Quick summary: BalakApp is a mobile crypto portfolio tracking app. We collect only the minimum data needed for the app to work: your email to identify you, the tokens you choose to track, the public wallets you want to monitor, and your preferences. We do not sell your data to anyone. We do not use your information for advertising. You can delete your account at any time from Settings → Delete my account.
1. Who we are
BalakApp is a mobile crypto portfolio monitoring application. It is operated by an individual residing in Montevideo, Uruguay. We are not a registered company, an exchange, a money transmitter, a financial advisor, or a custodian of assets.
Privacy contact: balakapp.support@gmail.com
2. Information we collect
2.1 Data you provide directly
- Email: when you create an account. It is the only identifier we use for your session.
- Google account (optional): if you choose to sign in with Google instead of magic link, we receive your email and your public Google name. We do not receive your password, contacts, calendars, or any other data from your Google account.
- Portfolio: tokens you add manually, their quantities, average purchase price, optional notes, configured alerts, sets (groupings) of tokens, price targets, and staking data (staked amount and APY if you provide it).
- Public wallets: public blockchain wallet addresses that you choose to track. We never ask for private keys, seed phrases, or anything that allows signing transactions. Only public addresses, the same that anyone can view on a block explorer.
- Images: if you use the "Import by photo" feature, the image you upload is sent to our backend for processing. See section 4.4 for the detailed flow.
- Preferences: language, display currency, theme (light/dark), notification settings, biometric settings, favorite radio station.
2.2 Automatic technical data
- Push notification token: anonymous device identifier issued by Expo, needed to deliver price alerts if you enable them. It does not identify your hardware or allow tracking you outside the app.
- Platform and device model: collected by the Supabase authentication library to manage your session and prevent fraudulent use (e.g. detect simultaneous logins on many devices).
- Historical portfolio snapshots: once per day we save your portfolio total value to show you historical charts and a monthly recap. These snapshots are aggregated and private to your account.
2.3 Device permissions
| Permission | Used for | Required |
| Notifications | Send you price alerts you configure | No, optional |
| Camera | Take screenshots for "Import by photo" | No, only if you use that feature |
| Gallery / Photos | Choose existing images for "Import by photo" | No, only if you use that feature |
| Biometric (fingerprint / Face ID) | Lock the app with your biometrics. Biometric data NEVER leaves your device: we only verify the result (correct/incorrect) provided by the operating system. | No, optional from Settings |
| Vibration | Haptic feedback when tapping buttons | Yes, no consent required |
| Audio (playback) | Play radio streams inside the app. We do not use the microphone. | Yes, no consent required |
2.4 What we do NOT collect
- Passwords (login is by one-time code sent to your email, or via Google OAuth).
- Your geographic location (GPS).
- Your contacts, address book, calls, or SMS.
- Your browsing history outside the app.
- Banking data, credit card numbers, or traditional financial accounts.
- Private keys, seed phrases, wallet passwords, or anything that allows controlling your funds. We never ask for them.
- Your personal files outside of images you choose to upload to "Import by photo".
- Microphone data: although the app plays audio (radio), it has no recording capability.
3. How we use the data
We use the data exclusively for the following purposes:
- Identify you and allow you to sign in.
- Sync your portfolio across the devices where you have the app installed with your account.
- Show you updated prices for the tokens you track.
- Calculate the total value and performance of your portfolio.
- Send you push alerts when conditions you configured are met (target price, 24-hour percentage change, total portfolio percentage change, set percentage change).
- Process images you upload to "Import by photo" to extract balance information.
- Show historical and monthly recap of your portfolio value.
- Diagnose technical errors to improve app stability.
- Process your account deletion request if you submit one.
We do not sell your data to third parties. We do not use your information for advertising. We do not share your information with ad networks or data brokers.
4. Third-party services and data transfers
To work, BalakApp connects with several external services. Some connect directly from the app; others connect from our backend (Supabase Edge Functions). In all cases, data travels through encrypted channels (HTTPS/TLS).
4.1 Main backend
| Service | Data sent | Purpose |
| Supabase (Postgres + Auth + Edge Functions) | Email, full portfolio, tracked wallets, alerts, preferences, push token | Main backend: authentication, database, serverless function execution |
4.2 Market data (prices and metrics)
| Service | Data sent | Purpose |
| CoinGecko | Token symbols (e.g. "BTC", "ETH"). Your identity is not sent. | Current prices, token icons, market cap |
| CryptoCompare | Token symbols. Your identity is not sent. | Current and historical prices for charts |
| DexScreener | Symbols / contract addresses. Your identity is not sent. | Prices of tokens listed on decentralized exchanges |
| Alternative.me | None (only queries the global Fear & Greed Index) | Display the crypto market Fear & Greed Index |
4.3 Blockchain data (reading public wallets)
When you add a public wallet to track, our backend queries the on-chain information at the block explorers corresponding to that wallet's network. Only the wallet's public address is sent, which is already public information on the blockchain. Your email or anything identifying you as the owner of that wallet is not sent.
Block explorers we query depending on the network: Etherscan (Ethereum), Arbiscan (Arbitrum), Basescan (Base), BSCScan (BNB Chain), FTMScan (Fantom), Optimistic Etherscan (Optimism), Polygonscan (Polygon), Snowtrace (Avalanche), Solscan (Solana), Suiscan (Sui), TON Scan (TON), zkSync Explorer (zkSync), Blockstream (Bitcoin), Zerion (multi-chain aggregator of DeFi positions).
4.4 Image processing ("Import by photo" feature)
This is the step-by-step flow when you use the feature:
- You choose an image from your gallery or capture one with the camera.
