Who's Behind Reign

Reign is a product of NullPointer d.o.o., a small Croatian company registered at Rudera Boskovica 2, 51500 Krk, Croatia. NullPointer d.o.o. is the legal entity responsible for your data — the data controller under GDPR Article 4. If you have a question about your data or want to exercise any of the rights described below, reach out to us at [email protected] and we'll respond personally.

Data We Collect

We collect the following information to provide our service: email address, display name, receipt images, transaction data (amounts, merchants, dates, categories), OCR-extracted text from receipts, and wallet metadata (wallet names, currencies, balances). When the app encounters an error or slow response, we automatically send technical information to Sentry — our error tracking service — so we can diagnose crashes and improve reliability. This includes your IP address, browser or app version, the path within the app where the error occurred, and details about the error itself. Reign has infrastructure to send push notifications on the native iOS and Android apps but does not currently use it; if we enable push notifications in the future, we will ask for your permission and only use the device token your phone provides for that purpose.

How We Use Your Data

Your data is used solely for: personal expense tracking, receipt OCR processing to extract transaction details, shared household finance management within spaces you create or join, and subscription management.

Legal Basis for Processing

When we process your personal data we rely on one of the following legal bases, as required by GDPR. Contractual necessity: we need the data to provide the service you signed up for — for example, storing your transactions or scanning your receipts. Legitimate interests: we need the data to keep Reign secure, prevent fraud, and improve the product, in ways that don't override your rights. Legal obligations: some data we have to keep to comply with tax, accounting, or regulatory requirements. Consent: where we ask you to explicitly opt in, such as when connecting a third-party service, you can withdraw your consent at any time.

Third-Party Services

We use the following third-party services to operate Reign: Supabase for hosting, authentication, and data storage; Stripe for payment processing; an internal OCR service for receipt scanning; and Sentry for error tracking and performance monitoring. Sentry receives technical information about errors and requests (including error details, stack traces, IP addresses, and browser or app version) to help us diagnose issues and improve reliability. Your data is never sold to third parties.

Where Your Data Lives

Your data is stored with Supabase in the European Union (Frankfurt, Germany). When payment processing is needed we share the minimum necessary data with Stripe, and when technical errors occur we share diagnostic information with Sentry. Both Stripe and Sentry process data in the United States. For these transfers outside the European Economic Area we rely on the European Commission's Standard Contractual Clauses to keep your data protected. We chose infrastructure providers that meet strict European data protection standards, and we have reviewed each transfer to confirm your data remains safeguarded.

Data Retention

Your data is retained for as long as your account is active. When you delete your account, all data is permanently purged within 30 days. Receipt images can be automatically deleted after OCR processing by enabling the option in your privacy settings. Deleted data cannot be recovered.

Your Rights

Under the GDPR and similar data protection laws, you have the right to access the data we hold about you (Art. 15), correct inaccurate data (Art. 16), request deletion or the right to be forgotten (Art. 17), restrict processing (Art. 18), receive your data in a machine-readable format and port it elsewhere (Art. 20), object to processing (Art. 21), request a human to review any decisions made solely by automated means that significantly affect you (Art. 22), and withdraw any consent you have given at any time. Inside Reign you can already exercise several of these rights directly: export all your data in JSON and CSV formats at any time, request complete account deletion, and manage your privacy preferences in Settings. You also have the right to lodge a complaint with a data-protection supervisory authority. NullPointer d.o.o. is registered in Croatia, so Croatia's national authority — AZOP (Agencija za zaštitu osobnih podataka, azop.hr) — is the lead supervisor for our processing; if you live elsewhere in the EEA, you can also contact your own country's data-protection authority. For any other rights request, contact us at [email protected].

What You Control

Beyond your legal rights, here's what you can manage directly in the Reign app today: delete your account and all associated data from Settings > Profile, and choose whether receipt images are automatically deleted after OCR processing from Settings > Profile > Privacy. These are the controls built into Reign right now. When we add more, we'll describe them here.

Security

All data is encrypted in transit using TLS 1.2 or higher, as enforced by our infrastructure providers, and encrypted at rest. Authentication is managed through secure session cookies. We do not use advertising cookies or behavioural tracking cookies; the third-party services we rely on are listed in the Third-Party Services section above.

Cookies

Reign uses only essential session cookies required for authentication (managed by Supabase). We do not use advertising cookies or behavioural tracking cookies. Some of the third-party services we use (for example Stripe for payment processing and Sentry for error tracking) may set their own session-scoped cookies when their functionality is invoked; see the Third-Party Services section for the full list.

Children's Privacy

Reign is designed for adults managing household finances. We do not knowingly collect data from anyone under 16. If you believe a child has created an account, contact us at [email protected] and we'll promptly delete their data.

For users in the United States: Reign is not directed to children under 13. If you are under 13, please do not use this service. If we learn that we have inadvertently collected personal information from a child under 13, we will delete it promptly. For children aged 13 to 15, a parent or guardian must consent to their use of this service. Parents who believe their child has provided us with personal information can contact us at [email protected] and we will promptly delete it.

GDPR & CCPA Compliance

Reign is designed to comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). You may exercise your data subject rights — including access, correction, deletion, and portability — through the Settings page or by contacting us.

Contact

For privacy inquiries or to exercise your data rights, contact us at [email protected].