Privacy Policy for WallyMe

WallyMe (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the “App”).

By using WallyMe, you agree to the collection and use of information in accordance with this policy.

1.1 Personal Information

• Email address (for authentication)
• Password (encrypted via Supabase Auth)
• User ID (automatically generated)
• Social login data (name and email from Apple or Google)

1.2 Financial Data

• Transaction details: amount, description, category, date/time
• Custom categories, learned keywords, budget settings
• Credit card info: name, brand, dates, limit, currency (NO card numbers or CVV)
• Currency and country preferences, recurring transaction rules

1.3 Usage Data

• Device type, OS version, features used
• Error logs for debugging
• IP address for country detection (not stored)

1.4 AI Categorization

• Transaction descriptions sent to AI provider for categorization
• Processing is ephemeral — no long-term storage
• Limited to 200 categorizations per day per user

1.5 Voice Input

• Speech recognition processed on-device (iOS/Android native APIs)
• Audio is NOT sent to our servers or any third party

1.6 Subscription Data

• Subscription status, purchase receipts (validated via Apple/Google APIs)
• Payment handled entirely by Apple/Google

• Account management and authentication
• Transaction management and AI categorization
• Budget tracking, credit card management, multi-currency support
• Offline sync, error monitoring, feature optimization
• Service updates and customer support

• PostgreSQL on Supabase with Row Level Security
• HTTPS/TLS encryption, JWT authentication
• Passwords hashed with bcrypt, rate limiting
• Sensitive data in hardware-encrypted storage (iOS Keychain / Android Keystore)
• Active accounts: data retained while active
• Deleted accounts: permanently removed within 30 days

• Supabase — Authentication and database
• xAI — AI transaction categorization (ephemeral processing)
• Apple/Google — Subscription payments and social login

• Access: View all data within the App
• Correction: Edit transactions, categories, keywords, budgets, preferences
• Deletion: Delete transactions or request full account deletion
• Data Export: Request a copy in JSON format
• Opt-Out: Use manual categorization only

WallyMe is not intended for users under 13. We do not knowingly collect personal information from children.

GDPR (EU): Rights to access, rectification, erasure, restriction, portability, and complaint to supervisory authority.

CCPA (California): Rights to know, delete, and opt out of sale of personal information. We do not sell your data.

Email: support@wallyme.com

Website: https://wallyme.com