1. Welcome to Kibo
Hi there! Thanks for choosing Kibo to help manage your finances. We know privacy matters to you, so we want to be completely transparent about how we handle your information.
Kibo is your personal expense tracking assistant that uses smart AI features to help you categorize expenses and understand your spending patterns. We're committed to keeping your financial information safe and secure while providing you with the best possible experience.
This policy explains everything we do with your data in simple terms. We follow strict privacy laws (like GDPR and CCPA) to make sure your information is protected.
By using Kibo, you're agreeing to the practices described in this policy. If you have any questions, just reach out to us!
2. What Information We Need
To help you track your expenses and provide smart suggestions, we need some information from you:
Basic Account Info
- Your email address and name (to create your account)
- Your password (encrypted and secure)
- Google account details (if you choose to sign in with Google)
Your Financial Data
- Transaction details you add (amounts, descriptions, dates)
- Receipt photos you upload (we extract text to save you typing!)
- How you categorize your spending (to learn your preferences)
- Your premium subscription info (if you upgrade)
App Usage Data
- How you use the app (to make it better for everyone)
- Your device type and operating system (for compatibility)
- Anonymous usage statistics through Google Analytics (crash reports, popular features)
- General location info (for security, not tracking)
- When you use different features (to improve performance)
Photos You Share
- Receipt and bill photos you choose to upload
- Text we extract from those photos (like store names and amounts)
- Transaction details we create from your photos
3. How We Use Your Information
Here's what we do with your information to make Kibo awesome for you:
- Make the App Work: Track your expenses, categorize transactions, and process receipt photos so you don't have to type everything manually.
- Smart AI Features: Use Google's AI (Gemini) to automatically suggest categories for your transactions and extract text from receipt photos. This saves you tons of time!
- Personalize Your Experience: Learn your spending patterns to give you better insights and suggestions that actually make sense for your lifestyle.
- Handle Premium Features: Process your subscription through Google Play if you choose to upgrade, and unlock advanced features.
- Improve the App: Use anonymous usage data (via Google Analytics) to understand what features people love and fix things that aren't working well.
- Keep You in the Loop: Send important updates about your account, subscription, or new features (we won't spam you!).
- Keep Everything Secure: Protect your account from unauthorized access and keep your financial data safe.
- Follow the Rules: Meet legal requirements so we can keep operating and serving you.
4. Legal Basis for Processing
Under the GDPR, we process your personal data based on the following legal grounds:
- Contract Performance: Processing necessary to provide our services as agreed in our Terms of Service.
- Legitimate Interests: Processing that serves our legitimate business interests, such as fraud prevention, service improvement, and marketing (where these interests are not overridden by your data protection rights).
- Consent: Processing based on your specific consent, such as for marketing communications or non-essential cookies.
- Legal Obligations: Processing required to comply with laws and regulations applicable to financial services.
5. Data Sharing and Disclosures
We may share your information with the following third parties:
Google Services
- Google Gemini AI: Transaction data and receipt text are processed through Google's Gemini AI service for categorization, suggestions, and OCR processing.
- Google Analytics: Usage and performance data is shared with Google Analytics to help us improve our app and understand user behavior.
- Google Play Billing: Subscription and purchase information is processed through Google Play's billing system.
- Google Cloud Services: Data may be stored and processed using Google Cloud infrastructure.
Other Service Providers
- Cloud Hosting: Your data is stored on secure cloud infrastructure providers.
- Email Services: For sending account-related notifications and updates.
- Authentication Services: When you use Google Sign-In for account access.
Legal and Business Disclosures
- Legal Authorities: When required by law, court order, or governmental regulation.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality agreements.
All third-party service providers are required to maintain appropriate security measures and handle your data in accordance with applicable privacy laws. Data shared with Google services is subject to Google's privacy policies and terms of service.
6. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.
Our security measures include:
- Encryption of sensitive financial data
- Regular security assessments and penetration testing
- Access controls and authentication procedures
- AI-powered fraud detection systems
- Employee training on data protection and security
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.
7. Data Retention
We retain your personal information for specific periods based on the type of data and purpose:
Account and Profile Data
- Active accounts: Retained while your account remains active
- Deleted accounts: Most data is deleted within 30 days, with some anonymized analytics data retained for up to 2 years
Financial Data
- Transaction records: Retained for up to 7 years after account deletion for tax and legal compliance purposes
- Receipt images: Deleted within 90 days after OCR processing is complete (unless needed for dispute resolution)
- Google Play purchase data: Retained according to Google Play's policies and applicable tax regulations
Analytics and Usage Data
- Google Analytics data: Automatically deleted after 26 months as per Google's default retention policy
- App usage logs: Retained for up to 12 months for service improvement purposes
AI Processing Data
- Data sent to Google Gemini AI: Not permanently stored by us; retention subject to Google's AI service policies
- OCR extracted text: Deleted within 30 days after transaction processing
When retention periods expire, we securely delete or anonymize your data. Some anonymized, aggregated data may be retained indefinitely for statistical and research purposes.
