extmoney

Privacy policy

Effective date: 05 Jul 2026 · Last updated: 07 Jul 2026


1. Who We Are

ExtMoney ("ExtMoney", "we", "us", "our") is a personal-finance application operated by Zanket, a sole proprietorship registered in Canada (Québec). We are the data controller of your personal information under the EU/UK GDPR, the Canadian PIPEDA, and Québec's Act respecting the protection of personal information in the private sector (Law 25).

  • Privacy contact: privacy@extmoney.com
  • EU representative (Art. 27 GDPR): eu@extmoney.com

We do not show third-party advertising, and we do not sell or rent your personal information. We do not use advertising, remarketing, or behavioural-tracking pixels.

2. Scope

This Policy covers personal information we process when you use ExtMoney (our mobile apps and https://extmoney.com). Region-specific terms for the EEA/UK, Canada, and California appear in the Appendices and prevail for residents of those regions where they add to the main text. We process your information only as described here, and we keep what we collect adequate, relevant, and limited to what is necessary.

3. Personal Information We Collect

  • Account & identity — email, password (stored hashed), display name, language, team/family membership.
  • Financial & transaction data — the records you create or import (amounts, currencies, dates, categories, counterparties, notes, account labels). The core content of the service.
  • Voice recordings — when you use voice entry, the audio you record. This may be sensitive (biometric) data and receives the heightened treatment in §5 and Appendix A.
  • Receipt & document images — when you use receipt scanning (OCR), the image you capture. Receipts can contain sensitive details.
  • Payment data — subscription status and limited billing metadata from Stripe/Apple/Google. We do not store full card numbers.
  • Usage & device data — app interactions, device/OS type, language, IP address, and technical logs needed to operate and secure the service, plus a device push-notification token if you enable push.
  • Consent records — which consents you gave, on which channel, when, and to which version of the terms (kept as proof that processing was authorized).

Please do not upload documents containing more sensitive information than necessary (e.g. medical or government-ID details) — only what a transaction requires.

4. How We Use Your Information & Legal Bases

PurposeLegal basis (GDPR Art. 6 / Art. 9)
Create, secure, and authenticate your accountPerformance of a contract — Art. 6(1)(b)
Provide core finance features (store, display, analyse your records)Contract — Art. 6(1)(b)
Voice transcriptionExplicit consent — Art. 9(2)(a) (biometric) + Art. 6(1)(a)
Receipt OCR; AI spending insights / category suggestionsYour consent — Art. 6(1)(a) (see §5)
Detect anomalies; fraud/abuse preventionLegitimate interests — Art. 6(1)(f)
Process subscriptions and paymentsContract — Art. 6(1)(b); legal obligation — 6(1)(c) (tax)
Service/transactional messages (security, billing, app updates)Contract — Art. 6(1)(b)
Product news / marketing messages (only if you opt in)Your consent — Art. 6(1)(a) — withdrawable anytime
Comply with legal obligationsLegal obligation — Art. 6(1)(c)

You can withdraw any consent at any time; this does not affect processing done before withdrawal.

5. AI Features, Voice & Images, and Processing Outside the EU

Please read this section. ExtMoney offers optional AI-powered features. You control each one, and the base app works fully without them.

What the features do and who processes the data. When you enable and use a feature, the relevant content is sent to an external provider to perform that feature:

FeatureWhat is sentProvider(s)Where
Voice entryYour voice recordingAssemblyAI (EU region); Google Cloud — Gemini via aiplatform.googleapis.com (EU)European Union
Receipt scanning (OCR)The receipt imageGoogle (Gemini) and OpenAI, routed via OpenRouterUnited States
AI spending insights (weekly/daily)Limited, de-identified transaction summariesAnthropic (Claude), routed via OpenRouterUnited States

Limited, purpose-bound use. These providers process your data only to perform the feature you requested, under data-processing agreements that require confidentiality and prohibit use for any other purpose. They do not use your data to train their AI models, and neither do we. We send only what the feature needs, and we delete the audio or image promptly after processing — it is not retained.

Human oversight — AI explains, it does not decide. Our AI features only summarise and surface information; the underlying calculations and any decisions about your money are made by our deterministic logic, not by the AI. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing. You can object to the use of AI features at any time by turning them off.

International transfer & safeguards. Voice recordings are processed within the European Union (see the table above) and are not transferred to the United States. Receipt OCR and AI insights are processed in the United States; for those transfers we rely on Standard Contractual Clauses approved by the European Commission under Art. 46 GDPR and/or the provider's certification under the EU-US Data Privacy Framework. You may request a copy of the relevant safeguards.

Your control. Each AI feature is off by default. You turn it on with an explicit, separate consent (an explicit consent for voice, as biometric data), shown in plain language at the point of use, and you can withdraw it anytime in Settings — after which the feature is unavailable but the rest of the app continues to work.

6. Service Providers (Sub-processors)

We share personal information only with providers that operate the service on our behalf, each under a data-processing agreement requiring equal or better protection than this Policy.

