("we", "our", "us") collects information you provide directly and information collected automatically when you use our services, including the RouMate iOS/Android application and the percentrade.com website.

Information You Provide

• Account information (email address, username, first name, last name)
• Contact information (phone number, if provided for account recovery)
• Communication preferences and consent records
• Support and feedback messages
• Analytics usage data and preferences
• Subscription and billing information

Information We Collect Automatically

• Usage data and in-app analytics events (e.g., screens viewed, buttons tapped, feature usage frequency) via Firebase Analytics
• Session data (session start/end times, duration, engagement metrics)
• Subscription lifecycle events (e.g., trial start, purchase, cancellation) logged as Firebase Analytics events
• Device information (model, OS version, app version, locale)
• IP address and coarse location data (country/region level)
• Advertising identifiers: Apple IDFA (iOS) or Google Advertising ID (Android), subject to your consent and device settings
• Cookies and similar tracking technologies on the web service
• Ad interaction data (impressions, clicks) for free-plan users served ads via Google AdMob

Payment and Subscription Data

• Subscription plan and status (App Store or Google Play)
• Apple App Store receipt validation tokens (iOS)
• Google Play purchase tokens (Android)
• Subscription status and events stored in Supabase (our backend database), linked to your account

Important: Subscription purchases are processed entirely by the Apple App Store or Google Play. Percentrade never receives or stores your payment card details.

For billing practices including auto-renewal, cancellations, trials, and refunds, please see our Terms of Use.

2. How We Use Your Information

We use the information we collect to operate, maintain, and improve our services. The table below summarises each processing purpose and the lawful basis we rely on (relevant for users in the EEA and UK under GDPR/UK GDPR):

Purpose	Lawful Basis (GDPR Art. 6)
Provide and maintain the service (authentication, data storage via Supabase)	Contract performance (Art. 6(1)(b))
Process subscriptions and billing	Contract performance (Art. 6(1)(b))
Transactional communications (billing alerts, security notices, password resets)	Contract performance / Legitimate interests (Art. 6(1)(b)(f))
Product analytics and improvement (Firebase Analytics)	Legitimate interests (Art. 6(1)(f)) — data is pseudonymised or aggregated where possible
Displaying personalised ads to free-plan users (Google AdMob)	Consent (Art. 6(1)(a)) — via iOS App Tracking Transparency prompt or Android ad settings
Marketing communications (newsletters, promotional offers)	Consent (Art. 6(1)(a)) — explicit opt-in required; you may withdraw at any time
Security, fraud prevention, and legal compliance	Legal obligation / Legitimate interests (Art. 6(1)(c)(f))

3. Consent and Communication Preferences

How We Obtain Consent

We collect and record your consent for communications in the following ways:

• Account Registration: During sign-up, you provide consent for essential service communications
• Opt-In Checkboxes: Separate opt-in checkboxes for any future marketing communications (we do not currently send promotional emails; if this changes, we will request your consent first)
• Phone Consent: If you provide a phone number, you consent to account-related calls (not marketing unless separately agreed)
• Social Media Consent: By contacting us through social platforms, you consent to responses via that channel
• Consent Records: We maintain timestamped records of when and how you provided consent, including IP address and consent type

Types of Communications

• Essential/Transactional: Account confirmations, security alerts, password resets, billing notifications (cannot opt-out)
• Marketing: We do not currently send marketing or promotional emails. If we introduce a newsletter or promotional programme in the future, we will request your explicit consent before sending
• Support: Responses to your inquiries via email, phone, or social media

Your Communication Rights

You have the right to:

• Opt-in or opt-out of marketing communications at any time
• Update your communication preferences in account settings
• Unsubscribe from any future marketing communications using the opt-out link in every message
• Request to stop non-essential communications by contacting support@percentrade.com
• Withdraw consent for specific communication channels without affecting your account
• View records of consent you've provided upon request

For SMS OTP verification details and the proof-of-consent records we keep, please see our SMS Opt-In and Proof of Consent Policy.

4. Third-Party Data Processors

We share your data only with the service providers listed below who help us deliver and operate the service. Each processor is bound by data processing agreements and required to protect your data in accordance with applicable law. We do not sell your personal data.

