Privacy Policy

Last updated: January 4, 2026

Legal Business Information

Yomio is operated by Artsiom Hontar, an autonomous entrepreneur registered in Spain with NIF Z2600619Z. Address: Calle de Colombia 14D, Spain.

1. Introduction

Welcome to Yomio ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

2. Information We Collect

2.1 Summary – What we collect

  • Account information: name and email used for your account (authentication via AWS Cognito)
  • Receipt images & purchase data: photos you upload and structured data extracted from receipts (items, dates, totals)
  • Family & sharing data: information about people you invite to share expense tracking
  • Subscription data: entitlements and platform receipt identifiers used to manage paid features
  • Device & usage data: device type, app version, usage events and diagnostic logs

2.2 Notes (permissions, analytics, biometric)

  • Camera & Photo Library: Camera access is required for receipt scanning; choosing a photo from your library is optional and only used with your permission.
  • Analytics (Mixpanel): Analytics are disabled by default for EU users and otherwise governed by the app consent flow – you can opt out anytime.
  • App Tracking Transparency (iOS): Where required, we request ATT consent before enabling cross-app tracking for analytics; you control this via the consent flow and device settings.
  • Biometric authentication: Biometric templates never leave your device – biometric unlock is used only to secure a local session token.

3. How We Use Your Information

  • To provide and maintain our receipt scanning and expense tracking services
  • To process receipt images using AWS Textract OCR technology
  • To automatically categorize purchases and items using AI
  • To generate spending analytics and insights
  • To enable family sharing features
  • To process subscription payments and manage your account
  • To send you notifications about your account and services
  • To improve our services and develop new features
  • To detect, prevent, and address technical issues or fraudulent activity
  • To comply with legal obligations

4. Data Storage and Security

4.1 Cloud Storage

  • AWS S3: Receipt images and related files are stored on Amazon S3. Uploaded images are processed by our backend and may be passed to AWS Textract for OCR.
  • AWS Textract: We use Amazon Textract to perform OCR on receipt images to extract text, totals, line items and other structured data.
  • AWS RDS (PostgreSQL): Processed purchase and user metadata are stored in our encrypted PostgreSQL database.
  • AWS Cognito: Used for user authentication and identity management. Cognito attributes may be updated by the app (for example to record consent choices).

4.2 Security Measures

We use encryption, access controls, and regular audits to protect your data against unauthorized access and loss.

4.3 Data Retention

  • Free Tier: 6 months of data retention
  • Premium Users: Unlimited data retention
  • You can delete your account at any time. All associated data will be permanently erased within 30 days.

5. Third-Party Services

  • Amazon Web Services (AWS): Cloud infrastructure (S3, Textract, RDS, Cognito) that stores and processes images and app data.
  • RevenueCat: In-app purchase entitlement management and subscription platform used to manage purchases and paywalls (we do not process credit-card payments ourselves; billing is via Apple/Google).
  • Apple App Store / Google Play: App distribution and in-app purchase processing (billing and refund requests are handled through the respective stores).
  • OneSignal: Push notification delivery and management service to send timely notifications about your account and app updates.
  • Firebase Crashlytics: Error tracking and crash reporting service used to identify and fix technical issues (GDPR-exempt for safety-critical functionality).
  • Mixpanel: Mobile analytics used to understand feature usage and improve the product. Analytics tracking is subject to your consent toggle in the app and platform ATT permission on iOS.
  • Google Sign-In and Apple Sign-In: OAuth authentication providers offering alternative account creation and sign-in methods.
  • OpenAI (via OpenRouter): AI-powered service used to generate purchase summaries and spending insights.
  • Azure Document Intelligence: Alternative OCR provider (fallback option) used for receipt text extraction if AWS Textract is unavailable.
  • Expo: Mobile app development and build platform used for app distribution and push notification delivery.

7. Your Rights and Choices

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Export your purchase data in CSV or PDF format
  • Opt-Out: Unsubscribe from marketing communications and opt-out from analytics/tracking where applicable
  • Restriction: Limit how we use your information