Privacy Policy

Last updated: 2026-06-05. Owner: Kaya (a personal project by Juan E. Venegas). Contact: juan.e.venegas@gmail.com.

This policy explains exactly what Kaya stores, why, with whom it is shared, and how to delete it. We try to keep it short and concrete; "we" means the Kaya service and its operator.

1. What Kaya stores

Account data

• Email address — used to sign in, send password resets, and send Kaya-to-you notifications. Never sold.
• Display name — shown next to expenses you log.
• Password hash — bcrypt; we never store the plain password.
• Subscription status — tier (Plus / Family), provider (Apple), renewal date. Used for entitlement checks only.

Financial data you give us

• Expenses — every transaction you log (date, amount, currency, merchant, category, account, optional note).
• Accounts — names and types of payment methods you've configured (e.g. "DBS Juan", "Cash"). Account aliases (bank-side text that maps to a Kaya account) are also stored.
• Receipts and statements you upload — image / PDF files retained for as long as the linked expense exists. Stored on Render's persistent disk.
• Bank statement uploads — parsed in-memory; the parsed rows are stored as expenses with source='reconcile_statement'. The original statement file is retained alongside the linked expenses.

Logs and analytics

• Errors and crash reports — sent to Sentry (sentry.io), both from our servers and from the Kaya iOS app. Includes the stack trace, app version, and your user ID; we set send_default_pii=false and do not include personal data in error events. You can turn off app crash reporting in Settings → Privacy → "Don't report errors."
• Product analytics — anonymous usage events (e.g. paywall_viewed, expense_created: which screens you visit and actions you take), sent to PostHog (US region, us.i.posthog.com) and keyed by your user ID. No expense amounts, merchants, receipt/statement contents, or message text are ever sent as analytics. You can turn this off in Settings → Privacy → "Don't track my usage."
• Server logs — request lines (path, status, latency, user ID) retained for 30 days on Render.

What Kaya does NOT store

• Your Apple ID, Apple Pay card numbers, or any payment method numbers — Kaya only sees the merchant + amount that an Apple Shortcut posts.
• Bank account numbers, online-banking passwords, or OAuth tokens to your bank. Kaya does not connect to banks directly.
• Raw email body content beyond a 2KB preview, after the message has been processed.
• Voice recordings — they are transcribed on the fly and the audio is discarded.

2. Why Kaya stores it

To run the service you asked for: log expenses, query them, send notifications you opted into, and let you reconcile against bank statements. We do not sell, rent, or share your data with advertisers.

3. Where data is processed

• Render (US-East) — application server and Postgres database. render.com/privacy.
• Google Gemini API — your message text, voice transcription, or receipt image is sent to Gemini to parse it into structured expense data. Google does not use API content to train models (Gemini API terms). Requests are not retained after the response is returned.
• OpenAI (Whisper) — voice notes are transcribed via Whisper. Audio is not retained after the response.
• Telegram — if you use the Telegram bot, your messages pass through Telegram's servers under Telegram's privacy policy.
• Sentry, PostHog — error tracking and analytics as described above.
• Apple App Store / StoreKit — subscription purchase and renewal. Apple handles all payment data; Kaya only receives the subscription state.

4. Data retention and deletion

• Expense rows live until you delete them. Soft-deleted rows go to Trash; you can restore for 30 days, after which they're permanently removed.
• Email events (inbound email log under Settings) are retained 30 days for skipped events and 90 days for events that became expenses.
• To delete everything — Settings → Account → Delete account. This irreversibly removes your user, every expense, every uploaded file, and every linked record. We do not retain backups beyond 30 days, so within 30 days of deletion all traces are gone.

5. Children

Kaya is not directed at children under 13 and we do not knowingly collect data from them. If you believe a child has signed up, contact us and we will delete the account.

6. Your rights

You can request a copy of your data (Settings → Export) or deletion at any time. We respond to GDPR/CCPA requests within 30 days.

7. Changes to this policy

Material changes will be announced in-app at least 30 days before they take effect. Continued use after that date constitutes acceptance.

8. Contact

juan.e.venegas@gmail.com.