Privacy Policy

Last updated: March 15, 2026 · Appmentor OU · [email protected]

Appmentor OU (“we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, Waget (the “App”), and our website at waget.app (the “Website”).

Please read this Privacy Policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

1. Who We Are

The data controller responsible for your personal information for the purposes of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

Appmentor OU
Estonia / Europe
Email: [email protected]

2. Information We Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device.

A. Personal Data You Provide to Us

Account Information: When you register for an account via Sign in with Apple or email and password, we collect your email address and display name. If you use Sign in with Apple, we receive the information you choose to share (name and email, which may be a private relay address).
Profile Information: You may optionally upload a profile photo, which is stored securely in our cloud infrastructure.
Financial Data: The core function of Waget is expense and income tracking. We process the data you input, including:
- Transaction amounts, types (income/expense), dates, and notes
- Transaction categories (e.g., Food, Rent) and custom categories you create
- Tags associated with transactions
- Wallet names, icons, colors, currencies, and balances
- Budget names, spending limits, and time periods
- Recurring transaction templates (amount, frequency, category)
Wallet Sharing Data: If you use the wallet sharing feature, we process the email addresses of people you invite, invitation status, and sharing roles (owner, editor, viewer). Shared wallet data (transactions, balances) is visible to all participants of that wallet.
Voice Data: When you use the voice input feature (“Voice Tracking”), we process your voice recordings to convert speech into text and extract transaction details (amount, category, date).
Customer Support Information: Information you provide when you contact us for help, including feedback submitted through the App or the Website contact form.

B. Information Collected Automatically

Device Information: We collect information about the device you use to access the App, including the hardware model, operating system and version, unique device identifiers (a persistent device ID generated by the App and Firebase Installation ID), and app version.
Usage and Log Data: We collect information about your interactions with the App, such as the features you use (e.g., transaction operations, voice input events, chart views, filter usage), the time spent on the App, screen views, and crash logs to improve stability.
Subscription Status: We record whether you have an active premium subscription and which plan you are on, for the purpose of enabling premium features.
App Installation Date: We record the date of first installation for analytics and onboarding purposes.
Location Data: We do not track your precise real-time location. We may derive approximate location (country/region) from your IP address for analytics and localization purposes (e.g., currency defaults).

3. How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Maintain the Service: To manage your expenses, wallets, budgets, and analytics; to verify your identity; to process your voice commands; and to synchronize your data between your device and the cloud.
Cloud Synchronization: To provide real-time data backup and synchronization so your financial data is accessible and protected across sessions. Your data is stored both locally on your device and in our secure cloud infrastructure.
Wallet Sharing: To enable collaboration features, allowing you to share wallets with other users and manage shared financial data.
Voice Processing: To convert your spoken audio into text transaction data using AI and Natural Language Processing (NLP) technologies.
Subscription Management: To manage your premium subscription, verify entitlements, and process purchases through the Apple App Store.
Notifications: To send you transaction reminders, budget alerts, wallet sharing invitations, and other in-app notifications you have opted into.
App Improvement & Analytics: To understand how users interact with Waget, measure the performance of features, identify and fix bugs, and improve usability using analytics tools.
Communication: To send you administrative information, such as updates to this policy, security alerts, or support responses.
Legal Compliance: To comply with applicable laws and regulations.

4. Cloud Sync & Data Backup

Waget provides automatic cloud synchronization to keep your financial data safe and up to date.

How It Works: Your data (wallets, transactions, categories, tags, budgets, recurring transactions) is stored locally on your device using Apple’s SwiftData framework and simultaneously synchronized to Google Firebase Firestore (our cloud database).
Bidirectional Sync: Changes made on your device are pushed to the cloud, and changes from the cloud (e.g., from shared wallets) are pulled to your device in real time.
Data Ownership: You retain full ownership of your financial data. You can request deletion of your cloud data at any time by deleting your account.
Profile Images: If you upload a profile photo, it is stored in Google Firebase Storage and compressed for efficient delivery (JPEG format, approximately 200 KB).

5. Wallet Sharing & Collaboration

Waget allows you to share wallets with other users for collaborative financial tracking.

Invitation System: You can invite other Waget users to access your wallets by entering their email address. They will receive an in-app invitation.
Roles: Shared wallets support three access levels: Owner (full control), Editor (can add/edit transactions), and Viewer (read-only access).
Shared Data: When you share a wallet, all transaction data, categories, and balances within that wallet become visible to the other participants according to their role. Participants can see transaction details including amounts, categories, dates, and notes.
Revoking Access: The wallet owner can revoke any participant’s access at any time.

6. Voice Data and Artificial Intelligence

Waget uses Artificial Intelligence (AI) to interpret your voice commands.

On-Device Recognition: Voice audio is first processed on your device using Apple’s Speech Recognition framework (SFSpeechRecognizer) to convert speech to text.
Server-Side Processing: The transcribed text is then sent to our secure backend API for AI-powered parsing to extract transaction details (amount, category, date). This processing uses Natural Language Processing to understand your intent.
Storage: We do not retain your raw audio files. Once the speech is transcribed and the transaction is processed, the audio data is discarded.
Language Support: Voice input supports 57 languages with automatic language detection based on your device settings.
Privacy: We do not use your voice data for advertising purposes or to build voice profiles.

7. Subscription & Payment Data

Waget offers a premium subscription with additional features.

