1. Introduction

Welcome to Tuni ("we," "our," or "us"). Tuni is a personal finance management application that helps you track expenses, manage budgets, and improve your financial habits through an AI-powered chat interface with our mascot, Tuni.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and related services (collectively, the "Service"). Please read this policy carefully. By using Tuni, you agree to the collection and use of information in accordance with this policy.

Effective Date: March 14, 2026

2. Information We Collect

We collect information that you provide directly, as well as information generated through your use of the Service.

2.1 Account Information

When you create an account, we collect:

• Email address — used for account identification and communication
• Name — displayed in your profile
• Profile picture — from your Google or Apple account (optional)
• Authentication provider — whether you signed in via Google, Apple, or email

2.2 Financial Data

To provide the core service, we collect:

• Transactions — amounts, descriptions, categories, dates, and merchant names
• Budget information — monthly budget amounts and category-specific budgets
• Categories — both default and custom spending categories you create

2.3 Chat Data

When you interact with Tuni, we collect:

• Text messages — your chat messages are processed by our AI to parse expense information
• Images — receipt photos you send for OCR scanning

2.4 Receipt Images

When you use the receipt scanning feature:

• Uploaded photos — images of receipts you capture or select from your gallery
• OCR scan results — extracted text and structured data from receipt images

2.5 Usage & Preferences

• App preferences — language, currency, theme, AI personality selection
• Notification settings — daily reminder times, notification preferences
• Reminders — recurring payment reminders you set up

2.6 Gamification Data

• Activity data — daily streaks, XP points, current level
• Achievements — badges unlocked and unlock dates

2.7 Device Information

• Device type and OS — for app compatibility and optimization
• FCM device token — for sending push notifications
• Timezone — for accurate date/time handling

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service — process your transactions, generate reports, manage budgets
• AI-powered features — parse natural language expense messages and scan receipts using Google Gemini AI
• Push notifications — send daily reminders, streak alerts, budget warnings, and badge celebrations
• Gamification — track streaks, award XP and badges to motivate good financial habits
• Improve the Service — understand usage patterns to enhance features and fix issues
• Communicate with you — respond to support requests and send important updates

4. Data Sharing & Third Parties

We do NOT sell your personal data. We only share your data with the following service providers who are essential to delivering the Service:

Service Provider	Data Shared	Purpose
Firebase Authentication (Google)	Email, name, OAuth tokens	User authentication (Google/Apple sign-in)
Firebase Cloud Messaging (Google)	FCM device token	Push notifications delivery
Firebase Storage (Google)	Receipt images	Secure image storage
Google Gemini AI	Chat text, receipt images	AI expense parsing and OCR

All third-party providers are bound by their own privacy policies and data processing agreements. We encourage you to review Google's Privacy Policy for more information.

We may also disclose your information if required by law, court order, or to protect the rights and safety of Tuni and its users.

5. Data Storage & Security

We take the security of your data seriously and implement the following measures:

• Encryption in transit — all data transmitted between the app and our servers is encrypted using HTTPS/TLS
• Encryption at rest — your financial data is stored in an encrypted PostgreSQL database on a secure VPS
• Secure image storage — receipt images are stored in Firebase Storage with access-controlled signed URLs
• Token security — authentication tokens are stored securely using platform-native secure storage (iOS Keychain / Android Keystore)
• Rate limiting — API rate limiting protects against abuse
• Input validation — all data inputs are validated and sanitized server-side

6. Data Retention

We retain your data as follows:

• Account data — retained while your account is active. Deleted within 30 days of an account deletion request.
• Transaction data — soft-deleted when you delete a transaction, permanently removed after 90 days.
• Chat messages — retained while your account is active.
• Receipt images — retained for 1 year after upload, then automatically deleted.
• Gamification data — deleted when your account is deleted.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Deletion — request deletion of your account and all associated data
• Data portability — request an export of your data in a machine-readable format
• Withdraw consent — withdraw consent for optional data processing (e.g., push notifications)
• Object — object to processing of your data based on legitimate interests
• Complaint — lodge a complaint with a data protection supervisory authority in your jurisdiction

To exercise any of these rights, please contact us at tuniapp.support@gmail.com. We will respond within 30 days.

For European Economic Area (EEA) Residents

Under the General Data Protection Regulation (GDPR), our legal bases for processing are:

• Contract — processing necessary to provide the Service (transactions, budgets, AI parsing)
• Consent — for optional features (push notifications, preference settings)
• Legitimate interest — for gamification features and service improvement

For California Residents

Under the California Consumer Privacy Act (CCPA), you have additional rights including the right to know what personal information is collected, shared, or sold, and the right to opt-out of the sale of personal information. We do not sell personal information.

8. International Data Transfers

Your data may be processed in countries outside your own, including the United States and European Union, where our service providers (Firebase, Google Cloud) operate. When we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and data processing agreements.

9. Children's Privacy

Tuni is not directed to children under the age of 13 (or the applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately and we will take steps to delete such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you through the app via a push notification or in-app message
• Send an email notification for significant changes

Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: tuniapp.support@gmail.com

We aim to respond to all inquiries within 30 business days.