Privacy Policy
Konto is a manual-first personal and household finance app. This policy explains exactly what information we collect, why, who processes it, and the controls you have over it. We keep it specific because a finance app should.
Konto ("Konto", "we", "us", or "our") is a personal and household finance application operated by DelmDev, an independent developer. This Privacy Policy describes how we handle personal data when you use the Konto mobile app and its backend service.
For any privacy question, or to exercise the rights described in this policy, contact us at delmdev@gmail.com.
This policy covers the Konto mobile app (the only client) and the Konto backend service it communicates with. It does not cover third-party services that are not part of Konto, nor any website or product that links to Konto but is operated by someone else.
Konto is manual-first by design: you record your own transactions. We do not connect to your bank, import statements automatically, or access your banking credentials. This is a deliberate product decision, and it means an entire category of sensitive data simply never enters our systems.
We collect only what the app needs to work. Everything below is stored in our database, encrypted at rest, unless stated otherwise.
| Category | What it includes | Why we need it |
|---|---|---|
| Account & identity | Email address, first and last name, and a password (stored only as a bcrypt hash — never in plain text) | To create and secure your account and sign you in |
| Financial data | Transactions (amount, category, merchant or description, note, date/time), account names, balances and currencies, budgets, and recurring-transaction rules | This is the core of the app — the money you choose to track |
| Spaces & membership | Space names and types, memberships and roles, and invite codes | To run personal and shared spaces and let members you invite collaborate |
| Category | What it includes | Why we need it |
|---|---|---|
| Device timezone | Your device's timezone, captured at signup | So recurring transactions are generated at the correct local time |
| Authentication artifacts | Session tokens stored on our server, plus SHA-256-hashed (never plain-text) email-verification and password-reset codes | To keep you signed in and to verify email and reset requests securely |
| Subscription data | Your subscription entitlements and space activations, and the webhook payloads our subscription provider sends us (store and product identifiers, and your subscription-provider user id) | To unlock and manage paid features (shared spaces and receipt scanning) |
| Receipt-scan usage | Per scan: your user id, the space id, an outcome (success, not-a-receipt, or error), and a timestamp | To enforce monthly scan allowances and prevent abuse |
Receipt-scan usage records contain no receipt content. We record only that a scan happened and its outcome — never the image and never any text read from it. See §07.
Application logs (retained for a limited period) may incidentally contain identifiers such as your user id or request data. We do not use logs to build profiles of you.
Being specific about what we don't do matters as much as what we do:
The app requests a small number of permissions, only at the moment they're needed and only for the purpose described:
On your device, your sign-in token is kept in the operating system's secure storage and deleted when you sign out. The app's data cache lives in memory only; no passwords or receipt images are persisted on the device.
We use the information above to:
We do not use your financial data for advertising or profiling, and we do not sell it.
Receipt scanning is an optional paid feature. Here is exactly how it works:
Your receipt image is never stored. It exists only in memory for the single API request. It is not written to our database, not written to logs (not even if an error occurs), and not returned in any response. The extracted text is not stored either.
Your device never contacts Anthropic directly — all AI processing happens through our backend. Anthropic processes the image to return results and, per its API terms, does not use it to train its models.
Your data is stored on infrastructure hosted by AWS in the United States (US East region). If you use Konto from outside the United States, your data is transferred to and processed there.
We keep your personal and financial data for as long as your account is active, so that your history and balances stay correct.
You can request to delete your account from within the app. This starts a 14-day grace period: your account is locked immediately and you are signed out, but nothing is destroyed yet. If you change your mind, you can cancel any time before the 14 days end simply by signing back in — your account is fully restored, with nothing lost. If you take no action, we process the deletion permanently after 14 days.
Konto's financial ledger is append-only: transactions are recorded as an immutable history so that balances can always be reconstructed accurately. Because of this, we delete your data by anonymizing it rather than erasing every record. Your email, name, and password, the descriptions, notes, and merchant names on your transactions, and your account and personal-space names are erased or replaced with anonymous values, so the remaining records can no longer be linked to you. This is irreversible.
If you shared a space with other people, removing your data entirely would corrupt their balances and history. So for transactions in a shared space, we keep a minimal, de-identified financial record — the amount, date, and category — and remove everything personal to you: your name, notes, and descriptions. To the other members, those entries appear only as "Transaction from a former member."
Accounts you owned are frozen and removed from any shared space — an account is your own asset and leaves with you. If you owned a shared space that other members still use, ownership passes to a remaining member so the space keeps working for them.
Deleting your Konto account does not cancel any paid subscription. Subscriptions are billed by Google Play, not by us. To stop being charged, you must also cancel your subscription directly in Google Play.
We may retain limited information where we are required to for legal obligations, to resolve disputes, or to enforce our agreements. De-identified records may remain in the ledger, and copies made before anonymization may persist in encrypted backups for a limited period before those backups automatically expire. Certain server logs are retained only for a short window.
You have control over your data in Konto:
Depending on where you live, you may have additional rights under local law — such as the right to access, correct, delete, or port your data, to object to or restrict certain processing, or to lodge a complaint with a data-protection authority. To exercise any right, contact us at delmdev@gmail.com.
Konto is not directed to children under 18, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us at delmdev@gmail.com and we will remove it from their account as described in §10.
We may update this policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you in the app. Your continued use of Konto after an update means you accept the revised policy.
Questions about this policy or your data? Reach us at:
DelmDev
delmdev@gmail.com
This policy is governed by the laws of Mexico.