BalakApp

Privacy Policy

Last updated: May 21, 2026

Quick summary: BalakApp is a mobile crypto portfolio tracking app. We collect only the minimum data needed for the app to work: your email to identify you, the tokens you choose to track, the public wallets you want to monitor, and your preferences. We do not sell your data to anyone. We do not use your information for advertising. You can delete your account at any time from Settings → Delete my account.

1. Who we are

BalakApp is a mobile crypto portfolio monitoring application. It is operated by an individual residing in Montevideo, Uruguay. We are not a registered company, an exchange, a money transmitter, a financial advisor, or a custodian of assets.

Privacy contact: balakapp.support@gmail.com

2. Information we collect

2.1 Data you provide directly

2.2 Automatic technical data

2.3 Device permissions

PermissionUsed forRequired
NotificationsSend you price alerts you configureNo, optional
CameraTake screenshots for "Import by photo"No, only if you use that feature
Gallery / PhotosChoose existing images for "Import by photo"No, only if you use that feature
Biometric (fingerprint / Face ID)Lock the app with your biometrics. Biometric data NEVER leaves your device: we only verify the result (correct/incorrect) provided by the operating system.No, optional from Settings
VibrationHaptic feedback when tapping buttonsYes, no consent required
Audio (playback)Play radio streams inside the app. We do not use the microphone.Yes, no consent required

2.4 What we do NOT collect

3. How we use the data

We use the data exclusively for the following purposes:

We do not sell your data to third parties. We do not use your information for advertising. We do not share your information with ad networks or data brokers.

4. Third-party services and data transfers

To work, BalakApp connects with several external services. Some connect directly from the app; others connect from our backend (Supabase Edge Functions). In all cases, data travels through encrypted channels (HTTPS/TLS).

4.1 Main backend

ServiceData sentPurpose
Supabase (Postgres + Auth + Edge Functions)Email, full portfolio, tracked wallets, alerts, preferences, push tokenMain backend: authentication, database, serverless function execution

4.2 Market data (prices and metrics)

ServiceData sentPurpose
CoinGeckoToken symbols (e.g. "BTC", "ETH"). Your identity is not sent.Current prices, token icons, market cap
CryptoCompareToken symbols. Your identity is not sent.Current and historical prices for charts
DexScreenerSymbols / contract addresses. Your identity is not sent.Prices of tokens listed on decentralized exchanges
Alternative.meNone (only queries the global Fear & Greed Index)Display the crypto market Fear & Greed Index

4.3 Blockchain data (reading public wallets)

When you add a public wallet to track, our backend queries the on-chain information at the block explorers corresponding to that wallet's network. Only the wallet's public address is sent, which is already public information on the blockchain. Your email or anything identifying you as the owner of that wallet is not sent.

Block explorers we query depending on the network: Etherscan (Ethereum), Arbiscan (Arbitrum), Basescan (Base), BSCScan (BNB Chain), FTMScan (Fantom), Optimistic Etherscan (Optimism), Polygonscan (Polygon), Snowtrace (Avalanche), Solscan (Solana), Suiscan (Sui), TON Scan (TON), zkSync Explorer (zkSync), Blockstream (Bitcoin), Zerion (multi-chain aggregator of DeFi positions).

4.4 Image processing ("Import by photo" feature)

This is the step-by-step flow when you use the feature:

  1. You choose an image from your gallery or capture one with the camera.
  2. The image is sent encrypted via HTTPS to our backend (Supabase Edge Function named balakapp-photo-import).
  3. Our backend forwards the image to the OpenAI API (vision model) so it extracts balance information.
  4. OpenAI responds with the extracted data. Our backend returns it to you.
  5. The image is not stored on our servers. Only the textual result is saved if you decide to import the tokens.
About OpenAI: According to OpenAI's API terms, images sent via API are not used to train their models. OpenAI may retain images for up to 30 days for abuse monitoring purposes, after which they are deleted. If you don't want your images to pass through OpenAI, simply don't use the "Import by photo" feature — you can add tokens manually with the "+" button.

4.5 Push notifications

ServiceData sentPurpose
Expo Push Notification Service (operated by Expo, Inc.)Device token, message content (e.g. "BTC reached your target price")Push notification delivery
Google Firebase Cloud Messaging (FCM)Token and message, received from ExpoFinal delivery to Android devices
Apple Push Notification Service (APNs)Token and message, received from ExpoFinal delivery to iOS devices (when available)

4.6 Sign in with Google (optional)

If you choose to sign in with Google, a standard OAuth 2.0 flow executes:

If you prefer not to use Google, you can sign in with magic link to your email.

4.7 Radio

BalakApp includes an optional feature to listen to online radio streams while you use the app. When you activate this feature:

BalakApp does not receive or store which station you listen to. The feature is completely optional and can be ignored without affecting the rest of the app.

5. Cookies and local storage

BalakApp is a mobile app, it does not use browser cookies. It does use local device storage (AsyncStorage) to save your preferences, a recent price cache, and the guest-mode flag. All of this information is deleted when you uninstall the app or when you execute "Delete my account" from Settings.

6. Security

No system is 100% secure. If you detect a vulnerability, write to us at balakapp.support@gmail.com.

7. Your rights

As a user, you have the right to:

If you reside in the European Union or United Kingdom (GDPR/UK-GDPR), you also have the right to file a complaint with your local data protection authority. If you reside in California (CCPA), we confirm that we do not sell your personal data.

8. Data retention

9. Delete your account

You can delete your account and all your data at any time. You have two ways:

More details on what exactly is deleted: Delete account page.

10. Minors

BalakApp is a financial tracking tool. It is not directed at minors under 18 years old and we do not knowingly collect information from minors. If you are a parent, guardian, or caregiver and discover that a minor in your care has created an account, write to us and we will delete it without delay.

11. Changes to this policy

If we update this policy significantly (e.g. we add a new type of data processing, a new major external service), we will notify you through two channels:

For minor changes (wording corrections, clarity improvements), we will only update the "Last updated" date above.

12. Jurisdiction and applicable law

This policy is governed by the laws of the Eastern Republic of Uruguay. Any dispute related to this policy or to the BalakApp service will be submitted to the competent courts of Montevideo, Uruguay.

If you reside in the European Union, United Kingdom, Brazil or other jurisdictions with local data protection laws (GDPR, UK-GDPR, LGPD, etc.), we respect the additional rights those laws grant you.

13. BalakApp is NOT

14. Contact

For any inquiry about this policy, to exercise your rights, or to report security or privacy issues, write to:

balakapp.support@gmail.com

We reply in Spanish, English, Portuguese, or French. Typical response time: 5 to 7 business days.