This policy outlines how AuraInsights ("Provider", "we", "us") collects, stores, and processes your personal data to provide our multi-currency financial engine.
2. Personal Data We Collect
Account & Service Data: The minimum scope of data required to set up your account includes your first name, last name, e-mail address, login credentials, language, and currency.
Financial & Open Banking Data: We process your transactions, incomes, expenses, and budgets. If you use the bank synchronization feature, we securely process read-only transaction details, balances, and account data.
AI Receipt Scanner: When utilizing the Magic AI Scan feature, we process the receipt images and extracted data (such as merchant name, date, total amount, currency, and tax information) to automatically generate entries.
AML Compliance: If required to comply with Anti-Money Laundering (AML) laws, we may process identification data including sex, birth date, address, and citizenship.
Social Logins: If you use third-party platforms (like Google or Apple) to log in, we process the identification details provided by those respective platforms.
Device & Advertising Identifiers: We and our third-party partners (Firebase, RevenueCat) may collect device identifiers and advertising identifiers such as the Google Advertising ID (GAID) on Android.
Crash Reports & Diagnostics: We collect anonymized crash logs and app performance diagnostics via Firebase Crashlytics.
Purchase & Subscription History: We process your in-app purchase history and subscription status via RevenueCat, Inc.
3. Purpose and Legal Basis of Processing
Service Provision: To operate the AuraInsights platform, securely sync your EU banks, and ensure the functionality of your application.
Marketing & Profiling: We may use your email to send direct marketing communications until you opt out. We may also use profiling to personalize your ad experience and financial advice. This profiling does not result in automated decision-making that produces legal effects.
Legitimate Interests: We utilize anonymized data for developing and improving the application.
Active Accounts: We retain your personal and financial data only for as long as your account remains active.
General personal data is processed only for the necessary period of time, maximum until you delete your account or terminate the agreement.
Account Deletion: You may delete your account at any time via Settings → Security & Privacy → Delete Account.
System Backups: Encrypted data may remain in isolated backups for up to 30 days before being automatically overwritten.
5. Third-Party Processors
We have appointed the following third-party data processors to perform data processing on our behalf. All processors operate under strict written Data Processing Agreements (DPAs):
Google LLC (Firebase) — Cloud Firestore, Authentication, Crashlytics, Analytics, Cloud Storage, Cloud Run. Data may be processed in the US under SCCs.
RevenueCat, Inc. — Subscription management. Data processed in the US under SCCs.
Enable Banking (EU) — Licensed AISP for PSD2 Open Banking. Data processed within the EU.
Google LLC (Gemini AI) — AI receipt scanning and financial insights.
Google LLC (Google Analytics GA4) — Website analytics, subject to your cookie consent.
Meta Platforms, Inc. (Facebook) — Mobile advertising attribution via the Facebook SDK. Operates in limited mode (no personal identifiers) on iOS unless you grant App Tracking Transparency (ATT) consent. On Android, anonymous attribution data is used to measure advertising campaign effectiveness. Data processed in the US under SCCs.
6. Data Security
Your Personal Data is stored and processed automatically in electronic form on secure servers located within the European Union. We apply high data protection standards, including AES-256 encryption.
7. Your Rights
Access and Export: You have the right to access your data and the right to export your personal financial information to another controller at any time.
Objection and Erasure: You may object to certain processing, withdraw marketing consent at any time within the app, or request complete data erasure.
Right to Rectification: You may request correction of any inaccurate personal data held about you.
Right to Restriction: You may request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability: You have the right to receive your data in a structured, machine-readable format.
Right to Object: You may object at any time to processing based on our legitimate interests, including direct marketing.
Right to Lodge a Complaint: You have the right to lodge a complaint with ANSPDCP — anspdcp.ro, Telephone: +40.318.059.211.
8. Cookies
We use cookies to maintain your settings, ensure security, analyze app usage, and target advertisements. You can block or delete cookies through your browser settings or our consent banner.
9. International Data Transfers
Some of our processors are based in the US. We ensure transfers outside the EEA are protected by Standard Contractual Clauses (SCCs) and/or the EU-US Data Privacy Framework.
10. Contact
For privacy enquiries or to exercise your rights, contact us at [email protected]. We aim to respond within 30 calendar days.