Privacy Policy

Last updated: March 6, 2026

Welcome to CommonEx! We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains what information we collect, how we use it, how we share it, and your choices regarding your information when you use CommonEx via our mobile apps or website.

1. Information We Collect

We collect both information that you provide to us directly and information that is collected automatically when you use CommonEx:

Information You Provide: When you create or participate in an event on CommonEx, you may enter data such as the event name, participant names, and details of expenses (expense descriptions, amounts, and which participants are involved). This information is considered user-generated content and is stored so that you and others with access to the event can view and share the expenses.
Personal Identifiers: We do not require account registration, but the app generates event-scoped identifiers such as an event ID and PIN code to allow syncing and sharing of your event data across devices.
Diagnostics, Analytics, and App Improvement Data: We currently collect crash reports, error diagnostics, and performance traces through Sentry on supported platforms to help keep CommonEx stable. This may include device information such as device model, operating system version, technical context around the failure, and Sentry-provided app or device identifiers used for diagnostics. If we add product analytics or other app-improvement tools in the future, we will update this Privacy Policy and our platform privacy disclosures before enabling them in production.
Device and Network Information: When you use CommonEx, certain information may be received automatically, such as your device’s IP address, operating system, browser type (for web access), and other technical data. This information is typically collected as part of server logs and, on supported app platforms, may also be included in Sentry diagnostics for security and troubleshooting purposes.

2. How We Use Your Information

We use the collected information for the following purposes:

Providing and Syncing the Service: We use your event and expense data to display it back to you and any friends you have shared the event with. The data you input (names, expenses, amounts) is processed so that all invited participants can view the updated expense lists and balances. We also use identifiers to synchronize data across your devices, allowing you to access your events from multiple devices instantly.
Offline Functionality and Local Storage: CommonEx is designed to work offline. Your event data is stored locally on your device so you can use the app without an internet connection. When you go online, the data synchronizes with our server to update all participants. We also use local storage on your device or in your browser for service functionality, such as retaining local app data and limited onboarding or help state on the web version. We do not currently use advertising cookies or third-party tracking cookies for cross-context behavioral advertising.
Improvement and Development: Diagnostics, analytics, and app-improvement data are used to identify bugs, investigate failures, measure product quality, and improve app stability and usability. We do not use advertising SDKs or third-party tracking tools for cross-context behavioral advertising.
Customer Support and Communication: If you contact us with a question or feedback (for example, via email), we will use your contact information and the details you provide to respond to you and resolve any issues. We do not send marketing emails or push notifications at this time, since we do not collect contact details through the app itself.
Security and Fraud Prevention: We may use IP addresses, server-side technical logs, and event-scoped identifiers to monitor for suspicious or unauthorized activity (such as someone attempting to access an event without the correct credentials) and to protect the integrity of our service. This helps us ensure that only users who have the correct Event ID and PIN can access an event’s details.
Legal Compliance: Where necessary, we may process and disclose information to comply with a legal obligation or governmental request (for example, responding to lawful requests by public authorities) or to enforce our terms of service and protect our rights or the rights of other users.

3. How We Share Your Information

We value your trust and only share personal data in a few limited circumstances:

Sharing with Event Participants: The core purpose of CommonEx is to share expenses among friends. If you create or join an event, all information in that event (event name, participant names, expenses, and who paid/owes what) will be visible to anyone who has the Event ID and PIN for that event. We do not publish your events publicly. Only people to whom you or other event members provide the event link or credentials will have access. Please keep your event’s PIN code confidential and only share it with trusted participants.
Service Providers and Partners: We use third-party service providers to help operate and improve CommonEx:
- Sentry: On app platforms where Sentry is enabled, we use Sentry (a crash reporting and performance monitoring service) to collect crash logs and diagnostics. This means that when the app crashes or encounters errors, information about the error and your device (like device model, OS, app or device identifiers used for diagnostics, and possibly your IP at the time of the error) is sent to Sentry’s servers. Sentry acts as our data processor for this purpose, helping us fix issues. Sentry is operated by Functional Software, Inc., and we have configured Sentry to use servers in the EU region for data storage where possible. Our mobile app builds send these diagnostics.
- Hosting Provider: Our backend servers are hosted by a third-party hosting provider (LLHost, located in the Netherlands). This means that any data stored on our server (such as your event information) resides on their infrastructure. The hosting provider may technically have access to the data on the server hardware, but they are not permitted to use or disclose your data except as needed to maintain the server. We have taken steps to secure our servers through this provider.
- Currency Exchange API: To support multi-currency expenses, CommonEx may use a third-party API (such as Open Exchange Rates) to retrieve currency conversion rates. When we request exchange rates, we do not send any personal data about users—only the request for conversion values (e.g. asking for the rate between USD and EUR). No user-identifying information is involved in these requests.
Legal and Safety Disclosures: We will share personal information outside of CommonEx if we have a good-faith belief that such sharing is reasonably necessary to: (a) comply with any applicable law, regulation, legal process, or enforceable governmental request; (b) enforce our Terms of Service, including investigation of potential violations; or (c) protect against harm to the rights, property, or safety of our users, the public, or CommonEx as permitted or required by law.
Business Transfers: If in the future we (the CommonEx app or its developer) are involved in a merger, acquisition, investment, or asset sale, your information may be transferred to the new owner as part of that transaction. If such a transfer occurs, we will ensure the new owner honors the commitments we've made in this Privacy Policy and will notify you (for example, via a notice on our website or within the app) of any choices you may have regarding your information.
Non-Personal & Aggregated Data: We may share aggregated or de-identified information (which cannot be used to identify you personally) publicly or with partners – for example, statistics about overall app usage or total number of events – for research, marketing, or benchmarking purposes. Such information contains no personal data and cannot be traced back to individual users.

