Free Expense Tracker for Web and Mobile

Gougou is the best way to know where your money is going

Credit card

Privacy Policy

Effective: November 30, 2021

Our Privacy Policy which, along with the Terms of Service, constitutes the Agreement between the User (also referred to as “You”, “your”) and 路斯德有限公司 No. 45, Lane 59, Section 2, Zhongshan North Road, Zhongshan Dist. Taipei City, Taiwan (R.O.C.), 104 ID 83267784 hereinafter referred to as “Company”. Please review it as this acceptance of the Agreement constitutes a necessary condition to use our service. This Privacy Policy describes how the Company processes, collects, and uses the personal information (including Personal Data) You provide via our Website or as the outcome of direct contact with us via any accessible means.

By accessing, using, viewing, or interacting in any other way with our Service or communicating with us via all available communication channels you agree to the processing as described in this Privacy Policy.

All capitalized terms used but not defined herein shall have the respective meanings given to them in the Terms of Service.

All definitions, such as "Personal Data", "processing", "Data Controller", "Data Processor", used in this Privacy Policy shall have the meaning as set forth by the GDPR and other applicable data protection laws.

1. General Statement

  • The Controller of personal data collected via Website or as the outcome of communication with us is 路斯德有限公司 No. 45, Lane 59, Section 2, Zhongshan North Road, Zhongshan Dist. Taipei City, 104 ID 83267784. You can contact us via email
  • Personal data collected by the Controller are processed in accordance with applicable laws, in particular in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as "GDPR" or "GDPR Regulation".
  • The use of the Service is voluntary. Similarly, providing personal data by the User is voluntary, but it may be a necessary condition if any of the following situations occur:
    • use of the Service as provided by the Controller via
    • the Controller's statutory obligation - providing the personal data is a legal requirement stemming from generally applicable laws that impose an obligation to process personal data on the Controller (e.g. processing of data for the purpose of keeping tax or accounting books), and failing to provide such data will prevent the Controller from performing those obligations.
  • The Controller shall take special care to protect the interests of the persons whose personal data it processes, and in particular shall be responsible for and ensure that the data it collects are:
    • processed lawfully;
    • collected for specified, legitimate purposes and not further processed in a way incompatible with those purposes;
    • are substantively correct and adequate to the purposes for which they are processed;
    • kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purpose of the processing; and
    • processed in a manner ensuring adequate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by means of appropriate technical or organizational measures.
  • Having regard to the nature, scope, context, and purposes of the processing and the risk of violation of the rights or freedoms of natural persons of varying probability and gravity, the Controller shall implement appropriate technical and organizational measures to ensure that the processing is carried out in accordance with this Regulation and to be able to demonstrate it. The Controller shall apply technical measures to prevent the acquisition and modification by unauthorized persons, of personal data transmitted electronically.

2. What data do we collect?

  • The Company may collect two categories of data:
    • Personal Data including but not limited to name, last name, an email address;
    • Non-Personal Data such as browser type, the web page visited before or after You came to Our Website, information You search for on the Website and interactions with the Service including data collected via cookie files.
  • If You wish to remain anonymous during our Website access, use Incognito mode in Your browser. Please be aware that using some features of our Service will require sharing your personal data with us.
  • If you communicate with us regarding our Service by social media, contact forms, email, or any other medium, we collect the content of your messages. You shall further agree to such content collection as the necessary condition to facilitate the communication.

3. What is our purpose, legal basis, retention of personal data, and scope of processing of personal data in case of data that the Company collects?

  • The Company is hereby entitled to process personal data for the following purposes, on the following grounds, during the following periods and to the following extent as described below:
    • Delivery of Service: The Company may process your personal data to provide you the Service that is available via the Website. By accessing and/or using the Service you agree to such processing. The data shall be stored for the period necessary to execute, terminate, or otherwise expire the concluded Agreement. The scope of data processing is as follows: first and last name; e-mail address. The purposes of the necessary data processing, therefore, depend on the scope of interaction between the User and Company, including:
      • the provision of messages, newsletters, and other direct communication, insofar as these are an integral component of our contractual Service or the services requested by you.
      • The guarantee of the general security, operability, and stability of our service including defense from attacks. Non-promotional communication with you on technical, security-related, and contractually relevant subjects (e.g. fraud warnings or account blocking).
    • Marketing purposes. The legal basis for processing data for this purpose is Article 6(1)(a) of the GDPR Regulation (consent). The data are stored until the data subject withdraws consent to further processing of their data for this purpose. Scope of data processing: first name, e-mail address.
    • Direct marketing. The legal basis for data processing for this purpose is Article 6(1)(f) of the GDPR Regulation (legitimate interest of the Controller). The data shall be stored for the period of existence of the legally justified interest pursued by the Controller, however, no longer than the below-included limitation: period for claims related to business activities in three years. Scope of data processing: first name, e-mail address.

