Konto

Privacy Policy

Your money is yours. So is your data.

Konto is a manual-first personal and household finance app. This policy explains exactly what information we collect, why, who processes it, and the controls you have over it. We keep it specific because a finance app should.

Effective: July 5, 2026 Last updated: July 5, 2026 Applies to: the Konto mobile app and backend service

Data at a glance

Financial data you enterTransactions, accounts, budgets — stored to run the app.
Account & identityEmail, name, hashed password, device timezone.
×
No bank connectionsKonto never links to your bank. There are no bank logins to collect.
×
Receipt photos not storedUsed once to read the receipt, then discarded. Never saved.
×
No ads or analyticsNo advertising, tracking, or data-broker SDKs. None.
×
Never soldWe do not sell or rent your personal data. Ever.

01Who we are

Konto ("Konto", "we", "us", or "our") is a personal and household finance application operated by DelmDev, an independent developer. This Privacy Policy describes how we handle personal data when you use the Konto mobile app and its backend service.

For any privacy question, or to exercise the rights described in this policy, contact us at delmdev@gmail.com.

02Scope of this policy

This policy covers the Konto mobile app (the only client) and the Konto backend service it communicates with. It does not cover third-party services that are not part of Konto, nor any website or product that links to Konto but is operated by someone else.

Konto is manual-first by design: you record your own transactions. We do not connect to your bank, import statements automatically, or access your banking credentials. This is a deliberate product decision, and it means an entire category of sensitive data simply never enters our systems.

03Information we collect

We collect only what the app needs to work. Everything below is stored in our database, encrypted at rest, unless stated otherwise.

Information you provide

CategoryWhat it includesWhy we need it
Account & identityEmail address, first and last name, and a password (stored only as a bcrypt hash — never in plain text)To create and secure your account and sign you in
Financial dataTransactions (amount, category, merchant or description, note, date/time), account names, balances and currencies, budgets, and recurring-transaction rulesThis is the core of the app — the money you choose to track
Spaces & membershipSpace names and types, memberships and roles, and invite codesTo run personal and shared spaces and let members you invite collaborate

Information collected automatically

CategoryWhat it includesWhy we need it
Device timezoneYour device's timezone, captured at signupSo recurring transactions are generated at the correct local time
Authentication artifactsSession tokens stored on our server, plus SHA-256-hashed (never plain-text) email-verification and password-reset codesTo keep you signed in and to verify email and reset requests securely
Subscription dataYour subscription entitlements and space activations, and the webhook payloads our subscription provider sends us (store and product identifiers, and your subscription-provider user id)To unlock and manage paid features (shared spaces and receipt scanning)
Receipt-scan usagePer scan: your user id, the space id, an outcome (success, not-a-receipt, or error), and a timestampTo enforce monthly scan allowances and prevent abuse

Receipt-scan usage records contain no receipt content. We record only that a scan happened and its outcome — never the image and never any text read from it. See §07.

Application logs (retained for a limited period) may incidentally contain identifiers such as your user id or request data. We do not use logs to build profiles of you.

04What we don't collect

Being specific about what we don't do matters as much as what we do:

05Device permissions

The app requests a small number of permissions, only at the moment they're needed and only for the purpose described:

On your device, your sign-in token is kept in the operating system's secure storage and deleted when you sign out. The app's data cache lives in memory only; no passwords or receipt images are persisted on the device.

06How we use your data

We use the information above to:

We do not use your financial data for advertising or profiling, and we do not sell it.

07Receipt scanning & AI processing

Receipt scanning is an optional paid feature. Here is exactly how it works:

Your receipt image is never stored. It exists only in memory for the single API request. It is not written to our database, not written to logs (not even if an error occurs), and not returned in any response. The extracted text is not stored either.

Your device never contacts Anthropic directly — all AI processing happens through our backend. Anthropic processes the image to return results and, per its API terms, does not use it to train its models.

08Who we share data with

We share data only with the service providers needed to operate Konto, and only for the purposes below. We do not share your data for their own marketing.

ProviderWhat we sendPurpose
Anthropic (Claude API)The receipt image and your space's category and account names, for a single requestReading receipts to suggest transaction fields. Not stored; not used for model training.
RevenueCatYour Konto user id; we receive subscription and purchase status backManaging subscriptions and entitlements
ResendYour email address and a verification or reset codeSending transactional email (verification and password reset) only
Amazon Web Services (AWS)All stored data, as our hosting providerCompute, database, and logging infrastructure
ExpoUpdate checks for the app (no financial data)Delivering over-the-air app updates

We may also disclose data if required by law, to comply with a valid legal process, or to protect the rights, safety, and security of our users and service.

09Storage, location & security

Your data is stored on infrastructure hosted by AWS in the United States (US East region). If you use Konto from outside the United States, your data is transferred to and processed there.

How we protect it

10Data retention & account deletion

We keep your personal and financial data for as long as your account is active, so that your history and balances stay correct.

How account deletion works

You can request to delete your account from within the app. This starts a 14-day grace period: your account is locked immediately and you are signed out, but nothing is destroyed yet. If you change your mind, you can cancel any time before the 14 days end simply by signing back in — your account is fully restored, with nothing lost. If you take no action, we process the deletion permanently after 14 days.

What deletion actually does

Konto's financial ledger is append-only: transactions are recorded as an immutable history so that balances can always be reconstructed accurately. Because of this, we delete your data by anonymizing it rather than erasing every record. Your email, name, and password, the descriptions, notes, and merchant names on your transactions, and your account and personal-space names are erased or replaced with anonymous values, so the remaining records can no longer be linked to you. This is irreversible.

Shared spaces keep a minimal record

If you shared a space with other people, removing your data entirely would corrupt their balances and history. So for transactions in a shared space, we keep a minimal, de-identified financial record — the amount, date, and category — and remove everything personal to you: your name, notes, and descriptions. To the other members, those entries appear only as "Transaction from a former member."

Your accounts and spaces

Accounts you owned are frozen and removed from any shared space — an account is your own asset and leaves with you. If you owned a shared space that other members still use, ownership passes to a remaining member so the space keeps working for them.

Subscriptions are billed separately

Deleting your Konto account does not cancel any paid subscription. Subscriptions are billed by Google Play, not by us. To stop being charged, you must also cancel your subscription directly in Google Play.

Legal retention and backups

We may retain limited information where we are required to for legal obligations, to resolve disputes, or to enforce our agreements. De-identified records may remain in the ledger, and copies made before anonymization may persist in encrypted backups for a limited period before those backups automatically expire. Certain server logs are retained only for a short window.

11Your rights & choices

You have control over your data in Konto:

Depending on where you live, you may have additional rights under local law — such as the right to access, correct, delete, or port your data, to object to or restrict certain processing, or to lodge a complaint with a data-protection authority. To exercise any right, contact us at delmdev@gmail.com.

12Children's privacy

Konto is not directed to children under 18, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us at delmdev@gmail.com and we will remove it from their account as described in §10.

13Changes to this policy

We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app. Your continued use of Konto after an update means you accept the revised policy.

14Contact us

Questions about this policy or your data? Reach us at:

DelmDev
delmdev@gmail.com

This policy is governed by the laws of Mexico.