4. Data Storage and International Transfer

Data Location: CommonEx stores user event data on your device and on our secure servers located in the Netherlands (European Union). On app platforms where Sentry is enabled, crash reports and diagnostic data are transmitted to Sentry’s servers (which, under our configuration, reside in Europe). We transfer and store this information outside your home country when necessary to provide the service, keep it secure, and maintain app reliability.

International Data Transfers: If you are using the app from outside of the European Union (for instance, in Russia, Serbia or elsewhere), please be aware that the personal data we collect will be transferred to and processed in the EU (specifically, the Netherlands for our servers, and, where Sentry is enabled, potentially Germany or other EU locations for Sentry). These countries may have data protection laws that are different from those in your country. Where required, we rely on appropriate safeguards and legal mechanisms for international transfers and apply measures designed to protect your personal data.

Data Security: We take reasonable measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. All data transmission between the mobile app or website and our servers is encrypted using HTTPS (TLS) to prevent eavesdropping. Within our server and database, we apply security best practices to guard data (including access controls and regular security updates). Additionally, the Event ID and PIN system adds a layer of security — only those with the correct combination can access a given event’s details. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. It is important that you also do your part: keep your event PIN codes confidential and be cautious about who you share links or credentials with.

5. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Policy and to provide the CommonEx service to you. In practice, this means:

Event Data: The expenses and event information you enter will be retained on our servers until you delete them or until we determine that the data is no longer needed to provide the service. Currently, we do not enforce a fixed expiration on events; even inactive event data may be stored so that you can return to it later. You can delete events directly within the app using the swipe-to-delete feature in the events list. For synced events, you have the option to "Delete everywhere" (removes data from both your device and our servers) or "Remove local copy" (removes only the local data while keeping the server copy for other participants). If you need assistance with deletion or encounter any issues, you can also contact us (see the Contact section below).
Crash Logs and Diagnostics: Diagnostic data collected via Sentry on supported platforms is generally retained for a limited period (for example, crash reports may be kept for a certain number of months) in accordance with Sentry’s data retention policies, and so that we have enough history to troubleshoot issues. Such data is typically purged automatically over time as new data comes in.
Local Storage on Device: Any data stored offline on your device (e.g., cached event information) stays on your device until you uninstall the app or clear the app’s data. Removing the app from your device will delete the locally stored copies of your events from that device (but not from our server if the event exists on the server).
Backups: Our server may maintain backups or archives for recovery and security purposes. If you request deletion of your data, we will remove it from our active database, but it may remain in encrypted backups for a short period until those backups are rotated and overwritten.

When we no longer need personal data for the purposes of providing CommonEx or to comply with legal obligations, we will securely delete or anonymize it so that it can no longer be associated with you.

6. Your Rights and Choices

Depending on your jurisdiction, you have certain rights regarding your personal data. We strive to uphold these rights for all users:

