Privacy Policy

SumiQ is a personal finance tracker built by an independent developer. This policy explains what data the app handles, what it doesn't, and your rights over it. The app is designed around the principle that your financial data belongs to you and should stay on your devices.

1. Summary

• No analytics SDKs, no advertising IDs, no third-party trackers.
• Your transactions, categories, budgets, and lists live in your private iCloud — we never see them.
• Voice transcription happens on-device whenever your iOS version supports it. Audio recordings are never persisted by the app and are never transmitted.
• When you use the AI categorization feature, the transcribed text plus a few small technical fields (your list of category names, locale, and an anonymous device id used only for rate-limiting) are sent through our server to OpenAI. Amounts of past transactions, dates, notes, names, and any other personal information are not transmitted.
• Subscriptions are managed via Apple's StoreKit and tracked anonymously by RevenueCat.

2. Data that stays on your device and in your iCloud

The following is created, stored, and synced entirely between your devices and your personal iCloud account using Apple's CloudKit. The developer of SumiQ has no access to it.

• Transactions (amount, category, date, optional note)
• Categories you create or customise
• Budget limits per category
• Lists you create (e.g. Personal, Work, Household)
• Recurring-transaction templates
• App settings and preferences

Apple's privacy terms govern your iCloud data — see apple.com/legal/privacy.

3. Third-party services we use

RevenueCat (subscription management)

Subscriptions are processed through Apple's StoreKit. We use RevenueCat to verify entitlements and track subscription status (active, expired, cancelled). RevenueCat receives an anonymous user identifier and your purchase record with Apple. It does not receive your transactions, categories, or any other in-app content. RevenueCat's privacy policy: revenuecat.com/privacy.

Cloudflare Worker (AI request proxy)

Voice and manual transaction entries are matched to one of your categories using AI. The request is sent over HTTPS to a small proxy worker we run on Cloudflare's edge network. The proxy forwards the following to the AI provider:

• The transcribed text of what you said or typed (the "utterance")
• Your list of category names and emojis (so the AI can pick the best match)
• Your locale identifier (e.g. en_US / ru_RU) as a language hint to the AI

The proxy additionally receives — but does NOT forward to the AI provider — an anonymous device identifier we use only to enforce a daily rate-limit (200 requests/device/day; 800/month) against abuse. The proxy logs request metadata (utterance length, category count, and the first 8 characters of the anonymous device id) for service operation; the request body contents themselves are not logged. Cloudflare's privacy policy: cloudflare.com/privacypolicy.

OpenAI (AI categorization)

Our proxy forwards the request to OpenAI's gpt-4.1-mini model, which returns the best-matching category from your list along with a parsed amount, currency, and date offset. Per OpenAI's API data-usage policy, API request data is retained by OpenAI for up to 30 days for abuse-monitoring purposes and is not used to train their models. OpenAI's privacy policy: openai.com/policies/privacy-policy.

Apple Foundation Models (on-device AI, when available)

On supported devices and iOS versions (iPhone with Apple Intelligence enabled, iOS 26 or later), AI categorization runs entirely on-device using Apple Foundation Models. In that case no data leaves your phone — neither to our proxy nor to OpenAI.

4. Microphone and speech recognition

The microphone is accessed only when you tap the microphone button in the app. Speech is transcribed on-device whenever your iOS version supports on-device Speech recognition (the app sets Apple's requiresOnDeviceRecognition = true flag where supported); otherwise iOS may use its own server-side recognition (governed by Apple's privacy terms). The resulting text is then sent to the AI categorization flow described above.

Audio recordings are never persisted by the app, never written to disk, and never transmitted to our server or to any AI provider. Only the resulting transcribed text is used.

5. What we do not collect

• No analytics tracking — no Mixpanel, Firebase, Amplitude, or similar SDKs.
• No advertising identifiers, no IDFA, no advertising frameworks.
• No location data.
• No access to contacts, calendar, photos, files outside the app, or other apps' data.
• No personal information such as name, email, or phone number — the app does not require sign-in.
• No cross-device tracking outside of your own iCloud sync.

6. Your rights

Because almost all of your data is stored entirely on your devices and in your private iCloud, most data-protection rights are exercised directly through the app and Apple's settings, with no request to us required.

• Access — every piece of data is visible inside the app.
• Export — use the CSV export from Settings.
• Correction — edit any transaction, category, or budget in the app.
• Deletion — Settings → Reset all data clears both the local and iCloud copies. Deleting the app from your device also removes the local copy; iCloud copies can be wiped from your iOS device's Settings → [your Apple ID] → iCloud → Manage Storage → SumiQ.
• Subscription cancellation — Settings app → [your Apple ID] → Subscriptions → SumiQ.

For matters that require us specifically — for example, deletion of any anonymous subscription record held by RevenueCat — write to support@sumiq.me and we will process the request within 30 days.

Right to lodge a complaint. If you believe we have not handled your data fairly, you have the right to lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD — aepd.es) or with the supervisory authority of your EU/EEA member state. If you are outside the EU/EEA, you may also contact your local data protection authority.

7. Children

SumiQ is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has used the app and submitted data through the AI feature, please contact support@sumiq.me.

8. Data retention

Your app data is retained for as long as you keep it in the app and in iCloud. Anonymous subscription records held by RevenueCat are retained according to their policy, typically for the lifetime of your subscription plus a regulatory retention window.

9. International transfers

Where AI categorization is performed by Anthropic, request data may be processed on infrastructure located in the United States. Cloudflare may route the request via edge locations in multiple regions. Both providers operate under Standard Contractual Clauses for transfers from the EU/UK.

10. Security

All network traffic uses HTTPS with certificate pinning where appropriate. Local app data is protected by iOS Data Protection and stored in the app's sandbox. iCloud data is encrypted in transit and at rest by Apple. Subscription receipts are validated server-side by RevenueCat to resist tampering.

11. Governing law and jurisdiction

This Privacy Policy and any data-protection matter relating to SumiQ are governed by the laws of the Kingdom of Spain and the European Union (in particular Regulation (EU) 2016/679, "GDPR", and the Spanish Organic Law 3/2018 on Personal Data Protection and Digital Rights, "LOPDGDD"). Any dispute that cannot be resolved amicably with the developer (see Contact below) shall be subject to the exclusive jurisdiction of the courts of Barcelona, Spain, without prejudice to consumer-protection rules that grant the user the right to litigate in their own country of residence within the EU.

12. Changes to this policy

We will update this page when our practices change. Material changes will also be surfaced through an in-app notice on the next app launch.

13. Contact

Questions, requests, or complaints: support@sumiq.me.