ProviderPurposeLocation
HetznerHosting & data storageGermany (EU)
StripeSubscription payments (web)EU (Stripe Technology Company, Ireland) & US
AppleIn-app purchases (iOS)US
Google (Play)In-app purchases (Android)US
AssemblyAIVoice transcriptionEU (EU region endpoint)
Google Cloud (Gemini via aiplatform.googleapis.com)Voice transcription (Gemini)EU
OpenRouterAI request routing (receipt OCR, insights)US
Google (Gemini, via OpenRouter)Receipt OCRUS
OpenAI (via OpenRouter)Receipt OCR (fallback)US
Anthropic (Claude, via OpenRouter)AI spending insightsUS
Google / FirebasePush notifications (device token + message) and aggregate, non-identifying mobile usage analyticsUS
CloudflareAnti-spam verification (Turnstile) on the public contact formUS / EU
TelegramOptional notification delivery — only if you link a Telegram chatOutside the EU

Push notifications, mobile analytics, contact-form anti-spam, and Telegram delivery are optional and apply only where you enable the relevant feature. We operate our own self-hosted error-monitoring system (see §9); error reports are not shared with a third-party monitoring provider.

7. International Data Transfers

Your data is stored in the European Union (Germany). Voice transcription is also processed within the EU (§5). Some processing still occurs outside the EU — principally in the United States (receipt OCR and AI insights in §5, payments, push notifications, and contact-form anti-spam) and, if you link a Telegram chat, notification delivery outside the EU. For these transfers we rely on appropriate safeguards: Standard Contractual Clauses approved by the European Commission (Art. 46 GDPR) and/or the provider's certification under the EU-US Data Privacy Framework. For transfers from jurisdictions that do not automatically treat Canada as adequate, we take the steps necessary to satisfy those requirements. You may request a copy of the safeguards by contacting us.

8. Data Retention

  • Account & financial data — retained while your account is active. When you delete your account, your personal and financial data is permanently and irreversibly deleted (it cannot be recovered), except where longer retention is legally required (see payment/billing records below).
  • Voice recordings & receipt images — not retained; deleted promptly after the feature has produced its result.
  • Payment/billing records — retained for 6 years to meet Canadian tax and accounting obligations.
  • Technical logs — retained for 90 days.
  • Consent records — retained for the duration of the consent and the applicable limitation period thereafter, as proof that processing was authorized.

9. How We Protect Your Information

We use technical and organisational measures appropriate to the sensitivity of financial data: encryption in transit and at rest, hashed passwords, access controls limited to authorised personnel, and server-side enforcement of all access boundaries. Our error monitoring is self-hosted on our own infrastructure in the European Union and is configured to scrub personal data from error reports before they are stored. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your Rights

Subject to applicable law, you have the right to: access your data and receive a copy; rectify inaccurate data; erase your data; restrict or object to certain processing; withdraw consent at any time where processing is based on consent; and data portability — to receive the personal information you provided in a structured, commonly used, and machine-readable format and to transmit it to another controller, where technically feasible. You may also lodge a complaint with your supervisory authority (see Appendices).

We provide a free machine-readable export and in-app controls to manage your data and consents. To exercise any right, contact privacy@extmoney.com; we will respond within the timeframes required by law and may verify your identity first.

11. Cookies and Similar Technologies

ExtMoney uses only strictly necessary cookies required to operate the service (for example, to keep you signed in). With your consent, we may use limited analytics to understand and improve the service; on our mobile apps this is Google Analytics for Firebase, limited to aggregate, non-identifying usage events (e.g. screen views) with no advertising identifiers. Our public contact form uses Cloudflare Turnstile to prevent spam, which may set a strictly-necessary token. We do not use advertising, remarketing, or behavioural-tracking cookies, and we do not use session-recording or fingerprinting technologies. Where non-essential cookies are used, a banner lets you accept or reject them, and you can change your choice at any time.

12. Children's Privacy

ExtMoney is intended for adults and is not directed to children under 18. We do not knowingly collect personal information from children; if you believe a child has provided us data, contact privacy@extmoney.com and we will delete it.

13. Changes to This Policy

We may update this Policy. We will post the updated version with a new "Last updated" date and, for material changes, notify you in-app before they take effect and, where required, seek your consent.

14. Contact Us

  • General: hello@extmoney.com
  • Privacy: privacy@extmoney.com
  • EU representative (Art. 27 GDPR): eu@extmoney.com

Appendix A — EEA / UK Users (GDPR)

  • Legal bases. As in §4.
  • International transfers. Some processing is in the US under the safeguards in §§5 and 7 (SCC / DPF).
  • Your rights. Access, rectification, erasure, restriction, objection, portability, withdrawal of consent (§10).
  • Right to complain. To your national supervisory authority (e.g. CNIL in France, the BfDI/state authorities in Germany, the AEPD in Spain).
  • Automated decision-making. We do not make decisions producing legal or similarly significant effects about you based solely on automated processing (§5).

Appendix B — Canada (PIPEDA & Québec Law 25)

  • Privacy officer. privacy@extmoney.com is responsible for our compliance and is your contact for privacy questions and complaints.
  • Consent. We collect, use, and disclose personal information with your consent, as described here.
  • Cross-border processing. Your data is stored in the EU (Germany) and certain processing occurs in the US (§§5–7); contact our privacy officer for details.
  • Your rights under Law 25. Access, correction, portability, withdrawal of consent, and de-indexing, per applicable law.
  • Breach notification. We will notify you and the Commission d'accès à l'information of confidentiality incidents presenting a risk of serious injury, as required by Law 25.

Appendix C — California (CCPA/CPRA)

  • Categories collected. Identifiers (email); financial/commercial information (transaction records); audio (voice recordings); visual (receipt images); internet/network activity (usage data). For the business purposes in §4.
  • No sale/sharing. We do not sell your personal information and do not share it for cross-context behavioural advertising.
  • Sensitive personal information. Used only to provide the requested service; not used to infer characteristics.
  • Your California rights. To know, delete, correct, opt out of sale/sharing, limit use of sensitive personal information, and non-discrimination. Contact privacy@extmoney.com.