GDPR Compliance Statement
Effective Date: March 21, 2026
Doekoe - Budget & Expense Tracker
Data Controller: 6tSevn BV
Effective Date: March 21, 2026
Last Updated: March 21, 2026
1. Our Commitment
6tSevn BV is committed to protecting the privacy and personal data of all users of the Doekoe app, in full compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable national data protection laws. This statement explains how we uphold the principles and rights established by the GDPR.
2. Data Controller
Under the GDPR, the data controller is the entity that determines the purposes and means of processing personal data. For the Doekoe app:
Data Controller: 6tSevn BV
Email: privacy@6tsevn.com
Website: https://6tsevn.com
In practice, 6tSevn BV does not process any personal data from Doekoe users. All data remains under the sole control of the user on their own device.
3. What Personal Data Is Processed
Doekoe stores financial and preference data that the user enters. This data is processed exclusively on the user's device and is never transmitted to 6tSevn BV or any third party.
Data categories stored locally on-device:
| Category | Examples | Legal Basis |
|---|---|---|
| Financial data | Expense amounts, income amounts, budget settings | Performance of contract (Art. 6(1)(b)) |
| Descriptive data | Expense descriptions, category names, savings goal names | Performance of contract (Art. 6(1)(b)) |
| Preference data | Language, currency, dark mode, notification settings | Legitimate interest (Art. 6(1)(f)) |
| Receipt images | Photos attached to expenses | Consent (Art. 6(1)(a)) — user initiates |
| Biometric reference | Face ID / Touch ID authentication | Consent (Art. 6(1)(a)) — user opts in |
Data NOT collected by 6tSevn BV:
- Names, email addresses, or contact details
- Device identifiers or advertising identifiers (IDFA)
- Location data
- Usage analytics or telemetry
- IP addresses
- Cookies or browser data
- Payment or credit card information
4. Data Processing — Where and How
4.1 On-Device Processing (Default)
All data entered into Doekoe is stored locally on the user's device using Apple's SwiftData framework. The data resides in an encrypted, sandboxed container that no other application can access. 6tSevn BV has no access to this data.
4.2 iCloud Sync (Optional — User Consent Required)
Users who subscribe to Doekoe Pro may optionally enable iCloud synchronization. When enabled:
- Data is synced via Apple's CloudKit framework to the user's personal iCloud account.
- Apple acts as a data processor under its own GDPR-compliant terms. See: Apple's Data Processing Agreement.
- 6tSevn BV has no access to data stored in the user's iCloud account.
- The user can disable iCloud sync at any time, at which point data remains only on-device.
- No data is transferred to servers owned or operated by 6tSevn BV.
4.3 In-App Purchases
Doekoe Pro subscriptions are processed entirely by Apple via StoreKit 2. 6tSevn BV does not receive, store, or process any payment information. Apple's payment processing is GDPR-compliant and governed by Apple's own privacy policy and data processing agreement.
4.4 Local Notifications
Budget alerts and bill reminders are generated and delivered entirely on the user's device. No notification data is transmitted to any external server. The user must grant explicit permission before notifications are enabled.
5. Third-Party Data Sharing
6tSevn BV does not share any personal data with third parties. The Doekoe app:
- Contains no analytics SDKs (no Firebase, Amplitude, Mixpanel, or similar)
- Contains no advertising networks or trackers
- Contains no crash reporting services (no Crashlytics, Sentry, or similar)
- Uses no third-party libraries — only Apple's native frameworks
- Makes no network requests to external servers (other than Apple's iCloud and App Store infrastructure when the user opts in)
Apple frameworks used:
| Framework | Purpose | Data Handling |
|---|---|---|
| SwiftData | Local storage | On-device only |
| CloudKit | iCloud sync | User's iCloud (optional) |
| StoreKit 2 | Subscriptions | Apple processes payments |
| PhotosUI | Receipt photos | On-device only |
| UserNotifications | Local alerts | On-device only |
| LocalAuthentication | Biometric lock | Secure Enclave (Apple hardware) |
| Charts | Data visualization | On-device rendering only |
6. Data Transfers Outside the EEA
6tSevn BV does not transfer any personal data outside the European Economic Area. If a user enables iCloud sync, Apple may process data in accordance with its own data transfer mechanisms and Standard Contractual Clauses. This is governed by Apple's privacy policy and is outside the control of 6tSevn BV.
7. Data Retention
Since 6tSevn BV does not collect or store any user data, there is no data retention policy on our end. The user retains full control over their data:
- Data persists on-device for as long as the app is installed.
- The user can delete individual entries at any time within the app.
- The user can clear all data using the "Clear All Data" option in settings.
- Uninstalling the app permanently removes all local data.
- iCloud data can be managed through the user's Apple device settings.
