1) Who we are
App
Owner & Data Controller
Ivan Taranov, Kraków, Poland
Contact (privacy)
Jurisdiction
Poland / EU law
2) Scope
This policy explains how Budget Buddy processes information when you
use the mobile app(s) on iOS and Android.
Budget Buddy is a personal finance app. User-entered financial data
(transactions, budgets, balances) stays on your device unless you
choose to back it up to your own Google Drive. We collect only
anonymous diagnostics and analytics to improve stability and features.
3) Data we process
Data stored on your device (not sent to us)
-
Financial records you enter (transactions, categories, budgets,
balances) — stored locally in an on-device
SQLite database.
-
Optional backup to your own Google Drive (your Google account).
Budget Buddy does not receive the contents of your backup.
Data we collect to operate and improve the app
-
Crash & diagnostics logs (anonymous) — via
Firebase Crashlytics.
-
Usage analytics (anonymous events such as screens
opened, feature usage) — via Firebase Analytics.
-
Remote configuration fetches — via Firebase Remote
Config (no personal content).
-
Advertising identifiers (IDFA/GAID) — only if/when
ads are enabled and after any required consent/ATT prompt.
No accounts
No contact list
No photos/media
No precise location
4) Sources of data
-
Direct from you: financial entries you type in the
app (remain on device).
-
Device/system: crash diagnostics, app instance IDs,
advertising IDs (subject to platform/consent).
-
External APIs: currency exchange rates (rates only;
no personal data sent).
-
App backend: non-personal configuration values
(feature flags via Remote Config).
5) Purposes & legal bases
-
Provide core features (budgeting, transactions) —
performed locally on device; no legal basis needed for server
processing.
-
Crash reporting & debugging —
legitimate interests to maintain and improve the app (GDPR
Art. 6(1)(f)).
-
Analytics & product improvement —
legitimate interests and, where required (e.g., in EEA),
consent.
-
Remote configuration —
legitimate interests to safely roll out features.
-
Advertising (future) — consent where
required (ATT on iOS; GDPR CMP in EEA). Personalized ads may be
enabled by default after consent.
-
Compliance, fraud, security —
legitimate interests and legal obligations.
6) AI features & third-party AI services (optional)
Budget Buddy offers optional AI-powered features: an
Agent chat assistant, voice-input transcription, and receipt-photo
recognition. These features are
entirely user-driven and disabled by default. They
only become active when you:
-
Provide your own API key for a supported AI provider (OpenAI or
Google Gemini) in the app's AI Settings, and
-
Explicitly enable the "Allow sharing data" consent toggle
on the same screen.
What data is sent
When you use an AI feature,
only the content you actively submit is sent to your
chosen provider:
| Feature |
Data sent |
| Agent chat |
Your text messages and conversation context (account names,
transaction descriptions, aggregated financial summaries the agent
retrieves to answer your question).
|
| Voice input |
Your voice recording, for transcription. |
| Receipt recognition |
The receipt photo you capture or select. |
No data is sent in the background or without your action. The app does
not transmit raw transaction amounts, passwords, or any data beyond
what is needed to fulfil the specific AI request you initiate.
Who the data is sent to
Data is sent directly from your device to the AI
provider you select in Settings:
Budget Buddy does not operate as an intermediary — your API key
authenticates you directly with the provider. We do not receive,
store, or have access to the content of your AI requests or responses.
Legal basis
Consent (GDPR Art. 6(1)(a)). You grant consent via the
in-app toggle and may withdraw it at any time by disabling the toggle
or removing your API key.
How we ask your permission
Before any data is shared with a third-party AI provider, the app
presents a dedicated consent dialog that clearly identifies what data
will be sent and names the recipient (OpenAI, L.L.C. or Google LLC).
AI features remain completely disabled until you review this
disclosure and explicitly tap "I Agree." You must also provide your
own API key.
Your control
Revoking consent immediately stops all data transmission to AI
services. No historical data is retained by the app after it is sent;
refer to the provider's own privacy policy and data-retention
practices for how they handle your data.
7) Storage, location & transfers
-
Your financial data is stored
only on your device in SQLite. Optional backups are
stored in your Google Drive under your Google
account.
-
Diagnostics/analytics are processed by Google Firebase (data centers
may be in the EU and/or other regions). Transfers outside the EEA
are protected by Standard Contractual Clauses provided by
Google.