Access and Portability: You have the right to request a copy of the personal data we hold about you. For CommonEx, this would primarily be the data in your events (names of events, participants, expenses, etc.) and any related usage data. We can provide this information in a common electronic format upon request.
Rectification: If you believe that any personal information we have collected is inaccurate or incomplete, you have the right to ask us to correct it. In practice, you can edit the data in the app (e.g., change participant names or fix expense entries) at any time, and those changes will be synchronized to our server. If any information (like crash report details) is inaccurate, please let us know and we will address it if possible.
Deletion: You have the right to request deletion of your personal data. Because CommonEx does not use personal user accounts, the primary way to delete your data is to delete events. You can delete events directly within the app by swiping on an event in the events list to reveal deletion options. For synced events, you can choose "Delete everywhere" to remove the event from both your device and our servers, or "Remove local copy" to only remove the local data while preserving the server copy for other participants. If the server deletion fails (for example, due to network issues), the app will show recovery options allowing you to retry or keep the local copy. Note that if you only remove the local copy, other participants who have the event credentials may still access the event data on the server.
Objection and Restriction: You have the right to object to or request that we restrict processing of your data in certain circumstances. Since we do not use your data for marketing or ads, this primarily relates to crash reporting and diagnostics on platforms where Sentry is enabled. We do not currently offer an in-app toggle to disable crash reporting. If you have concerns about Sentry’s crash reporting, please contact us to discuss alternatives.
Withdrawal of Consent: In cases where we rely on your consent to process data for a specific feature (for instance, if in the future we ask for consent to collect optional analytics data or to send you communications), you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal. Our current processing is mainly based on providing the service, keeping it secure, and our legitimate interests in maintaining and improving CommonEx.
Non-Sale of Personal Data: CommonEx does not sell your personal data to third parties. If you are a user in certain regions like California (USA), you have a right to opt-out of the sale of personal information. We confirm that we do not engage in selling or sharing your data for third-party advertising purposes, so there is no need to opt out of something we don’t do. We treat all user requests regarding data with the same care, regardless of your region.

To exercise any of these rights, please contact us using the contact details provided in the “Contact Us” section below. We will respond to your request as soon as possible and in accordance with applicable laws. For security, we might need to verify your identity (for example, by confirming information about your use of the service) before fulfilling certain requests, especially for access or deletion.

7. Children’s Privacy

CommonEx is not intended for children under the age of 16. If you are under 16, you may not use the CommonEx app or website or submit personal information through the service. We do not knowingly collect personal information from anyone under 16 years old, and if we become aware that we have collected such data, we will take steps to delete it as soon as possible.

Parents or guardians: If you discover that your child under 16 has been using CommonEx or has provided personal data through the service, please contact us immediately. We will work with you to remove the data and prevent further use as appropriate.

Because CommonEx does not use personal accounts or age-verification flows, we operate the service as 16+ only.

8. Additional Notices for Certain Jurisdictions

For Users in the European Economic Area (EEA), United Kingdom, or Switzerland: InWords is the data controller for CommonEx (contact details below). Our legal basis for processing your personal data includes: necessity for performing the service you request (for example, storing and syncing event data), our legitimate interests in securing, maintaining, and improving the app (for example, using technical logs and crash diagnostics to investigate failures), and compliance with legal obligations. We rely on consent only where we specifically ask for it for an optional feature. You have the right to lodge a complaint with a supervisory authority in your country if you believe we have infringed your data protection rights, but we kindly ask that you contact us first so we can address your concerns.

For California (CCPA/CPRA): In addition to the rights described above, California residents have the right to know what categories of personal information we collect and how we use and share it. In the past 12 months, CommonEx may have collected the following categories of personal information: identifiers (such as event-scoped IDs and IP address), personal information (names of individuals if provided as participants), limited diagnostic data on platforms where Sentry is enabled, and financial information (expense entries, though not tied to payment instruments). This information is collected for the purposes described in this policy. We do not “sell” your personal information as defined by CCPA, nor do we share it with third parties for cross-context behavioral advertising. We also do not profile users in a way that has legal or similarly significant effects. If you send us a request pertaining to your California rights, we will comply as required – for example, providing you with a copy of your information or deleting your data – and we will not discriminate against you for exercising any of these rights.

For Users in Russia: CommonEx does not publicly distribute or list personal data, but please be aware that your personal data (such as participant names or expense details you enter) is stored on servers outside of Russia, currently in the Netherlands. We process and protect that data as described in this Privacy Policy. If Russian law grants you specific data rights, you can exercise them by contacting us. We strive to be transparent and cooperative with users from all regions. (Note: If required by law, we may consider local data storage in future updates, but at present data is hosted in the EU.)

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make significant changes, we will notify you by posting the updated Privacy Policy on our website (and within the app if applicable) and updating the “Last updated” date at the top. In some cases, if changes are material, we may provide a more prominent notice or seek your consent as required by law.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. If you continue to use CommonEx after changes take effect, we will treat that use in accordance with the updated Policy to the extent permitted by law.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. We are here to help and will respond as promptly as we can.

Contact Information:

Email: commonex@proton.me (Attn: CommonEx – Privacy)
Owner: InWords
Address: Belgrade, Serbia (Note: Full address not provided here for privacy; will supply if legally required)

We take privacy and user feedback seriously. If you contact us about any issue regarding your privacy, we will do our best to address it and find a satisfactory resolution. Thank you for trusting CommonEx with your expense-sharing needs!