Back to Home

Privacy Policy

Effective Date: April 18, 2026

This Privacy Policy describes how Code Scrambler Productions, operated by Rózsa Zsombor Botond ev. (sole entrepreneur, Hungary) ("we," "us," or "our"), collects, uses, stores, and shares personal data when you use codescrambler.eu and the services available through it, including our blog and web apps such as CashCraft, SubSync, and TikZpen (collectively, the "Services").

This Policy also explains your rights under applicable privacy laws, including the GDPR and, where applicable, the CCPA/CPRA.

Who We Are

Data Controller: Code Scrambler Productions, operated by Rózsa Zsombor Botond ev.

Location: Csongrád-Csanád County, Hungary

Contact: support@codescrambler.eu

Scope of This Policy

This Policy applies to personal data processed when you:

  • browse our website;
  • create or use an account;
  • use interactive features such as blog comments, reactions, stars, and notifications;
  • subscribe to updates;
  • submit bug reports, feedback, or feature requests;
  • use our tools and choose to store data locally on your device or sync it to your account; or
  • install or use our Services as a Progressive Web App (PWA) or Trusted Web Activity (TWA).

Information We Collect

We collect information in the following categories.

### 1. Account and Identity Information

If you register or sign in, we may collect:

  • your email address;
  • your username or display name;
  • your authentication provider (for example, email/password or Google sign-in);
  • your Firebase user ID; and
  • basic account metadata required for authentication and account operation.

If you use Google sign-in, we receive account information made available through Google, such as your name and email address.

### 2. Information You Submit to Us

Depending on how you use the Services, you may provide:

  • blog comments and replies;
  • blog reactions and stars;
  • newsletter subscription requests;
  • bug reports, feature requests, support messages, and reply threads; and
  • other content you voluntarily submit through the Services.

Some of this information may be visible to other users if it is posted in a public feature, such as blog comments.

### 3. Tool Data You Create

Some of our tools let you create and manage your own data.

Examples include:

  • CashCraft: financial records you enter, such as accounts, balances, transactions, categories, budgets, settings, and sync state;
  • SubSync: subscription entries you create, such as service names, billing cycles, notes, logos, URLs, categories, and settings;
  • TikZpen: diagrams, editor preferences, export-related state, bug reports, and related support conversations; and
  • other preferences or content generated while using our tools.

This data may be stored only on your device, or it may be synced to your account if you choose to sign in and use cloud-backed features.

### 4. Device, Browser, and Local Storage Data

We use browser storage and similar technologies for functionality and preference management. This may include:

  • essential session and authentication state;
  • cookie consent choices;
  • language, theme, and display preferences;
  • PWA install and update state;
  • service worker caches for offline use;
  • locally stored app data for tools that support device-only storage;
  • cached currency exchange rates;
  • blog anti-spam and interaction state, such as anonymous stars or comment rate-limiting timestamps; and
  • in-browser persistence used by Firebase for offline/local cache behavior.

This information is typically stored in cookies, localStorage, sessionStorage, browser caches, or similar browser-managed storage.

### 5. Usage and Analytics Data

If you consent to analytics cookies where required, we use Metricool to collect usage information such as:

  • IP address;
  • browser and device information;
  • pages viewed and navigation behavior;
  • timestamps of visits; and
  • interactions with the Services.

### 6. Information Shared with Third Parties When Features Are Used

Some features trigger direct requests from your browser to third-party services. When that happens, those providers may receive technical information such as your IP address, user agent, and request metadata.

Examples include:

  • Google Firebase for authentication, database, and storage infrastructure;
  • Google when you choose Google sign-in;
  • Metricool when analytics tracking is enabled by consent;
  • open.er-api.com when live exchange rates are requested by tools such as CashCraft; and
  • DuckDuckGo's favicon service when SubSync loads brand icons from external domains.

Data Categories Relevant to CashCraft Android / Google Play

The CashCraft Android app package is a Trusted Web Activity wrapper around the same Service. From a data-protection perspective, it uses the same backend systems and substantially the same data flows as the website.

For clarity, the categories of data that may be processed through CashCraft include:

  • Personal information: email address, username, and account identifier, if you create and use an account;
  • Financial information you choose to enter: account names, balances, transaction descriptions, transaction amounts, budgets, categories, currencies, and related settings;
  • App activity and user content: support or feedback messages you submit and in-app interaction data needed to operate the Service; and
  • Technical data: device/browser context, local cache state, and service operation logs.

CashCraft is designed to support device-only local storage by default and optional cloud sync when you sign in and choose to sync. We do not require cloud sync for basic local use.

The Android wrapper currently declares notification permission at the package level for Trusted Web Activity notification delegation support. Our current web app code does not implement a push-notification enrollment flow. If notification-based features are enabled in the future, this Policy will continue to apply to that processing.

How We Use Your Information

We use personal data to:

  • create, authenticate, and manage user accounts;
  • provide website, blog, and tool functionality;
  • sync your tool data across devices when you use account-based sync;
  • save your preferences and maintain offline/PWA functionality;
  • operate blog comments, reactions, stars, and notifications;
  • process newsletter subscriptions and unsubscriptions;
  • receive, manage, and respond to feedback, bug reports, and support messages;
  • detect abuse, spam, fraud, unauthorized access, and policy violations;
  • monitor and improve performance, stability, and usability;
  • analyze usage trends where analytics consent has been provided; and
  • comply with legal obligations and enforce our legal rights.

We do not use the financial information you enter into CashCraft or SubSync for advertising, data brokerage, or sale to third parties.

