Privacy Policy

Effective date: March 13, 2026

Kasso ("we", "our", or "us") is an AI-powered expense tracker designed with privacy at its core. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

Key principle: All your financial data (transactions, budgets, categories, merchant names) stays on your device, encrypted with AES-256 via SQLCipher. Our servers never see, store, or process your financial information.

1. Information We Collect

Data stored on your device only (never sent to our servers):

• Transactions (amounts, merchants, categories, notes, dates)
• Budgets and spending goals
• Custom categories
• Chat history with the AI assistant
• Receipt images (processed locally or via secure AI proxy)

Data we collect on our servers:

• Email address — if you choose to sign in (for authentication and account recovery)
• Subscription status — plan type (Free/Pro), billing period (managed by Apple/Google)
• Aggregated usage statistics — number of AI requests, transaction count (no amounts or details)
• Device identifier — anonymous UUID for device authentication and push notifications
• Crash reports — technical error data with no financial information (via Sentry/GlitchTip)
• Anonymous analytics events — app opens, feature usage (via PostHog, hashed device ID)

2. How We Use Your Information

• AI processing: When you send a message to the AI assistant, we proxy the request to our AI provider (Anthropic/OpenRouter). The request contains your message and minimal context (recent category names, no amounts). We do not store the content of AI conversations on our servers.
• Authentication: Email and OAuth tokens are used solely for account management.
• Subscription management: We track your plan status to enforce usage limits and provide Pro features.
• Service improvement: Aggregated, anonymous usage data helps us improve the app.
• Push notifications: Device tokens are used to send budget alerts and reminders you opt into.

3. Data Sharing

We do not sell your personal data. We share limited data with the following service providers, solely to operate the service:

• Anthropic / OpenRouter — AI language model providers. They receive anonymized prompts (no financial amounts, no merchant names). Content is not stored per their data processing agreements.
• Apple / Google — Subscription billing is handled entirely by the App Store / Google Play. We receive only subscription status, not payment details.
• RevenueCat — Subscription management middleware. Receives subscription events, not financial data.
• Sentry (GlitchTip) — Self-hosted crash reporting. Receives technical error data only.
• PostHog — Anonymous product analytics. Device ID is SHA-256 hashed. No financial data is sent.
• Expo — Push notification delivery and over-the-air updates.

4. Data Storage & Security

• On-device encryption: All financial data is encrypted with AES-256 via SQLCipher. The encryption key is stored in the iOS Keychain / Android Keystore.
• In transit: All network communication uses TLS 1.2+ encryption.
• Server infrastructure: Hosted on Railway (EU-West region). PostgreSQL database stores only authentication and usage data, encrypted at rest.
• Access control: JWT-based authentication with RS256 signing. Refresh tokens are rotated on each use.

5. Data Retention

• On-device data: Retained until you delete it or uninstall the app. You have full control.
• Server logs: Retained for 30 days, then automatically deleted.
• Crash reports: Retained for 90 days.
• Analytics data: Retained for 12 months (anonymous, aggregated).
• Account data: Retained until you request deletion. After deletion request, data is removed within 30 days.

6. Your Rights (GDPR & CCPA)

Depending on your location, you have the following rights:

• Access: Request a copy of the data we hold about you.
• Rectification: Correct inaccurate data in your account settings.
• Erasure: Delete your account and all associated server data via Settings → Delete Account, or by contacting us.
• Portability: Export your on-device transactions as CSV at any time.
• Object: Use the app in offline mode to prevent any data from being sent to servers.
• Do Not Sell: We do not sell personal information. No opt-out is needed because no sale occurs.

To exercise any of these rights, contact us at privacy@kasso.app.

7. AI Disclaimer

Kasso is an AI-powered expense tracker, not a financial advisor. The AI assistant helps you categorize and organize expenses, but does not provide financial advice, investment recommendations, or tax guidance.

All calculations (budgets, forecasts, totals) are performed locally on your device using your data — they are not AI-generated predictions.

8. Children's Privacy

Kasso is not intended for children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at privacy@kasso.app and we will promptly delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via in-app notification or email. Continued use of the app after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices:

• Email: privacy@kasso.app
• In-app: Settings → Send Feedback