4. With whom we will share your data?

To ensure that the Service delivered by the Company is of the highest quality, we work with trusted third parties – Sub-processors. They assist us in operating our Website and providing the Service. You can find the list of Sub-processors below, please be aware that this list supplements our Privacy Policy and aims to keep full transparency towards our Users’ data processing. Please be sure we cooperate only with entities we have verified previously and who we trust.

Each time when we transfer the Personal Data to any Sub-processor we transfer only the necessary minimum part of data. We also enter into data processing agreements with the Sub-processor if required. Such agreement guarantees at least the same level of Personal Data protection and standards that we offer to our Users. Please be aware that due to our servers location as well as Company registration address the part of Personal Data shall be transferred outside the EEA. Once personal data are being transferred, we always apply adequate safeguards and security measures to ensure data consistency and safety. The Company uses the following Subprocessors to deliver the Service:

  • Hosting provider - AWS, servers location: Tokyo.
  • Analytics and storage - Google products including Google Tag Manager and Google Analytics.
  • Sendgrid - service enabling email sending to Service Users by the Company.
  • Protonmail - service used to provide a mailing inbox used by the Company to communicate with Users.

5. Can you change/update/remove your personal data?

You, as a data subject, have the right to request actions on your personal data as well as information about such data processing. Data Subject has the right to access its Personal Data, its rectification, deletion, limitation of processing, transferring, demanding for temporary or permanent suspension of their processing. By accepting this Agreement You also agree on Your Personal Data transfer to other entities whose services we used while providing the Service and running the Website. Such change is available either by directly entering it to the adequate fields in the Service or via change implemented by us directly on your Account in case of credentials with no availability to edit directly from the Service. If You wish to correct data not available via the Service application interface please let us know via

Furthermore, you can partially delete and modify Your data (including Personal Data) in the Service. If You wish to have Personal Data removed please contact us at

In some cases, the Data Controller reserves its right to anonymize personal data in an alternate form of removal.

6. Is it possible that my personal data will be sold/disclosed in another manner not related to the purpose of this Service?

We do not sell, trade, or otherwise transfer to third parties your Personal Data. This does not include trusted third parties (sub-processors) who assist us in operating our Website and Service, as long as those third parties are obliged to process such Personal Data in the same way we are obliged to process it. You will find the list of those companies along with the details of what data they process, and the processing purpose, in section 4 titled “With whom we will share your personal data”.

7. Data retention period - what it is and how you manage it?

We’re dedicated to limiting data processing when it comes to time scope. The data retention period is defined for how long your data will be stored on our servers and other systems that are used to deliver the Service. Hereby we declare that we will not retain your data for a period longer than necessary to deliver to you the Service unless otherwise required by law. We also reserve our right to store personal data for the period exceeding the time of Service delivery to secure further claims against us. In such cases, processing shall be limited to the minimum and assignment with marginal processing scope.

8. Security Measures

We as a Company deeply care about our User’s data security. We realize it is essential to earn your trust, that is why we have implemented a group of security measures to address the risk of data processing. Some of the example measures implemented by the Company are listed below:

  • Measures of pseudonymization and encryption of personal data - we’re dedicated to providing pseudonymization and encryption for personal data whenever such measure is possible and justified.
  • Measures for ensuring ongoing confidentiality, integrity, availability, and resilience of processing systems and services.
  • Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
  • Measures for user identification and authorization.
  • Measures for the protection of data during transmission and measures for the protection of data during storage.
  • Measures for ensuring data quality.
  • Measures for ensuring limited data retention.
  • Measures for ensuring accountability.
  • Measures for allowing data portability and ensuring erasure.

Furthermore, the Company has implemented several organizational measures to ensure data processing safety.

9. Children’s Personal Data and special categories of Personal Data processing including sensitive data.

We are dedicated to complying with the GDPR and other applicable data protection laws and we do not knowingly process (and the User shall not submit) any Personal Data from anyone under 16 years of age. Our Website and Service are dedicated to users who are at least 16 years old. Furthermore, the Company does not knowingly collect (User shall not submit) any special categories of Personal Data (as defined under the GDPR) including sensitive data.

10. Cookies - how do we manage this.

The Company and its third-party partners, such as advertising and analytics processors, use various technologies to collect information, such as cookies and web beacons. Some information about You, including Personal Data can be collected via browser cookies and processed by us or by third-party cookie providers. Whenever You interact with our Website and/or Service, we automatically receive and record information on our server logs from your browser including your IP address, “Cookie” information, and the page you requested. Please be aware that actions that are performed via Cookies may be necessary to deliver our service nevertheless if you wish to resign from cookies please use incognito mode in your browser. Please be aware that we may not ensure full functionality of all Service and Website elements with no cookies available.

11. Do you profile personal data?

We declare that no automated decisions will be taken based on profiling. We also state that we do not profile personal data.

What are you waiting for?

Start saving money now