Ducat App Icon Ducat Wordmark Logo
Ducat App Icon
Try now for free

Privacy Policy

Please refer to this privacy policy to understand how Ducat works with your data.

We care about your privacy.

This Privacy Policy explains what data the Ducat app (“App”), developed by Rahul Chowdhury (“we”, “us”, or “our”), collects and how we use it.

By using Ducat, you agree to the practices described in this Policy.

1. Information We Collect

To provide account-based features and operate the Service, we collect the following information:

Account Information

When you create an account, we collect:

  • Name
  • Email address
  • Timezone
  • Authentication credentials required to access your account

This information is used to:

  • Create and manage your account
  • Authenticate access to the Service
  • Provide customer support
  • Communicate important service or billing information
  • Prevent fraud, abuse, or unauthorised access

App Data

We also collect and store the data you create within Ducat, including:

  • Transactions
  • Categories
  • Accounts
  • Subscription records
  • Recurring payment information
  • Other financial or organisational data you choose to add to the App

This data is required to provide the core functionality of the Service.

2. How Your Data Is Stored and Protected

Your data is stored on servers hosted in Germany through third-party infrastructure providers engaged by us.

We take reasonable technical and organisational measures to protect your information, including:

  • HTTPS encryption for data transmitted between your device and our servers
  • Encryption of sensitive personal information at rest
  • Restricted access to production systems and databases
  • Authentication and access controls designed to prevent unauthorised access

Personally identifiable information such as your name, email address, and account name is encrypted at rest where reasonably applicable.

While we use industry-standard safeguards, no method of transmission over the Internet or electronic storage is completely secure. Therefore, we cannot guarantee absolute security.

3. How Our Servers Work

Our servers are used to:

  • Store and sync your account and app data
  • Process application requests
  • Deliver tracked subscription reminder notifications
  • Authenticate user accounts
  • Support AI-powered features
  • Maintain reliability and security of the Service

During normal app usage:

  • Requests may be associated with internal identifiers required to operate the Service
  • We minimise the amount of personal information processed wherever reasonably possible
  • Access to stored data is restricted to authorised systems and operational purposes

4. Server Logs

Like most online services, our servers automatically generate technical logs, which may include:

  • API endpoints accessed
  • Timestamps
  • Error reports
  • Anonymous or pseudonymous identifiers
  • IP address
  • Device and browser information

These logs:

  • Help us maintain reliability and security
  • Assist with debugging and abuse prevention
  • Are not used for advertising or cross-service tracking

We do not sell your data or build advertising profiles based on your activity.

5. AI Processing

Some features use AI services provided by OpenAI.

In such cases:

  • Queries are securely forwarded from our servers to OpenAI for processing
  • We do not send your account credentials or direct account identifiers to OpenAI
  • Requests are processed server-side rather than directly from your device

If you voluntarily include personal or financial information within a query, that information may be processed solely for the purpose of generating a response.

You can review OpenAI’s Privacy Policy for further details.

6. Analytics and Crash Reporting

To improve Ducat’s reliability, usability, and performance, we collect limited analytics and diagnostic information using PostHog.

This may include:

  • Feature usage information
  • Performance metrics
  • Application errors and crash reports
  • Device and browser information
  • Anonymous identifiers and event data

Analytics and crash-reporting events are associated only with anonymised identifiers.

We do not intentionally send personally identifiable information such as your name, email address, or transaction contents to analytics providers.

We also take measures designed to prevent third-party analytics providers from correlating analytics data with your real-world identity.

Analytics data is used solely for product improvement, debugging, reliability monitoring, and abuse prevention.

Analytics and crash-reporting data collected through PostHog are stored within the European Union.

7. Payments and Subscriptions

Payments and subscription management for the web application are processed securely through Polar (polar.sh).

  • We do not receive or store your full payment information
  • Billing and payment processing are handled by third-party payment providers

To manage subscriptions and prevent fraud, we may store limited subscription-related information, including:

  • Subscription status
  • Billing events
  • Transaction or subscription identifiers
  • Subscription expiry or renewal information

These identifiers are used only for account management, billing validation, and fraud prevention.

8. No Advertising or Data Selling

Ducat does not:

  • Display third-party advertisements
  • Sell personal data
  • Share personal information with data brokers
  • Use invasive third-party advertising trackers

We only collect and process the information reasonably necessary to operate and improve the Service.

9. Data Retention

We retain your information for as long as necessary to:

  • Provide the Service
  • Maintain your account
  • Comply with legal obligations
  • Resolve disputes
  • Prevent fraud and abuse

If you request deletion of your account, we will delete or anonymise your personal information within a reasonable period, unless retention is required by law or necessary for legitimate operational or security purposes.

10. Your Rights

Depending on your location and applicable law, you may have the right to:

  • Request access to your personal information
  • Correct inaccurate information
  • Request deletion of your account and associated data
  • Request a copy of your data where applicable

You may contact us at any time regarding privacy-related requests.

11. Optional Contact

If you contact us for support:

  • We will use your contact information only to respond and provide assistance
  • We do not use support communications for marketing purposes without consent
  • You may request deletion of support-related information where applicable

12. Children’s Privacy

Ducat is not intended for children under the age of 13.

We do not knowingly collect personal information from children.

13. International Data Processing

By using Ducat, you understand that your information may be processed and stored on servers located in Germany.

Third-party service providers used by Ducat may operate in multiple jurisdictions depending on their infrastructure and operational requirements.

14. Changes to This Policy

This Privacy Policy may be updated from time to time.

The latest version will always be available on the official website. Continued use of Ducat after changes become effective constitutes acceptance of the updated Policy.

We encourage users to review this Policy periodically.

If you have questions about this policy, feel free to contact: help@ducat.app

Last updated on May 6th, 2026