-
All network communications use TLS encryption in
transit.
8) Sharing & disclosure
We do not sell your personal information. We share limited data with
service providers ("processors") strictly to operate the app:
-
Google Firebase (Analytics, Crashlytics, Remote
Config) — diagnostics/usage data.
-
Google AdMob (when ads are enabled) — advertising
identifiers and context for ad delivery; may qualify as "sharing"
for cross-context behavioral advertising in some jurisdictions when
personalized ads are shown.
-
OpenAI / Google Gemini (when you
opt in to AI features) — only the content you submit through AI
features (see Section 6 above). This sharing is initiated by
you, requires your explicit consent, and uses your own API key.
All third parties listed above provide data protection measures
consistent with applicable law. We may also disclose information if
required by law or to protect our rights and users' safety.
9) Retention
-
Financial data — stays on your device until you
delete it or uninstall the app; backups remain in your Google Drive
until you remove them.
-
Crash logs & analytics — retained according to
Firebase defaults and our operational needs (commonly up to 14
months).
10) Your privacy rights
-
Access/Export — export your data to a file, to
local storage, or to apps via the system share sheet; you can also
back up to Google Drive.
-
Delete — delete entries in-app, clear the local
database, delete backups in your Google Drive, or uninstall the app.
-
Consent controls — when ads are enabled, you will
see platform consent prompts (ATT on iOS; GDPR consent in the EEA).
Currently, an in-app analytics opt-out is not provided.
-
EEA/UK/CCPA — you may have additional rights
(objection, restriction, portability). Contact us at
korsour@gmail.com.
11) Security
- Encryption in transit via TLS.
-
On-device data is not encrypted at rest by the app;
rely on your device's OS security (screen lock, device encryption)
and cloud account protections for Drive backups.
-
We minimize data collection (no user accounts; anonymous diagnostics
where possible).
-
Vendors such as Google/Firebase maintain industry certifications
(e.g., ISO/SOC). See their documentation for details.
12) Advertising & tracking
-
Budget Buddy may show ads via Google AdMob. On iOS,
we request ATT permission for tracking; in the EEA
we will present a consent dialog. Personalized ads may be enabled by
default after consent.
-
You can reset/limit the advertising identifier in your device
settings (IDFA/GAID). If you do not grant consent where required,
only non-personalized ads (or no ads) will be shown.
13) Children
The app is designed for general audiences and is not directed to
children under 13. We do not knowingly collect personal data from
children. If you are a parent or guardian and believe a child provided
information, contact us to request deletion.
14) Cookies & website
No cookies are used in the mobile apps. The website
korlab.team
may use basic analytics cookies; refer to that site's notice if
applicable.
15) Changes to this policy
We will update this policy in-app when features or practices change.
Material changes will be highlighted in release notes or an in-app
notice.
16) App Store & Google Play disclosures
Apple App Store (Data Linked to You / Not Linked)
| Category |
Details |
| Data Linked to You |
None (no accounts; financial data remains on device). |
| Data Not Linked to You |
Diagnostics (Crash Data), Usage Data (Product Interaction),
Advertising Data (IDFA/GAID) when ads are enabled.
|
| Data Used to Track You |
Advertising identifiers and app activity may be used for ad
personalization after required consent/ATT.
|
| Third-Party AI Sharing (opt-in) |
When the user enables AI features: text messages, voice
recordings, and receipt photos are sent to OpenAI or Google Gemini
(user's choice). Requires explicit in-app consent. See
Section 6.
|
Google Play Data Safety
| Collected |
Purpose |
Shared |
| Crash logs, Diagnostics |
App functionality, Analytics |
With processors (Firebase) |
| App activity (non-identifying events) |
Analytics, Product improvement |
With processors (Firebase) |
| Device or other IDs (for ads) |
Advertising |
Ad networks (AdMob) — may be considered "sharing" for personalized
ads
|
| User-submitted content (opt-in AI features only) |
AI-powered assistance (chat, voice transcription, receipt
recognition)
|
With OpenAI or Google Gemini (user's choice, after explicit
consent)
|
Financial data you enter stays on device / your Drive backup. AI
features only transmit what you actively submit, after opt-in consent.
Terms of Use (EULA):
https://budget.korlab.team/eula.html