Processor	Purpose	Data Shared
Supabase, Inc. Privacy Policy	Authentication, user profile & account storage, subscription event data, app input history	Email, hashed credentials, user ID, subscription status, app usage data
Google LLC — Firebase Analytics Privacy Policy	In-app event analytics and subscription event logging	Pseudonymous Firebase Installation ID, event parameters, session data, OS/device info
Google LLC — AdMob Privacy Policy	In-app advertising for free-plan users	Advertising ID (IDFA/GAID, subject to ATT/device consent), coarse location, app-activity signals for ad targeting
Google LLC — Analytics (percentrade.com website only — not used in the mobile app) Privacy Policy	Website analytics and performance measurement	Anonymised IP, pages visited, session data, browser/device type
Apple Inc. (App Store) Privacy Policy	iOS in-app purchase and subscription billing	Receipt validation tokens; Apple handles all payment data
Google LLC (Google Play) Privacy Policy	Android in-app purchase and subscription billing	Purchase tokens; Google handles all payment data
Google LLC — reCAPTCHA (percentrade.com website only — not used in the mobile app) Privacy Policy	Bot/fraud prevention on web contact and sign-up forms	Browser fingerprint, IP address, form interaction data

Cross-border transfers: Supabase and Google/Firebase may process your data in the United States and other countries. Where required, we rely on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms to ensure your data remains protected when transferred outside your home jurisdiction.

5. Data Security

We implement appropriate security measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the internet is 100% secure, but we take commercially reasonable steps to protect your data.

Our security measures include:

• Encryption of data in transit (TLS) and at rest (Supabase AES-256 encryption)
• Firebase Security Rules restricting database access to authenticated users only
• Regular security reviews and dependency updates
• Access controls and authentication requirements for internal systems
• Secure payment processing entirely through PCI-DSS-compliant third-party providers

6. Data Retention

We retain your personal data only as long as necessary to provide our services and comply with legal obligations. Specific retention windows by data category:

• Active account data (Supabase): Retained for the life of your account
• Closed/deleted accounts: Personal data deleted or anonymised within 30 days of a verified deletion request, except where law requires longer retention
• Firebase Analytics event data: Retained for up to 14 months (Google's default; you may request shorter retention via device settings or by contacting us)
• AdMob ad interaction logs: Retained by Google in accordance with Google's data retention policies
• Financial / billing records: Retained for 7 years (or as required by applicable tax and accounting regulations)
• Consent records: Retained for 5 years from the date consent was given, for compliance audit purposes
• Support communications: Retained for 2 years after case closure

How to Request Data Deletion

• Email support@percentrade.com with subject line Data Deletion Request
• Include your account email and platform (web, iOS, or Android) so we can locate records accurately
• We may ask for identity verification before processing deletion
• We target completion within 30 days, unless legal retention obligations require limited retention

Mobile App Users (iOS and Android)

If you're using the RouMate or Percentrade mobile app, you can delete your account and data directly through the app:

• iOS: Open Settings → Account → Delete Account → Confirm deletion
• Android: Open Settings → Account → Delete Account → Confirm deletion
• Your data is removed from our Supabase backend within 30 days of the deletion request
• Firebase Analytics and AdMob data stored by Google are subject to Google's own deletion schedules (see retention windows above)

If you experience issues with in-app deletion, email support@percentrade.com and we'll assist you.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access and update your personal information
• Request deletion of your data ("right to be forgotten")
• Opt-out of marketing communications at any time
• Withdraw consent for consent-based processing (without affecting prior lawful processing)
• Export your data in a portable format
• Object to certain types of data processing

GDPR (EU) and UK GDPR Rights

If you are located in the European Economic Area (EEA) or the United Kingdom, the GDPR or UK GDPR applies to our processing of your personal data. You have the following additional rights:

• Right of access, rectification, and erasure
• Right to restrict processing or object to processing based on legitimate interests
• Right to data portability
• Right to withdraw consent at any time without affecting the lawfulness of prior processing
• Right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national DPA in the EU)

We will respond to GDPR/UK GDPR requests within 30 days. Contact us at support@percentrade.com.

