ACMAN
ACMAN

Account Management

Legal

Privacy Policy

How ACMAN collects, uses and protects your personal data

1. User Information

ACMAN, accessible at acman.app, informs users about its Privacy Policy regarding the processing and protection of personal data that may be collected during navigation and use of the application.

Use of the application implies acceptance of this Privacy Policy.

2. Data Controller

  • Owner: Lyfeman (ACMAN)
  • Address: Valencia, Spain
  • Contact email: team@acman.app

3. Personal Data We Collect

3.1. Registration data

  • Username
  • Email address
  • Password (stored with bcrypt, never in plain text)

3.2. Usage data

  • Financial information entered by the user (transactions, categories, recurring expenses)
  • Bank statements in CSV/Excel format uploaded by the user
  • Recurring expense settings and custom sections
  • Application preferences

3.3. Technical data

  • IP address and browser type
  • Operating system and access date/time
  • Cookies and tracking technologies (see Cookie Policy)

4. Purpose of Processing

  1. Service provision: Registration, access and use of financial management features
  2. Communications: Service-related notifications (password recovery, important updates)
  3. Service improvement: Usage analysis to improve features
  4. Community statistics: If the user activates Community, their data is aggregated anonymously and irreversibly
  5. Contextual advertising: Ads via Google AdSense on the free plan
  6. Legal compliance: Applicable legal obligations

5. Legal Basis for Processing

  • Contract performance: Use of the application constitutes a service contract
  • User consent: For advertising and analytical cookies
  • Legitimate interest: To improve the service and ensure security

6. Data Retention

  • Active account: While the user uses the service
  • After account closure: Deletion within a maximum of 30 days
  • Advertising cookies: Per Google AdSense policy (generally 90 days)

7. Data Recipients

  • Vercel: Deployment and hosting platform
  • Neon (PostgreSQL): Cloud database where encrypted data is stored
  • Stripe: Payment processing (we do not store card data)
  • Email services: Transactional emails

No third party receives non-anonymised personal financial data.

8. Data Security

  • Financial data encrypted field-by-field with a user-derived key (PBKDF2 + AES) — not even the ACMAN team can read it
  • Passwords stored with bcrypt
  • HTTPS connection for all communications
  • Restricted database access
  • Community data with irreversible SHA-256 hashing
  • Regular backups

9. User Rights

Users have the right to:

  • Access: Obtain information about what data is being processed
  • Rectification: Correct inaccurate or incomplete data
  • Erasure ("right to be forgotten"): Request deletion of your data (see Data Deletion)
  • Restriction of processing: Restrict processing in certain circumstances
  • Data portability: Receive your data in a structured format
  • Objection: Object to processing
  • Withdrawal of consent: Withdraw consent at any time

To exercise these rights: team@acman.app

You may also lodge a complaint with the UK Information Commissioner's Office (ICO) or your local data protection authority.

10. Cookies

The application uses first-party and third-party cookies. See our Cookie Policy for more information.

11. Changes and Contact

This Privacy Policy may be updated. Significant changes will be notified with reasonable advance notice through the application or by email.

Last updated: May 26, 2026
PrivacyTermsCookiesDeletionPayments