Privacy Policy

At Kibo, we're committed to protecting your privacy and ensuring transparency in how we handle your data.

1. Introduction

Welcome to Kibo's Privacy Policy. This document outlines how we collect, use, and protect your personal information when you use our expense tracking and financial management platform, available through our website and mobile application.

Kibo ("we", "us", "our") is a personal finance app that helps you track expenses, categorize transactions, and manage your financial data using AI-powered features. We are committed to protecting your privacy and handling your financial information with the highest level of security and transparency.

This Privacy Policy explains how we handle your personal data in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

By using our services, you acknowledge that you have read and understood this Privacy Policy and consent to the data practices described herein.

2. Information We Collect

We collect the following types of information:

Personal Information

  • Contact information (name, email address)
  • Account credentials (username, password)
  • Google account information (when using Google Sign-In)

Financial Information

  • Transaction details (amounts, descriptions, dates, categories)
  • Receipt images and extracted text (via OCR processing)
  • Spending patterns and financial categorizations
  • Google Play purchase and subscription information

Usage and Analytics Information

  • App usage patterns and feature interactions
  • Device information (device type, operating system, unique device identifiers)
  • Analytics data collected through Google Analytics (usage statistics, crash reports, performance metrics)
  • IP address and general location data
  • Log information (access times, pages visited, features used)

Images and OCR Data

  • Receipt and document images you upload
  • Text extracted from images via Optical Character Recognition (OCR)
  • Processed transaction data derived from image analysis

3. How We Use Your Information

We use your information for the following purposes:

  • Core Service Functions: To provide our expense tracking and financial management services, including transaction categorization, spending analysis, and receipt processing.
  • AI-Powered Features: To process your transaction data and receipt images through Google Gemini AI for intelligent categorization, transaction suggestions, and OCR text extraction.
  • Personalization: To tailor financial insights, spending patterns, and category suggestions based on your transaction history.
  • Premium Services: To process and verify subscription purchases through Google Play Billing and provide premium features.
  • Analytics and Improvement: To understand app usage through Google Analytics and improve our platform's functionality and user experience.
  • Communication: To send you important notifications regarding your account, subscription status, and service updates.
  • Security: To protect against unauthorized access and ensure the security of your financial data.
  • Legal Compliance: To comply with applicable laws, regulations, and legal obligations.

4. Legal Basis for Processing

Under the GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide our services as agreed in our Terms of Service.
  • Legitimate Interests: Processing that serves our legitimate business interests, such as fraud prevention, service improvement, and marketing (where these interests are not overridden by your data protection rights).
  • Consent: Processing based on your specific consent, such as for marketing communications or non-essential cookies.
  • Legal Obligations: Processing required to comply with laws and regulations applicable to financial services.

5. Data Sharing and Disclosures

We may share your information with the following third parties:

Google Services

  • Google Gemini AI: Transaction data and receipt text are processed through Google's Gemini AI service for categorization, suggestions, and OCR processing.
  • Google Analytics: Usage and performance data is shared with Google Analytics to help us improve our app and understand user behavior.
  • Google Play Billing: Subscription and purchase information is processed through Google Play's billing system.
  • Google Cloud Services: Data may be stored and processed using Google Cloud infrastructure.

Other Service Providers

  • Cloud Hosting: Your data is stored on secure cloud infrastructure providers.
  • Email Services: For sending account-related notifications and updates.
  • Authentication Services: When you use Google Sign-In for account access.

Legal and Business Disclosures

  • Legal Authorities: When required by law, court order, or governmental regulation.
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality agreements.

All third-party service providers are required to maintain appropriate security measures and handle your data in accordance with applicable privacy laws. Data shared with Google services is subject to Google's privacy policies and terms of service.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Our security measures include:

  • Encryption of sensitive financial data
  • Regular security assessments and penetration testing
  • Access controls and authentication procedures
  • AI-powered fraud detection systems
  • Employee training on data protection and security

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal information for specific periods based on the type of data and purpose:

Account and Profile Data

  • Active accounts: Retained while your account remains active
  • Deleted accounts: Most data is deleted within 30 days, with some anonymized analytics data retained for up to 2 years

Financial Data

  • Transaction records: Retained for up to 7 years after account deletion for tax and legal compliance purposes
  • Receipt images: Deleted within 90 days after OCR processing is complete (unless needed for dispute resolution)
  • Google Play purchase data: Retained according to Google Play's policies and applicable tax regulations

Analytics and Usage Data

  • Google Analytics data: Automatically deleted after 26 months as per Google's default retention policy
  • App usage logs: Retained for up to 12 months for service improvement purposes

AI Processing Data

  • Data sent to Google Gemini AI: Not permanently stored by us; retention subject to Google's AI service policies
  • OCR extracted text: Deleted within 30 days after transaction processing

When retention periods expire, we securely delete or anonymize your data. Some anonymized, aggregated data may be retained indefinitely for statistical and research purposes.

