This Privacy Policy describes how Cashy+ ("we", "our", or "the app") collects, uses, and protects your information when you use our iOS application. By using Cashy+, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

• Email address (for authentication)
• Display name
• Profile photo (if you choose to upload one)
• Authentication credentials (managed securely by Firebase Authentication; we never see your password in plain text)

1.2 Financial Data You Record

• Transactions (income, expenses, transfers, installment payments)
• Bank account names and balances you enter
• Cash wallet entries
• Credit card details you enter (name and balance only — we never store full card numbers)
• Budgets and budget categories
• Savings goals and contributions
• Loan records
• Subscriptions and recurring payments
• Installment plans
• Fixed deposit records

1.3 App Preferences

• Selected language (EN, MS, ZH-Hans, ZH-Hant, JA, KO, TH)
• Default currency and conversion rates
• Theme preferences (light/dark mode)
• Notification preferences

1.4 Information We Do NOT Collect

• We do not collect your full credit card or bank account numbers
• We do not collect your social security number or government ID
• We do not access your device contacts, photos, or location without your explicit permission
• We do not use third-party advertising trackers

2. How We Use Your Information

• To provide core app functionality (recording transactions, calculating balances, generating insights)
• To authenticate your account and keep your data secure
• To sync your data across devices using Firebase Cloud Firestore
• To send you reminders and notifications you have configured
• To respond to support requests

3. Third-Party AI Service (Google Gemini)

3.1 What Data Is Sent to Google Gemini

When you actively use the AI chat feature, the following is transmitted to Google's Gemini API:

• The text of messages you type into the AI chat
• Photos you choose to attach (e.g. receipts)
• A snapshot of your financial context, which may include:
  • Transaction summaries from the last 30 days
  • Budget limits and spending
  • Savings goals and progress
  • Installment schedules
  • Subscription details
  • Fixed deposit information
  • Account balances (banks and wallets)

3.2 Who Receives This Data

Data is sent to Google LLC via the Gemini API endpoint (generativelanguage.googleapis.com). Google processes this data under its own privacy terms, available at https://policies.google.com/privacy.

We do not sell or share this data with any other third parties.

3.3 What Is NEVER Sent to Google Gemini

• Your password or authentication credentials
• Your full email address (beyond what you type in chat)
• Your complete historical transaction database
• Any data when you are not actively using the AI chat feature

3.4 Your Control Over the AI Feature

• Use of the AI chat feature is entirely optional. All other Cashy+ features (transaction logging, budgets, savings, loans, analysis, multi-currency, multi-language) function fully without it.
• Before any data is sent to Google Gemini, you must explicitly consent via an in-app disclosure screen.
• You can revoke consent at any time in Settings → AI Privacy → Revoke AI Consent. Once revoked, no further data is sent to Google Gemini and the AI chat feature becomes unavailable until you re-consent.

4. Data Storage and Security

Your data is stored in Firebase (Google Cloud Platform), which provides enterprise-grade security including:

• Encryption in transit (TLS/HTTPS for all data transfer)
• Encryption at rest in Google Cloud servers
• User-level access controls (only your authenticated account can access your data)
• Regular security audits performed by Google Cloud

While we use industry-standard security practices, no method of electronic storage is 100% secure. We cannot guarantee absolute security but commit to using reasonable measures to protect your data.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We may share data only in the following limited cases:

• Service providers: Firebase (Google Cloud) for data storage and authentication; Google Gemini for the optional AI assistant feature (only when you have consented)
• Legal requirements: If required by law, court order, or government regulation
• Protection of rights: To protect the rights, property, or safety of Cashy+, our users, or others

6. Your Rights

You have the following rights regarding your data:

• Access: View all data you have stored in the app at any time
• Correction: Edit or update any record in the app
• Deletion: Delete individual records or your entire account
• Export: Export your transaction data as Excel or CSV files
• Withdraw consent: Revoke AI assistant consent at any time
• Account deletion: Request full account deletion by contacting us

7. Children's Privacy

Cashy+ is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us and we will delete the information.

8. International Data Transfers

Your data may be processed and stored on servers located outside of your country. By using Cashy+, you consent to such transfers. Firebase data centers are operated by Google and comply with international data protection standards including GDPR and CCPA where applicable.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app or via email. The "Last Updated" date at the top of this policy will reflect the most recent revision.

10. Contact Us

If you have any questions about this Privacy Policy or your data, please contact us at:

• Email: jordentan17@gmail.com
• App Store: Cashy+ on the iOS App Store