Last updated: February 21, 2026
Loonie is an expense-sharing application operated by Cole MacKenzie ("I", "me", or "my"). This policy describes what personal data I collect, how I use it, and your rights.
When you sign in with Google, I receive your name, email address, and a unique identifier from Google (the "sub" claim). This data is stored in Loonie's database to identify your account.
As you use Loonie, I store:
Expenses: description, amount, currency, date, and split details
Settlement records between you and friends
Friend relationships (pending and accepted)
Your preferred default currency
An activity log of expense and settlement events
A session cookie (__session) is stored in your browser for up to 7 days to keep you signed in. It is HMAC-signed and scoped to this application. No third-party tracking cookies are used.
I send transactional emails — expense notifications and daily summaries — via Resend. These include your name, email address, and expense details relevant to you.
Your data is used solely to operate Loonie:
Authenticate your identity
Display your expenses, balances, and friends
Compute what you owe or are owed
Send you expense notifications
I do not sell your data, use it for advertising, or share it with third parties except as described below.
The following services process your data as part of operating Loonie:
| Service | Purpose | Data shared |
|---|---|---|
| Google OAuth | Authentication | You authenticate directly with Google; I receive your name, email, and Google ID |
| Cloudflare | App hosting and runtime | All app traffic passes through Cloudflare's network |
| PlanetScale | Database storage | All app data, stored with full disk encryption |
| Resend | Transactional email | Your name, email, and relevant expense details |
I retain your data for as long as your account is active. You may request deletion at any time by emailing privacy@loonie.app. Upon request, I will delete your account and associated personal data.
If you are located in the EU or EEA, you have the following rights under the GDPR:
Access — Request a copy of your personal data
Correction — Request correction of inaccurate data
Deletion — Request erasure of your data ("right to be forgotten")
Portability — Receive your data in a portable format
Objection — Object to processing of your personal data
To exercise these rights, email privacy@loonie.app.
If you are a California resident, you have the following rights under the CCPA:
Know — Request disclosure of what personal information is collected about you
Delete — Request deletion of your personal information
Opt-out of sale — I do not sell personal information
Non-discrimination — I will not discriminate against you for exercising your rights
To exercise these rights, email privacy@loonie.app.
All data is stored in an encrypted database with full disk encryption. Session cookies are HMAC-signed and scoped to this application. All communications are encrypted in transit via HTTPS.
Loonie is not directed at children under 13. I do not knowingly collect personal data from children. If you believe a child's data has been collected, please contact me at privacy@loonie.app.
If I make material changes to this policy, I will update the "Last updated" date at the top. Continued use of Loonie after changes constitutes acceptance of the updated policy.
For privacy questions, data requests, or concerns, email privacy@loonie.app.