Privacy Policy

This Privacy Policy describes how Plata (package identifier app.plata.mobile) collects, uses, and protects users’ personal and financial information. Plata is a mobile personal-finance application that lets users record expenses and analyze receipts using artificial intelligence. By using the app, you accept the practices described in this document.

1. Information we collect

We only collect the information needed to provide the app’s features.

1.1 Account data

• Email and name, obtained when you sign up or sign in with Google or Apple.

1.2 Profile data (optional)

• Monthly income, voluntarily entered by the user.
• Savings goal, free-text field voluntarily entered by the user.
• Preferred language and currency, display preferences.

1.3 Financial data

For each recorded expense we store:

• Merchant name
• Amount and currency
• Category (food, transport, shopping, entertainment, bills, health, or other)
• Expense date
• Optional notes

1.4 Device permissions

• Camera: to capture receipt photos for AI analysis.
• Photo library: to select previously saved receipt images.

We do not collect location, contacts, microphone, browsing history, device sensors, or advertising identifiers.

2. How we use information

We use the collected information solely to:

• Authenticate the user and maintain an active session.
• Record, display, and categorize personal expenses.
• Analyze receipt photos with AI to automatically extract merchant, amount, category, date, and line items.
• Generate personalized financial summaries and insights inside the app.
• Keep the user’s language and currency preferences.
• Comply with applicable legal obligations.

We do not use data for advertising, we do not profile users for commercial purposes, and we do not sell personal data to third parties.

3. Sharing with third parties

Plata does not sell or transfer personal data to third parties for commercial or advertising purposes. Information is shared only with the following providers, and only to the extent needed for the app to function:

• Firebase Authentication (Google LLC): used exclusively for user authentication. We do not use Firestore or other Firebase databases.
• Google Sign-In and Apple Sign-In: OAuth providers for social login.
• OpenRouter (Anthropic Claude Haiku): used server-side to analyze receipt photos with AI. Images are sent for processing and are not stored or reused for model training.
• Expo (Expo, Inc.): platform used to deliver over-the-air (OTA) updates for the app.

Each of these services has its own privacy policy, which we recommend reviewing.

4. Data storage and security

• User data is stored in a PostgreSQL database managed by us.
• We do not use Firestore or persistent local storage of sensitive data on the device.
• Communication between the app and the server is encrypted using HTTPS/TLS.
• Data access is restricted through authentication and server-side access controls.
• We apply reasonable administrative, technical, and organizational safeguards to protect information against unauthorized access, loss, or alteration.

No system is completely secure; in the event of an incident affecting personal data, we will notify users and the competent authorities as required by applicable law.

5. Camera and photo usage

The app only requests access to the camera and photo library when the user chooses to capture or select a receipt image.

• Receipt photos are sent to our server for AI analysis.
• Photos are not stored on our server or on the device after analysis.
• The analysis only extracts: merchant, amount, category, date, and line items.
• No facial recognition, biometric analysis, or processing unrelated to receipt data extraction is performed.

You may revoke camera and photo library permissions at any time from your device settings, without affecting the rest of the app’s functionality.

6. User rights

You have the right to:

• Access the personal data we hold about you.
• Rectify inaccurate or incomplete data.
• Delete your account and associated data.
• Object to or restrict certain processing of your data.
• Portability: request a copy of your data in a structured format.
• Withdraw consent at any time, without retroactive effect.

To exercise any of these rights, contact us at angel@angelkurten.com. We will respond within a reasonable time frame as required by applicable law.

7. Data retention

• Account data and recorded expenses are kept while the account remains active.
• When a user requests deletion of their account or a record, we apply soft-delete: data becomes immediately inaccessible but may be kept temporarily for recovery, audit, or legal compliance purposes.
• After a reasonable period, data marked for deletion is permanently removed.
• Receipt photos are not retained; they are removed after AI analysis completes.

8. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the app, in the services we use, or in applicable law. When we make significant changes, we will update the effective date at the top of this document and, when appropriate, notify users within the app.

We recommend reviewing this page periodically.

9. Contact

If you have questions, comments, or requests regarding this Privacy Policy or the processing of your data, you can reach us at:

• Data controller: Angel Kurten
• Email: angel@angelkurten.com
• App: Plata (app.plata.mobile)