8. Your Data Protection Rights
Under the GDPR and applicable laws, you have the following rights:
- Right to Access: Request copies of your personal data we process.
- Right to Rectification: Request correction of inaccurate or incomplete information.
- Right to Erasure: Request deletion of your personal data in certain circumstances.
- Right to Restrict Processing: Request limitation of processing in certain scenarios.
- Right to Data Portability: Request transfer of your data to you or a third party.
- Right to Object: Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Withdraw consent where processing is based on consent.
Want to use any of these rights? Just drop us a line at privacy@kibo.com and we'll get back to you within a month (or let you know if we need a bit more time for complex requests).
Get in Touch
We're real people and we actually read every email. Don't hesitate to reach out if you have any questions or concerns!
9. Cookies and Tracking Technologies
Our website and mobile app use cookies and similar tracking technologies:
Types of Cookies and Tracking
- Essential Cookies: Required for basic app functionality, authentication, and security features.
- Google Analytics: Collects anonymized usage data, user interactions, crash reports, and performance metrics to help us improve the app experience.
- Functionality Cookies: Remember your preferences, settings, and choices to improve your user experience.
- Authentication Tokens: Secure tokens for maintaining your login session and API access.
Third-Party Tracking
- Google Analytics: Automatically collects device information, usage patterns, and app performance data. You can opt-out through Google's opt-out tools or by adjusting your device's advertising settings.
- Google Play Services: Tracks subscription status and purchase verification for premium features.
Your Control Over Tracking
- Mobile App: You can disable analytics tracking through your device's privacy settings or app-specific settings
- Web Browser: Manage cookie preferences through your browser settings
- Google Analytics Opt-out: Use Google's opt-out browser add-on or advertising settings
Note: Disabling certain tracking technologies may limit some app features, particularly analytics-based improvements and personalized recommendations.
10. International Data Transfers
Your data may be transferred internationally through our use of global services:
Google Services Data Transfers
- Google Gemini AI: Transaction and OCR data is processed on Google's global AI infrastructure, which may include servers in the United States and other countries.
- Google Analytics: Usage data is processed by Google's analytics servers worldwide.
- Google Cloud/Play Services: Data may be stored and processed in Google's global cloud infrastructure.
Data Protection Safeguards
For transfers outside the European Economic Area (EEA), we ensure appropriate protections:
- Google Services: Covered by Google's adherence to EU-U.S. Data Privacy Framework and Standard Contractual Clauses
- Other Service Providers: Protected by Standard Contractual Clauses approved by the European Commission
- Adequate Protection: We only transfer data to countries with adequate protection as determined by the European Commission, or with appropriate safeguards in place
Your Rights Regarding International Transfers
You have the right to obtain information about the safeguards we have in place for international data transfers. Contact us at privacy@kibo.com for more details about specific transfer mechanisms.
11. Our Smart AI Features
We use AI to make your life easier and save you time with your expense tracking:
What Our AI Does For You
- Smart Categories: Google's AI looks at your transaction names and suggests the best category (like "Food" for "Starbucks")
- Receipt Magic: Upload a photo of any receipt and our AI extracts all the important details automatically
- Better Suggestions: The AI learns your spending habits to give you more accurate category suggestions over time
- Fun Emojis: AI picks relevant emojis for your transactions to make tracking more visual and fun
Automatic Features (That You Control)
- Auto-Categorization: Transactions get suggested categories automatically, but you can always change them
- Security Alerts: We might flag unusual spending patterns to help protect your account
- Smart Text Extraction: AI pulls out the important info from receipt photos so you don't have to type it
You're Always in Control
- Override Anything: Don't like an AI suggestion? Just change it with a tap
- Ask Questions: Curious how the AI made a decision? Just ask us at support@kibo.com
- Go Manual: Prefer to do everything yourself? You can skip AI features and enter transactions manually
Good to Know: When you use AI features, we send your transaction data to Google's Gemini AI for processing. Google doesn't use your data to train their AI or for anything else - they just process it and send back the results to help you.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated Privacy Policy on our website and, where appropriate, via email.
We encourage you to periodically review this page for the latest information on our privacy practices.
Back to Home