1. Introduction and Information on Data Processing
ITM Sys-Technology Kft. (hereinafter "Developer") is committed to protecting users' data.
The Cobaltic application (hereinafter "Application") operates fully offline, does not require an internet connection, and the Developer does not collect, store, transmit, or process any personal data of users in any way.
Any data processed during use of the Application is stored exclusively on the user's own device, and only the user has access to it.
In light of the above, the Developer does not qualify as a data controller within the meaning of the GDPR (EU Regulation 2016/679) in connection with the operation of the Application.
If the user processes personal data while using the Application, the user alone is responsible for such data processing.
Contact details:
- Company name: ITM Sys-Technology Kft.
- Registered address: Kossuth Lajos utca 73., 3128 Vizslás, Hungary
- Company registration number: 12-09-012058
- VAT number: HU32009644
- Email: cobalticsoft@gmail.com
Any personal data provided by users when contacting the Developer is used solely to respond to inquiries and is not transferred to any third party.
2. Data Collection
The app does NOT collect personal data and has NO internet access. All data is stored exclusively on your device and is never transmitted to external servers, cloud services, or third parties.
3. Stored Data
The app stores the following data exclusively on your device:
- Financial transactions and items
- Accounts, balances and exchange rates
- Categories and budgets
- Warranty information
- Reminders and recurrence rules
- Shopping lists, items and purchase history
- Utility meter readings and price history
- OCR templates (receipt recognition patterns)
- App settings and themes
4. Data Security
All data is stored encrypted (AES-256) on the device using SQLCipher. Biometric authentication (fingerprint, face recognition) works exclusively through Android's Biometric API – the app never accesses or stores biometric data. The app can optionally be protected with a PIN as well.
5. Camera and Gallery
The app requests camera access to photograph receipts and invoices. The user may also import an image from the gallery instead of using the camera. Photos are NOT permanently stored – they are used only for text extraction (OCR) and are immediately deleted from memory. No image is ever sent to any server.
6. Data Sharing
The app does NOT share data with third parties. There is no advertising SDK, analytics system, crash reporting, or any other data-collecting component in the app.
7. Data Deletion
Individual records (transactions, accounts, lists, etc.) can be deleted manually within the app. To delete all data, uninstall the app – all local data is permanently deleted upon removal. Exported files must be deleted manually by the user from the device.
8. Exported Data
The app allows exporting data as an XLSX (.xlsx) spreadsheet and PDF (.pdf) report, as well as creating and restoring an encrypted binary backup (.scb). An XLSX import template is also available for bulk importing transactions. Exported files are saved on the device — the user is fully responsible for their content and safe storage.
9. Changes
If the privacy policy changes, users will be informed via an app update. The current version of this policy is always available within the app.
10. Contact
Users may contact the Developer at the following details:
- Company name: ITM Sys-Technology Kft.
- Registered address: Kossuth Lajos utca 73., 3128 Vizslás, Hungary
- Email: cobalticsoft@gmail.com
Any data voluntarily provided by the user when establishing contact is used by the Developer solely to respond to the inquiry; it is not stored long-term and is not passed on to any third party.
11. Required Permissions
The app uses the following system permissions:
- CAMERA – To photograph receipts and invoices
- READ_MEDIA_IMAGES – For importing images from the gallery
- POST_NOTIFICATIONS – For local reminder notifications
- SCHEDULE_EXACT_ALARM – For precisely timed alarms
- RECEIVE_BOOT_COMPLETED – To reschedule reminders after device restart
- VIBRATE – For notification vibration
- USE_BIOMETRIC – For biometric login protection
The app does NOT request network, location, contacts, or microphone permissions.
12. Local Notifications
The app uses Android's AlarmManager to send scheduled local notifications before reminders are due. Notifications appear on the lock screen and as heads-up (floating) notifications — without internet, entirely on-device. Notification content is NEVER sent to any server.
On Android 13 and above, the app requests notification permission (POST_NOTIFICATIONS) on first launch. This permission can be revoked at any time in system settings. After a device restart, reminders are automatically rescheduled.
13. ML Kit Text Recognition
For receipt scanning, the app uses Google ML Kit Text Recognition v2, which operates entirely on-device without internet access. Recognized text is NOT sent to Google servers or any external service. The ML Kit library does not collect user data.
14. Android Backup
The app disables Android's automatic cloud backup feature, so database contents are NOT automatically synced to Google Drive or any other cloud service. Backup is only possible through the in-app export function, the result of which is managed by the user.
15. GDPR – Your Rights
Under the EU General Data Protection Regulation (GDPR), you have the following rights:
- Access – Your data can be viewed at any time within the app
- Rectification – Your data can be edited directly
- Erasure – Your data can be deleted in-app or by uninstalling
- Portability – Your data can be exported as XLSX (.xlsx) and PDF (.pdf), or as an encrypted binary backup (.scb)
- Objection – Not applicable, as there is no third-party data processor
Since all data is stored exclusively on your device, you have full control over your own data.
16. Children's Privacy
The app is not directed at children under 13 years of age. Since the app does not collect or transmit any personal data, privacy concerns regarding children do not arise.
17. Data Retention
Data remains on your device until the app is uninstalled. There is no automatic data expiry or mandatory deletion period. The user decides when to delete individual records or the entire app.
18. Limitation of Liability
The app developer is not liable for unauthorized access to exported files, data loss resulting from device loss or theft, or potential data leakage from Android OS security vulnerabilities. The app applies industry best practices for data protection.