Payment Processing: All payments are processed by Apple through the App Store. We do not collect or store your payment card details, bank account information, or Apple ID password.
Subscription Management: We use RevenueCat as our subscription infrastructure provider. RevenueCat receives your anonymous user identifier, purchase history, subscription status, and product identifiers to manage your entitlements. RevenueCat does not receive your name, email, or financial data.
What We Store: We record your subscription status (free or premium), the type of plan (monthly or yearly), and entitlement status to enable or restrict premium features within the App.

8. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using the personal information described above depends on the personal information concerned and the specific context in which we collect it.

Performance of a Contract: To provide the App services to you, including budget tracking, cloud synchronization, wallet sharing, and subscription management.
Legitimate Interests: To analyze App usage and improve our services via analytics tools; to ensure the security of the App; and to manage subscriptions.
Consent: We ask for your consent to access your device’s microphone for voice input and to send you push notifications. You can withdraw this consent at any time in your device settings.

9. Disclosure of Your Information

We do not sell, trade, or rent your personal identification information to others. We may share information with the following service providers who perform services on our behalf:

Cloud Infrastructure & Database: Google Firebase (Firestore, Authentication, Storage, Remote Config) to securely store and process your data, manage authentication, and host profile images.
Analytics and Crash Reporting: Google Firebase Analytics, Firebase Crashlytics, and Firebase Performance Monitoring to measure App usage, identify crashes, and monitor performance. The information collected is generally pseudonymized.
Subscription Management: RevenueCat to manage subscription entitlements and purchase verification.
Wallet Sharing Participants: When you share a wallet, the financial data in that wallet is shared with the users you invite. Their email address is used to deliver the invitation.
Website Contact Form: Formspree processes support form submissions on our Website.
Website Analytics: Google Analytics 4 is used on our Website to understand visitor traffic.
Legal Requirements: If required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).
Business Transfers: In connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

10. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.

Account Data: Retained as long as your account is active. When you delete your account through the App, all associated data (profile, wallets, transactions, categories, tags, budgets, recurring transactions, invitations, and notifications) is permanently deleted from our cloud servers.
Voice Data: Raw audio is not retained after processing. Only the resulting transaction data (text) is stored as part of your financial records.
Analytics Data: Anonymized and aggregated usage data is retained for a reasonable period for internal analysis and product improvement.
Crash Reports: Error and crash data is retained for up to 90 days to allow for investigation and resolution of issues.
Subscription Data: Purchase and subscription history managed by RevenueCat is retained according to RevenueCat’s data retention policies and applicable legal requirements.

11. Data Security

We take the security of your data seriously and implement multiple layers of protection:

Encryption in Transit: All data transmitted between the App and our servers is encrypted using SSL/TLS. We implement certificate pinning (public key pinning) to prevent man-in-the-middle attacks.
Encryption at Rest: Your financial data is stored in Google Firebase’s secure cloud infrastructure, which provides encryption at rest.
Secure Credential Storage: Sensitive credentials are stored in the iOS Keychain, Apple’s secure storage mechanism.
Authentication Security: Sign in with Apple uses cryptographic nonce verification. Passwords are managed by Firebase Authentication and are never stored in plain text.
App Integrity: The App includes security measures to detect compromised devices and protect against tampering.
API Security: API keys and sensitive configuration values are encrypted within the App binary.

However, please be aware that no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. We strive to use commercially acceptable means to protect your data, but we cannot guarantee its absolute security.

12. Your Data Protection Rights

Depending on your location, you may have the following rights:

The right to access: You have the right to request copies of your personal data.
The right to rectification: You have the right to request that we correct any information you believe is inaccurate.
The right to erasure: You have the right to request that we erase your personal data (“Right to be forgotten”). You can delete your account directly within the App, which will permanently remove all your data from our servers.
The right to restrict processing: You have the right to request that we restrict the processing of your personal data.
The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured and machine-readable format.
The right to object: You have the right to object to our processing of your personal data where we rely on legitimate interests.
The right to withdraw consent: Where we rely on your consent to process your data (e.g., microphone access, notifications), you can withdraw consent at any time through your device settings.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days.

13. International Data Transfers

Your information, including Personal Data, may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Our primary data processing occurs through Google Firebase services, which may process data in various locations globally. If you are located outside the United States and choose to provide information to us, please note that data may be processed in jurisdictions where our cloud providers operate. We ensure appropriate safeguards (such as Standard Contractual Clauses) are in place to protect your data during international transfers.

14. Children’s Privacy

Waget does not address anyone under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personally identifiable information from children. If we discover that a child has provided us with personal data, we immediately delete this from our servers. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

15. California Privacy Rights (CCPA)

If you are a California resident, you have specific rights regarding your personal information under the California Consumer Privacy Act (CCPA), including:

The right to know what personal information we collect, use, and disclose.
The right to request deletion of your personal data.
The right to opt-out of the sale of personal information. We do not sell your personal data.
The right to non-discrimination for exercising your CCPA rights.

To exercise these rights, please contact us at [email protected].

16. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page, updating the “Last Updated” date, and where appropriate, notifying you through the App. You are advised to review this Privacy Policy periodically for any changes.

17. Contact Us

If you have any questions about this Privacy Policy, your data, or your rights, please contact us:

Appmentor OU
Estonia / Europe
Email: [email protected]

You also have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.