Privacy Policy for Wally - Personal Finance App

Effective Date: November 23, 2025
Last Updated: November 23, 2025

Introduction

Wally ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application (the "App"). Please read this policy carefully.

By using Wally, you agree to the collection and use of information in accordance with this policy. If you do not agree with this policy, please do not use the App.

---

1. Information We Collect

1.1 Personal Information

We collect the following personal information when you create an account:

• Email address (for authentication purposes)
• Password (encrypted and stored securely via Supabase Auth)
• User ID (automatically generated)

1.2 Financial Data

We collect financial information that you voluntarily provide to track your expenses and income:

• Transaction details: amount, description, category, date/time
• Custom categories and subcategories you create
• Custom keywords for transaction categorization
• Budget settings and monthly limits
• Credit card information: card name, brand, cut-off dates, payment dates, currency (NO card numbers or CVV)
• Currency and country preferences

1.3 Usage Data

We may collect information about how you interact with the App:

• Device information: device type, operating system version
• App usage: features used, timestamps
• Error logs: crash reports for debugging purposes

1.4 AI Categorization Data

We use xAI Grok to categorize transactions based on your input:

• Transaction descriptions are sent to Grok API for automatic categorization
• Learned keywords are stored locally to improve future categorizations
• AI processing is ephemeral and does not retain your data after categorization

1.5 Subscription Data (Wally Premium)

If you subscribe to Wally Premium:

• Subscription status: active, trial, expired
• Purchase receipts: Validated through Apple/Google APIs
• Expiry dates: To manage subscription renewals
• Payment information: Handled exclusively by Apple/Google (we never see your credit card details)

---

2. How We Use Your Information

2.1 Core Functionality

• Account management: authentication, user identification
• Transaction management: CRUD operations (create, read, update, delete)
• AI categorization: automatic categorization of expenses/income using Grok AI
• Budget tracking: monitor spending against monthly budgets
• Credit card management: track payment due dates and cut-off dates
• Multi-currency support: currency conversion and exchange rates

2.2 Service Improvement

• Error monitoring: diagnose and fix bugs
• Feature optimization: improve AI accuracy and user experience
• Analytics: understand usage patterns to enhance the App (aggregated, anonymized data only)

2.3 Communication

• Service updates: notify you of important changes, new features, or security updates
• Customer support: respond to your inquiries and provide assistance

---

3. Data Storage and Security

3.1 Where We Store Your Data

• Database: PostgreSQL hosted on Supabase (secure cloud infrastructure)
• Authentication: Supabase Auth with JWT tokens
• Backend API: Hosted on Dokploy VPS with SSL encryption (https://api.wallyme.com)
• Local storage: Preferences stored locally on your device

3.2 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption in transit: HTTPS/TLS for all API communications
• Encryption at rest: Database encryption via Supabase
• Password hashing: Passwords are hashed using bcrypt before storage
• JWT authentication: Secure token-based authentication
• Rate limiting: Protection against brute-force attacks
• Input validation: SQL injection and XSS protection

3.3 Data Retention

• Active accounts: Data is retained as long as your account is active
• Inactive accounts: Data may be deleted after 24 months of inactivity (we will notify you before deletion)
• Deleted accounts: Upon account deletion, your data is permanently removed within 30 days

---

4. Third-Party Services

4.1 Supabase (Authentication & Database)

• Purpose: User authentication and data storage
• Data shared: Email, password (hashed), user ID, financial data
• Privacy Policy: https://supabase.com/privacy

4.2 xAI Grok (AI Categorization)

• Purpose: Automatic transaction categorization using AI
• Data shared: Transaction descriptions (e.g., "uber 50", "juan valdez 17000")
• Data retention: Ephemeral processing only, no long-term storage by Grok
• Privacy Policy: https://x.ai/legal/privacy-policy

4.3 Apple App Store / Google Play Store (In-App Purchases)

• Purpose: Process subscription payments for Wally Premium
• Data shared: Purchase receipts, subscription status
• Payment processing: Handled entirely by Apple/Google (we never see payment details)
• Privacy Policies:
  • Apple: https://www.apple.com/legal/privacy/
  • Google: https://policies.google.com/privacy

---

5. Your Data Rights

You have the following rights regarding your personal data:

• Access: You can view all your data within the App
• Correction: You can edit your transactions, categories, keywords, budgets, and preferences at any time
• Deletion: You can delete individual transactions or request full account deletion by contacting us at support@wallyme.com
• Data Export: You can request a copy of your data in JSON format
• Opt-Out: You can opt out of AI categorization by using manual categorization only

---

6. Children's Privacy

Wally is not intended for users under the age of 13. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

---

7. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us:

Email: support@wallyme.com
Website: https://wallyme.com

---

8. Legal Compliance

GDPR (European Union)

If you are located in the EU, you have additional rights under GDPR:

• Right to access, rectification, erasure, restriction, and portability of your data
• Right to object to processing and withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

CCPA (California, USA)

If you are a California resident, you have rights under CCPA:

• Right to know what personal information is collected
• Right to request deletion of personal information
• Right to opt out of the sale of personal information (we do not sell your data)

---

Thank you for trusting Wally with your financial data. We are committed to protecting your privacy and providing a secure, transparent experience.