CCPA (California) Rights

• Right to know what personal data we collect, use, disclose, and sell
• Right to request deletion of your data
• Right to opt-out of the sale or sharing of personal data — we do not sell personal data for monetary consideration
• Note: Sharing of advertising identifiers (IDFA/GAID) with AdMob for personalised ads may constitute "sharing" under CCPA. You may opt out by revoking ATT permission (iOS) or limiting ad tracking in Android device settings
• Right not to be discriminated against for exercising your rights

California residents may submit requests to support@percentrade.com with the subject line CCPA Rights Request.

8. Cookies and Web Tracking

We use cookies and similar technologies on our website to provide core functionality, measure analytics, and serve ads. You can manage your cookie preferences via the consent banner shown on your first visit and through your browser settings.

Cookie Categories

• Strictly Necessary: Authentication session cookies and the cookie-consent record. These are required for the site to function and cannot be disabled.
• Analytics: Google Analytics cookies (_ga, _gid, _gat) that collect anonymised usage data. Active only with your consent.
• Advertising: Google AdSense/AdMob cookies for serving relevant ads to free-plan web users. Active only with your consent.
• Functional: Cookies that remember your preferences (e.g., visited-state, consent choices).

Full details on each cookie, its purpose, and its lifespan are available in our Cookie Policy.

9. Mobile App Tracking and Consent

iOS – App Tracking Transparency (ATT)

On iOS 14.5 and later, Apple requires apps to request your permission before accessing your device's Advertising Identifier (IDFA) for cross-app and cross-website tracking. When you first launch the RouMate iOS app, you will see an App Tracking Transparency system prompt:

• If you tap "Allow Tracking": Your IDFA is shared with Google AdMob to enable personalised advertisements based on your interests and cross-app activity.
• If you tap "Ask App Not to Track": Your IDFA is not accessed. AdMob will serve non-personalised (contextual) ads instead. You will still see ads on the free plan, but they will not be based on your cross-app profile.

You can change this choice at any time in iOS Settings → Privacy & Security → Tracking → RouMate.

Android – Google Advertising ID

On Android, Google AdMob may use the Google Advertising ID (GAID) to personalise ads. You can reset or opt out of ad personalisation at any time via Settings → Privacy → Ads → Delete advertising ID (Android 12+) or Opt out of Ads Personalisation (earlier Android versions). If you opt out, AdMob will serve non-personalised contextual ads.

Firebase Analytics – No Advertising Data Used

Firebase Analytics collects usage events using a pseudonymous Firebase Installation ID — it does not use IDFA or GAID for analytics purposes. You can reset or clear this ID by uninstalling and reinstalling the app, or by clearing app data in device settings.

Non-Personalised Ads Behaviour

When personalised-ad consent is not granted (or is revoked), our app instructs AdMob to deliver non-personalised ads. These ads may still use contextual signals such as app category and general location, but do not use cross-app behavioural profiles. You will continue to see ads on the free plan; they will simply be context-based rather than interest-based.

App Store and Google Play Privacy Disclosures

Our App Store and Google Play privacy nutrition labels reflect the data practices described in this policy. Key declared data types include:

• Data Used to Track You: Advertising ID (IDFA/GAID) — only when ATT/device consent is granted
• Data Linked to You: Account identifiers (email), purchase history, in-app usage data, crash data
• Data Not Linked to You: Aggregated Firebase Analytics events, non-personalised ad impressions, anonymised crash reports

If you believe our app store privacy labels are inconsistent with this policy, please contact us at support@percentrade.com.

10. Third-Party Websites and Services

Our website and app may contain links to third-party services. We are not responsible for the privacy practices of those external sites or services and encourage you to review their privacy policies before providing any personal data.

11. Children's Privacy

Our services are not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected data from a person under 18, please contact us immediately at support@percentrade.com so we can delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on this page with a revised effective date, and where appropriate, by in-app notification or email.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a data protection concern, please contact us:

• Email: support@percentrade.com
• Via our About Us page

This Privacy Policy is effective as of the date listed above and applies to all users of Percentrade's analytics services, including the RouMate mobile application.