8. Your Rights Under the GDPR
As a data subject under the GDPR, you have the following rights. Because Doekoe is designed as a local-first application and 6tSevn BV holds no personal data, these rights are inherently fulfilled:
| Right | GDPR Article | How It Is Fulfilled |
|---|---|---|
| Right of access | Art. 15 | All your data is visible and accessible directly within the app at all times. |
| Right to rectification | Art. 16 | You can edit any entry (expenses, income, categories, goals) directly in the app. |
| Right to erasure ("right to be forgotten") | Art. 17 | You can delete individual entries or use "Clear All Data" to erase everything. Uninstalling the app removes all data. |
| Right to restriction of processing | Art. 18 | No processing occurs by 6tSevn BV. You control all processing on your device. |
| Right to data portability | Art. 20 | Doekoe Pro provides PDF and CSV export of your financial data, which you can transfer to any service. |
| Right to object | Art. 21 | No profiling, automated decision-making, or direct marketing is performed. |
| Right to withdraw consent | Art. 7(3) | You can disable iCloud sync, notifications, biometric lock, or Photo Library access at any time in the app's settings or your device settings. |
9. Data Protection by Design and by Default (Art. 25)
Doekoe is built according to the GDPR principles of data protection by design and by default:
- Data minimization: The app only stores data that the user explicitly enters. No metadata, device information, or behavioral data is collected.
- Purpose limitation: Data entered is used solely for the app's budgeting functionality and is never repurposed.
- Storage limitation: Data exists only as long as the user chooses to keep it. No automatic retention occurs.
- Integrity and confidentiality: Data is stored in an encrypted, sandboxed container on-device. Optional iCloud sync uses Apple's encrypted infrastructure. Biometric authentication uses Apple's Secure Enclave hardware.
- Privacy by default: The strictest privacy settings are active by default. iCloud sync is off by default. Notifications are off by default. Biometric lock is off by default.
10. Data Protection Impact Assessment (DPIA)
Given that 6tSevn BV does not collect, process, or store any personal data from Doekoe users, a formal DPIA under Article 35 GDPR is not required. The risk to data subjects is minimal as:
- No personal data leaves the user's device (unless the user opts into iCloud sync with Apple).
- No profiling or automated decision-making takes place.
- No special categories of personal data (Art. 9) are processed by 6tSevn BV.
- No large-scale data processing occurs on the part of 6tSevn BV.
11. Biometric Data (Art. 9 — Special Categories)
Doekoe offers an optional Face ID / Touch ID lock. This feature:
- Is entirely optional and disabled by default.
- Uses Apple's LocalAuthentication framework, which processes biometric data within the device's Secure Enclave hardware.
- 6tSevn BV never receives, processes, or stores biometric data. The biometric check is performed by the operating system, and only a success/failure result is returned to the app.
- Users can enable or disable this feature at any time.
12. Children's Data (Art. 8)
Doekoe is rated 4+ on the App Store and contains no objectionable content. The app does not knowingly collect personal data from children. Since no personal data is transmitted to 6tSevn BV, no specific parental consent mechanism is required under Article 8 GDPR.
13. Security Measures (Art. 32)
Although 6tSevn BV does not process personal data from Doekoe users, the app implements the following technical security measures to protect user data on-device:
- Encryption at rest: SwiftData stores data in an encrypted SQLite database within the app's sandboxed container, protected by iOS Data Protection.
- Biometric authentication: Optional Face ID / Touch ID lock prevents unauthorized access to the app.
- Secure Enclave: Biometric data is processed exclusively within Apple's hardware-level Secure Enclave.
- iCloud encryption: When iCloud sync is enabled, data is encrypted in transit and at rest using Apple's CloudKit encryption.
- No external attack surface: The app makes no network requests to servers operated by 6tSevn BV, eliminating the risk of server-side data breaches.
14. Breach Notification (Art. 33 & 34)
Since 6tSevn BV does not collect, store, or process personal data from Doekoe users, a data breach at 6tSevn BV cannot expose Doekoe user data. In the unlikely event of a breach affecting the app's security (e.g., a vulnerability in the app code), we will:
- Investigate and address the vulnerability promptly.
- Release an app update with a fix.
- Notify users through the App Store update notes.
- If the breach could affect data processed by Apple (iCloud sync), Apple's own breach notification procedures apply.
15. Changes to This Statement
6tSevn BV reserves the right to update this GDPR Compliance Statement. Any material changes will be published on our website with an updated "Last Updated" date. We encourage users to review this statement periodically.
16. Contact & Complaints
If you have questions about this GDPR Compliance Statement or wish to exercise your data protection rights, please contact us:
6tSevn BV
Email: privacy@6tsevn.com
Website: https://6tsevn.com
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection supervisory authority. For users in the Netherlands, this is:
Autoriteit Persoonsgegevens (Dutch Data Protection Authority)
Website: https://autoriteitpersoonsgegevens.nl
Phone: +31 (0)70 888 85 00
This GDPR Compliance Statement applies to the Doekoe app (version 1.0.0 and later) available on the Apple App Store, developed and published by 6tSevn BV.