Privacy Policy

Effective Date: January 2026 Last Updated: January 2026

1. Introduction

CrispBudget (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application and related services (the “Service”).

By using CrispBudget, you consent to the practices described in this Privacy Policy.

Data Controller: CrispBudget Contact: support@crispbudget.app

2. Information We Collect

2.1 Information You Provide

Data TypeWhen CollectedPurpose
Account InformationRegistrationAuthentication, profile display
Email addressEmail sign-upAccount access, notifications
Phone numberPhone sign-upAccount verification
Display nameProfile setupPersonalization
Profile photoOptional uploadProfile display
Financial DataUser inputCore service functionality
TransactionsManual entryBudget tracking
CategoriesUser creationOrganization
BudgetsUser settingBudget management
Wallet namesUser creationWallet identification
Notes and descriptionsUser inputRecord keeping
AI Feature DataFeature usageAI processing
Receipt imagesCamera captureReceipt scanning
Voice recordingsMicrophone inputVoice-to-text
Chat messagesText inputAI Advisor

2.2 Information Collected Automatically

Data TypeMethodPurpose
Device InformationAutomaticSecurity, compatibility
Device modelSystem APIApp optimization
Operating systemSystem APICompatibility
App versionApp dataSupport, updates
Usage DataAutomaticService improvement
Crash logsFirebase CrashlyticsBug fixing
Error reportsAutomatic captureStability
Security DataFirebase App CheckFraud prevention
App attestationDevice verificationSecurity

2.3 Information from Third Parties

SourceData TypePurpose
Apple Sign-InName, email (if shared)Authentication
Google Sign-InName, email, profile photoAuthentication
App StorePurchase receiptsSubscription verification

2.4 Information We Do NOT Collect

  • Bank account details: We do not connect to or access your bank accounts
  • Credit card numbers: Payment processing is handled entirely by Apple
  • Precise location: We do not track your GPS location
  • Contacts: We do not access your contact list
  • Advertising identifiers: We do not collect IDFA for advertising

3. How We Use Your Information

3.1 Primary Purposes

PurposeLegal Basis (GDPR)
Provide the ServiceContract performance
Create and manage your accountContract
Sync data across devicesContract
Process transactions and budgetsContract
Enable wallet sharingContract
AI Feature ProcessingContract / Consent
Analyze receipt imagesContract
Convert voice to textContract
Generate AI adviceContract
Subscription ManagementContract
Verify Premium statusContract
Process renewalsContract

3.2 Secondary Purposes

PurposeLegal Basis (GDPR)
Service ImprovementLegitimate interest
Fix bugs and errorsLegitimate interest
Improve app stabilityLegitimate interest
SecurityLegitimate interest
Prevent fraud and abuseLegitimate interest
Protect against attacksLegitimate interest
CommunicationConsent / Contract
Respond to support requestsContract
Send service notificationsContract
Marketing (opt-in only)Consent

3.3 What We Don’t Do

  • No selling: We never sell your personal data
  • No advertising: We do not show ads or share data with advertisers
  • No profiling for marketing: We do not build profiles for targeted advertising
  • No third-party data sharing for their purposes: Data is only shared for our service operation

4. AI Feature Data Processing

4.1 Receipt Scanning

  • Data collected: Photos of receipts
  • Processing: Sent to Google AI (Gemini) for text extraction
  • Retention: Images are processed in real-time and not permanently stored on our servers
  • Result storage: Extracted transaction data is stored in your account

4.2 Voice Input

  • Data collected: Voice recordings
  • Processing: Converted to text using Google AI
  • Retention: Audio is processed in real-time and not permanently stored
  • Result storage: Recognized text and transaction data stored in your account

4.3 AI Advisor

  • Data collected: Chat messages and conversation context
  • Processing: Analyzed by Google AI to provide personalized insights
  • Retention: Chat history stored in your account for continuity
  • Context: May include anonymized transaction summaries for relevant advice

4.4 Third-Party AI Disclosure

Important: When you use AI features, your data is sent to third-party AI services:

FeatureAI ProviderData Sent
Receipt ScanningGoogle AI (Gemini)Receipt images
Voice InputGoogle AI (Gemini)Voice recordings
AI AdvisorGoogle AI (Gemini)Chat messages, transaction summaries

By using AI features, you explicitly consent to this data sharing. You can choose not to use AI features if you do not wish to share data with third-party AI services.

4.5 AI Data Safeguards

  • AI processing occurs via Firebase AI Logic (Google infrastructure)
  • Google’s AI services are subject to Google Cloud’s data processing terms
  • We do not use your data to train AI models
  • Google does not use API data to train models (per Google Cloud Terms)
  • You can delete all AI-related data by deleting your account

5. Data Sharing and Disclosure

5.1 Service Providers

ProviderPurposeData Shared
Firebase (Google)InfrastructureAll account and transaction data
AuthenticationAccount credentials
FirestoreData storage
Cloud FunctionsBackend processing
Cloud StorageFile storage
CrashlyticsCrash reports
App CheckSecurity verification
Google AI (Gemini)AI featuresReceipts, voice, chat
ApplePaymentsPurchase receipts
AuthenticationSign-in tokens

We may disclose your information if required by law or in response to:

  • Valid legal process (subpoenas, court orders)
  • Government requests
  • Protection of our rights, privacy, safety, or property
  • Emergency situations involving potential threats to safety

5.3 Business Transfers

If CrispBudget is acquired or merged, your data may be transferred to the new entity. We will notify you before your data becomes subject to a different privacy policy.