Legal Bases for Processing (GDPR)

If the GDPR applies, we rely on the following legal bases:

  • Performance of a contract: to provide the Services you request, such as account access, optional cloud sync, comments, feedback threads, export tools, and support features.
  • Consent: for non-essential analytics cookies and, where applicable, newsletter subscriptions or similar optional communications.
  • Legitimate interests: to secure the Services, prevent abuse, debug issues, improve the Services, moderate user content, maintain service reliability, and defend legal claims.
  • Legal obligation: where processing is necessary to comply with applicable laws, lawful requests, accounting obligations, or regulatory requirements.

Where a feature is strictly optional and depends on your choice, such as choosing to sign in, choosing to sync local data to the cloud, or choosing to subscribe to updates, the corresponding processing occurs because you requested that functionality and, where required, gave consent.

Cookies, Local Storage, and Offline Features

We use a combination of cookies and browser storage technologies.

### Essential Technologies

These are used to:

  • keep you signed in;
  • remember core settings such as theme or language;
  • store app data locally when you use device-only mode;
  • support service worker caching and offline/PWA functionality; and
  • preserve feature state needed for security or core operation.

### Analytics Technologies

We load analytics technology from Metricool only after the relevant consent choice is recorded where required by law.

You can withdraw analytics consent at any time by changing your browser storage settings for this site or clearing the saved consent choice and making a new selection.

You can control cookies through your browser settings, but disabling essential technologies may cause parts of the Services not to work correctly.

Where Your Data Is Stored

Depending on the feature you use, your data may be stored:

  • on your device only, such as in localStorage, browser caches, or offline browser storage;
  • in Firebase/Google Cloud infrastructure, when account-based features, comments, notifications, newsletter subscriptions, or synced tool data are used; or
  • with limited third-party processors, where a feature depends on them.

If you use a local-only mode in one of our tools, the data may remain solely on your device until you delete it, clear your browser data, uninstall the relevant app context, or explicitly choose to sync or export it.

If you choose cloud sync in CashCraft or sign in to use synced SubSync storage, the relevant tool data is stored in Firebase-hosted databases associated with your account until you delete it, clear it in-app, or request account-related deletion, subject to routine backup and legal retention constraints.

How We Share Information

We do not sell your personal information.

We also do not share personal information for cross-context behavioral advertising.

We share information only in the following situations:

  • Service providers and infrastructure providers: such as Firebase/Google Cloud, for authentication, database, hosting, and related infrastructure.
  • Analytics provider: Metricool, if analytics tracking is enabled.
  • External feature providers: such as exchange-rate or favicon providers when those features are used.
  • Legal and compliance reasons: if disclosure is required by law, lawful request, court order, or to protect rights, safety, or the integrity of the Services.
  • Business transfers: if our business or assets are reorganized, sold, or transferred.
  • With your direction or consent: where you intentionally use a feature that involves third-party services.

Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this Policy, including to provide the Services, maintain records, resolve disputes, and comply with legal obligations.

In general:

  • account information is retained while your account remains active and for a reasonable period afterward as needed for legal, security, or operational reasons;
  • synced CashCraft and SubSync datasets are retained until you delete them in-app, replace them, request deletion, or we no longer need to keep them for legitimate legal or operational reasons;
  • blog comments, reactions, feedback threads, and support records may be retained until deleted, moderated, or no longer needed;
  • newsletter subscription records are retained until you unsubscribe or we discontinue the list;
  • analytics data retention is governed in part by the relevant provider's settings and policies; and
  • data stored locally on your device remains there until you delete it, clear browser storage, uninstall the app context, or overwrite it.

Residual copies may continue to exist for a limited period in system backups, caches, or logs before they are overwritten or deleted in the ordinary course.

International Data Transfers

We are based in Hungary, but some of our providers operate internationally. Your data may be processed in countries outside your country of residence, including the United States.

Where required, we rely on appropriate safeguards for international transfers, such as contractual protections or other lawful transfer mechanisms recognized under applicable law.

Security

We use reasonable technical and organizational measures to protect personal data, including HTTPS, access controls, and provider-level security features offered through our infrastructure.

No system is completely secure. We cannot guarantee absolute security, and you should also protect your account credentials and devices.

Because some Services are local-first and offline-capable, the security of locally stored data also depends on the security of your own browser profile, device, and operating system.

Your Privacy Rights

Depending on your location, you may have the right to:

  • request access to personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion of your data;
  • request restriction of processing;
  • object to certain processing;
  • receive a portable copy of certain data; and
  • withdraw consent where processing is based on consent.

To exercise these rights, contact us at support@codescrambler.eu.

If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority. If you are in Hungary, this is generally the Nemzeti Adatvedelmi es Informacioszabadsag Hatosag (NAIH).

### California Privacy Rights

If you are a California resident, you may have rights to know, access, correct, and delete certain personal information we collect about you, subject to applicable exceptions. We do not sell personal information and do not share personal information for cross-context behavioral advertising as described by the CPRA.

Data We Do Not Intend to Collect Through Current Service Features

Our current Service features are not designed to request or process the following categories through our own application flows:

  • precise location;
  • contacts or address book data;
  • call logs or SMS data;
  • health or fitness data;
  • biometric identifiers; or
  • advertising identifiers for ad targeting.

This statement describes our own Service design and code paths. It does not replace the privacy terms of device vendors, browser vendors, or third-party providers that may process technical data independently in order to deliver their infrastructure.

Children's Privacy

Our Services are not directed to children. Users must be at least 16 years old to create an account or use account-based features. We do not knowingly collect personal data from children in violation of applicable law. If you believe a child has provided us personal data unlawfully, contact us and we will review the request.

Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised version on this page and update the effective date. If the changes are material, we may provide additional notice where appropriate.

Contact Us

If you have questions, requests, or privacy concerns, contact:

Code Scrambler Productions operated by Rózsa Zsombor Botond ev. Csongrád-Csanád County, Hungary support@codescrambler.eu