- The image is sent encrypted via HTTPS to our backend (Supabase Edge Function named
balakapp-photo-import).
- Our backend forwards the image to the OpenAI API (vision model) so it extracts balance information.
- OpenAI responds with the extracted data. Our backend returns it to you.
- The image is not stored on our servers. Only the textual result is saved if you decide to import the tokens.
About OpenAI: According to OpenAI's API terms, images sent via API are not used to train their models. OpenAI may retain images for up to 30 days for abuse monitoring purposes, after which they are deleted. If you don't want your images to pass through OpenAI, simply don't use the "Import by photo" feature — you can add tokens manually with the "+" button.
4.5 Push notifications
| Service | Data sent | Purpose |
| Expo Push Notification Service (operated by Expo, Inc.) | Device token, message content (e.g. "BTC reached your target price") | Push notification delivery |
| Google Firebase Cloud Messaging (FCM) | Token and message, received from Expo | Final delivery to Android devices |
| Apple Push Notification Service (APNs) | Token and message, received from Expo | Final delivery to iOS devices (when available) |
4.6 Sign in with Google (optional)
If you choose to sign in with Google, a standard OAuth 2.0 flow executes:
- Your browser opens and takes you to Google's server to confirm access.
- Google returns only your email and public name. We do not receive your password.
- This data reaches Supabase, which creates (or reuses) your account in our database.
If you prefer not to use Google, you can sign in with magic link to your email.
4.7 Radio
BalakApp includes an optional feature to listen to online radio streams while you use the app. When you activate this feature:
- We query the public API radio-browser.info to get the list of available stations. Your identity is not sent.
- When you select a station, your device connects directly to that station's streaming server (operated by third parties independent of BalakApp). The streaming server may log your IP address, just like if you opened the station in a browser.
BalakApp does not receive or store which station you listen to. The feature is completely optional and can be ignored without affecting the rest of the app.
5. Cookies and local storage
BalakApp is a mobile app, it does not use browser cookies. It does use local device storage (AsyncStorage) to save your preferences, a recent price cache, and the guest-mode flag. All of this information is deleted when you uninstall the app or when you execute "Delete my account" from Settings.
6. Security
- All communications between the app and our services use HTTPS/TLS encryption.
- The backend (Supabase) uses Row Level Security: at the database level, each user can only access their own data.
- Authentication tokens are managed by Supabase Auth, based on industry-standard JWT.
- We do not store passwords at any time.
- The biometric lock (optional) verifies your identity locally through the operating system; biometric data never leaves the device.
No system is 100% secure. If you detect a vulnerability, write to us at balakapp.support@gmail.com.
7. Your rights
As a user, you have the right to:
- Access the data we hold about you. Write to us and we will send you a readable export.
- Correct inaccurate data. You can edit directly in the app or ask us for help by email.
- Delete your account and all associated data (see section 9).
- Portability: request a structured export to take to another service.
- Object to the processing of your data. In practice, without this data we cannot provide the service; the option is to delete the account.
- Withdraw your consent to process your data at any time (this is equivalent to deleting your account).
If you reside in the European Union or United Kingdom (GDPR/UK-GDPR), you also have the right to file a complaint with your local data protection authority. If you reside in California (CCPA), we confirm that we do not sell your personal data.
8. Data retention
- While your account is active, your data is kept.
- When you delete your account, data is immediately erased from the main database.
- Automatic Supabase technical backups may retain a copy for up to 30 days, after which they are automatically and definitively deleted.
- Images processed by OpenAI follow their retention policy (up to 30 days for abuse monitoring, then deleted).
- Anonymous technical logs (without personal identifiers) may be retained for up to 90 days for diagnostic purposes.
9. Delete your account
You can delete your account and all your data at any time. You have two ways:
- From the app: Settings → Delete my account. We ask you to confirm your email and the account is deleted immediately and permanently.
- By email: write to balakapp.support@gmail.com from the email account you used to register. We process it manually within 7 business days.
More details on what exactly is deleted: Delete account page.
10. Minors
BalakApp is a financial tracking tool. It is not directed at minors under 18 years old and we do not knowingly collect information from minors. If you are a parent, guardian, or caregiver and discover that a minor in your care has created an account, write to us and we will delete it without delay.
11. Changes to this policy
If we update this policy significantly (e.g. we add a new type of data processing, a new major external service), we will notify you through two channels:
- An in-app notification the next time you open it.
- An email to the address you used to register.
For minor changes (wording corrections, clarity improvements), we will only update the "Last updated" date above.
12. Jurisdiction and applicable law
This policy is governed by the laws of the Eastern Republic of Uruguay. Any dispute related to this policy or to the BalakApp service will be submitted to the competent courts of Montevideo, Uruguay.
If you reside in the European Union, United Kingdom, Brazil or other jurisdictions with local data protection laws (GDPR, UK-GDPR, LGPD, etc.), we respect the additional rights those laws grant you.
13. BalakApp is NOT
- An exchange or money exchange: you cannot buy or sell cryptocurrencies from the app.
- A custodial wallet: we do not hold your cryptocurrencies. We have no access to your funds.
- A financial advisor: prices and charts are informational. We do not issue investment recommendations.
- A banking service: we have no financial licenses nor do we need them for the type of service we offer (tracking only, no money movement).
14. Contact
For any inquiry about this policy, to exercise your rights, or to report security or privacy issues, write to:
balakapp.support@gmail.com
We reply in Spanish, English, Portuguese, or French. Typical response time: 5 to 7 business days.