8. Your Data Protection Rights

Under the GDPR and applicable laws, you have the following rights:

  • Right to Access: Request copies of your personal data we process.
  • Right to Rectification: Request correction of inaccurate or incomplete information.
  • Right to Erasure: Request deletion of your personal data in certain circumstances.
  • Right to Restrict Processing: Request limitation of processing in certain scenarios.
  • Right to Data Portability: Request transfer of your data to you or a third party.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing.
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us at privacy@kibo.com. We will respond to your request within one month (or two months for complex requests).

Contact Information for Privacy Matters

9. Cookies and Tracking Technologies

Our website and mobile app use cookies and similar tracking technologies:

Types of Cookies and Tracking

  • Essential Cookies: Required for basic app functionality, authentication, and security features.
  • Google Analytics: Collects anonymized usage data, user interactions, crash reports, and performance metrics to help us improve the app experience.
  • Functionality Cookies: Remember your preferences, settings, and choices to improve your user experience.
  • Authentication Tokens: Secure tokens for maintaining your login session and API access.

Third-Party Tracking

  • Google Analytics: Automatically collects device information, usage patterns, and app performance data. You can opt-out through Google's opt-out tools or by adjusting your device's advertising settings.
  • Google Play Services: Tracks subscription status and purchase verification for premium features.

Your Control Over Tracking

  • Mobile App: You can disable analytics tracking through your device's privacy settings or app-specific settings
  • Web Browser: Manage cookie preferences through your browser settings
  • Google Analytics Opt-out: Use Google's opt-out browser add-on or advertising settings

Note: Disabling certain tracking technologies may limit some app features, particularly analytics-based improvements and personalized recommendations.

10. International Data Transfers

Your data may be transferred internationally through our use of global services:

Google Services Data Transfers

  • Google Gemini AI: Transaction and OCR data is processed on Google's global AI infrastructure, which may include servers in the United States and other countries.
  • Google Analytics: Usage data is processed by Google's analytics servers worldwide.
  • Google Cloud/Play Services: Data may be stored and processed in Google's global cloud infrastructure.

Data Protection Safeguards

For transfers outside the European Economic Area (EEA), we ensure appropriate protections:

  • Google Services: Covered by Google's adherence to EU-U.S. Data Privacy Framework and Standard Contractual Clauses
  • Other Service Providers: Protected by Standard Contractual Clauses approved by the European Commission
  • Adequate Protection: We only transfer data to countries with adequate protection as determined by the European Commission, or with appropriate safeguards in place

Your Rights Regarding International Transfers

You have the right to obtain information about the safeguards we have in place for international data transfers. Contact us at privacy@kibo.com for more details about specific transfer mechanisms.

11. Artificial Intelligence and Automated Processing

Kibo uses artificial intelligence to enhance your financial management experience:

AI-Powered Features

  • Transaction Categorization: Google Gemini AI analyzes your transaction descriptions to suggest appropriate categories
  • OCR Processing: AI extracts text and transaction details from receipt images you upload
  • Smart Suggestions: AI provides transaction name improvements and spending insights based on your data
  • Emoji Assignment: AI selects contextually appropriate emojis for transactions and categories

Automated Decision Making

We use automated processing in the following ways:

  • Category Assignment: Transactions are automatically categorized based on AI analysis, but you can always modify these suggestions
  • Fraud Detection: Automated systems may flag unusual transaction patterns for your review
  • Content Filtering: Automated systems process OCR text to extract relevant financial information

Your Rights Regarding AI Processing

  • Human Review: You can always override AI-generated suggestions and categorizations
  • Explanation: You can request information about how our AI systems make decisions affecting your account
  • Opt-out: While AI processing is integral to our service, you can minimize it by using manual transaction entry only

Data Processing Notice: When you use AI features, your transaction data is sent to Google Gemini AI for processing. Google does not use this data to train their models or for other purposes beyond providing the AI service to us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our website and, where appropriate, via email.

We encourage you to periodically review this page for the latest information on our privacy practices.

Back to Home