We may share data for purposes not described here only with your explicit consent.

5.5 Shared Wallets

When you join a shared wallet:

  • Other members can see transactions in that wallet
  • The wallet owner can view membership information
  • Your private transactions remain visible only to you
  • You control which wallets you join or leave

6. Data Storage and Retention

6.1 Storage Location

Your data is stored on Google Cloud servers, primarily in the United States. See Section 11 for international transfer information.

6.2 Retention Periods

Data TypeRetention Period
Active Account DataRetained while account is active
Transactions, budgets, categoriesUntil deletion request
Profile informationUntil deletion request
Chat historyUntil deletion request
Inactive Free AccountsDeleted after 1 year of inactivity
Prior notification sent30 days before deletion
AI Processing Data
Receipt imagesDeleted immediately after processing
Voice recordingsDeleted immediately after processing
After Account Deletion
Most dataWithin 30 days
Backup dataWithin 90 days
Anonymized analyticsMay be retained indefinitely
Legal Requirements
Purchase recordsAs required by tax law (up to 7 years)

6.3 Deletion Process

When you delete your account:

  1. Immediate: Account access disabled
  2. Within 30 days: Primary data deleted from active databases
  3. Within 90 days: Backup copies purged
  4. Indefinite: Anonymized, aggregated statistics may be retained

7. Data Security

7.1 Technical Measures

  • Encryption in transit: All data transmitted via HTTPS/TLS
  • Encryption at rest: Data encrypted on Google Cloud servers
  • Access control: Firestore Security Rules limit data access
  • App verification: Firebase App Check prevents unauthorized access
  • Authentication: Secure sign-in via Firebase Auth

7.2 Organizational Measures

  • Limited personnel access to production data
  • Regular security reviews
  • Incident response procedures

7.3 Your Responsibilities

  • Keep your account credentials secure
  • Use device-level security (passcode, biometrics)
  • Log out on shared devices
  • Report suspicious activity promptly

7.4 Security Incidents

In the event of a data breach affecting your personal information:

  • We will notify affected users within 72 hours
  • We will notify relevant supervisory authorities as required
  • We will take immediate steps to contain and remediate the breach

8. Your Privacy Rights

8.1 Rights for All Users

RightDescriptionHow to Exercise
AccessView your dataSettings > Export Data
CorrectionFix inaccurate dataEdit in app
DeletionDelete your accountSettings > Delete Account
PortabilityExport your dataSettings > Export Data (JSON format)

8.2 Additional Rights by Region

European Economic Area, UK, and Switzerland (GDPR)

If you are in the EEA, UK, or Switzerland, you have additional rights:

RightDescription
RestrictionRequest limited processing
ObjectionObject to processing based on legitimate interest
Withdraw ConsentWithdraw consent at any time
Automated DecisionsRight not to be subject to solely automated decisions
ComplaintLodge complaint with supervisory authority

California, USA (CCPA/CPRA)

If you are a California resident, you have the following rights:

RightDescription
KnowKnow what personal information is collected
AccessAccess your personal information
DeleteRequest deletion of your data
CorrectCorrect inaccurate information
Opt-Out of SaleWe do not sell personal information
Non-DiscriminationEqual service regardless of privacy choices

We do not sell or share personal information for cross-context behavioral advertising.

9. Children’s Privacy

CrispBudget is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

If we discover that we have collected information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us information, please contact us at support@crispbudget.app.

10. Cookies and Tracking

10.1 Current Status

CrispBudget is a mobile app and does not use browser cookies. We do not use tracking pixels or third-party analytics that track you across apps or websites.

10.2 Future Plans

We may implement Firebase Analytics in the future for:

  • App usage statistics
  • Feature popularity
  • Performance monitoring

If implemented, we will:

  • Update this Privacy Policy
  • Provide opt-out options where required
  • Respect privacy settings (e.g., App Tracking Transparency)

11. International Data Transfers

11.1 Transfer Locations

Your data is processed and stored in the United States on Google Cloud infrastructure. If you are outside the US, your data will be transferred internationally.

11.2 Transfer Safeguards

For users in the EEA, UK, and Switzerland:

  • Google Cloud operates under Standard Contractual Clauses (SCCs)
  • Supplementary measures per Schrems II decision
  • Google is certified under the EU-US Data Privacy Framework

For users in other regions:

  • We rely on consent and contractual necessity as transfer mechanisms
  • We ensure adequate protection regardless of location

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • In-app notification
  • Email notification (if provided)
  • Updating the “Last Updated” date

Continued use after changes constitutes acceptance. If you disagree with changes, please stop using the Service and delete your account.

13. Contact Us

For privacy-related questions, requests, or complaints:

Email: support@crispbudget.app

Response Time: We aim to respond within 30 days (or sooner as required by applicable law).

For EU Users: If you are unsatisfied with our response, you may lodge a complaint with your local data protection supervisory authority.

14. Language

This Privacy Policy is provided in English and Japanese. In case of any discrepancy, the English version shall prevail for non-Japanese users, and the Japanese version shall prevail for users in Japan.

Last updated: January 2026