Privacy Policy

1. Introduction

Salary Planner ("we", "us", or "our") is operated by Ognjen Knezevic, based in Serbia. This Privacy Policy explains what personal data we collect when you use Salary Planner at salary.oxytek.net or our Android app, why we collect it, and your rights regarding that data.

We are committed to protecting your privacy. We do not sell your data to anyone, ever.

2. Data We Collect

2.1 Account Data

• Full name and email address (provided at registration)
• Password (stored as a bcrypt hash — never in plaintext)
• Account creation date and last activity
• Subscription plan (free or premium)

2.2 Financial Data You Enter

• Salary amounts per month
• Expense entries (name, amount, category, date)
• Budget envelope allocations
• Savings plan targets and deposits
• Receipt data from scanned QR codes (store name, amount, items)

This data is entered by you and belongs to you. We only use it to provide the Service.

2.3 Technical Data

• Session cookies (required for login)
• IP address and browser/device information (in server access logs)
• CSRF tokens (security)

We do not use third-party analytics trackers or advertising cookies.

3. How We Use Your Data

• To operate and provide the Service (displaying your dashboard, storing your expenses, etc.)
• To authenticate you and keep your account secure
• To process your subscription and verify Premium access
• To respond to your support requests
• To send transactional emails (e.g. password reset) — we do not send marketing emails unless you opt in

4. Third-Party Services

We share limited data with the following third parties to operate the Service:

We do not use Google Analytics, Facebook Pixel, or any other advertising or analytics tracking services.

5. Data Storage and Security

Your data is stored on servers located in the EU. We implement the following security measures:

• Passwords are hashed using bcrypt
• All connections are encrypted via HTTPS/TLS
• CSRF tokens protect against cross-site request forgery
• Session cookies use HttpOnly and SameSite flags
• Database access is restricted to the application server

No security system is impenetrable. In the event of a data breach affecting your personal data, we will notify you as required by applicable law.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal data and financial records within 30 days, except where we are required to retain certain data by law (e.g. financial records for tax purposes).

Server access logs are retained for up to 90 days for security purposes.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your account and data
• Portability — request an export of your data in a machine-readable format
• Objection — object to certain processing of your data

To exercise any of these rights, contact us at support@oxytek.net. We will respond within 30 days.

8. Cookies

We use one session cookie to keep you logged in. This cookie is strictly necessary for the Service to function and does not track you across other websites. We do not use advertising cookies or third-party tracking cookies.

9. Children's Privacy

The Service is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a notice within the application. The "last updated" date at the top of this page reflects the most recent revision.

11. Contact

For any privacy-related questions or requests: