Privacy Policy

1. Introduction

Welcome to Yomio ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using Yomio, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Summary — What we collect

• Account information: name and email used for your account (authentication via AWS Cognito)
• Receipt images & purchase data: photos you upload and structured data extracted from receipts (items, dates, totals)
• Family & sharing data: information about people you invite to share expense tracking
• Subscription data: entitlements and platform receipt identifiers used to manage paid features
• Device & usage data: device type, app version, usage events and diagnostic logs

See more details and notes below for permissions, analytics consent, and biometric handling.

2.2 Notes (permissions, analytics, biometric)

• Camera & Photo Library: Camera access is required for receipt scanning; choosing a photo from your library is optional and only used with your permission.
• Analytics (Mixpanel): Analytics are disabled by default for EU users and otherwise governed by the app consent flow — you can opt out anytime.
• App Tracking Transparency (iOS): Where required, we request ATT consent before enabling cross-app tracking for analytics; you control this via the consent flow and device settings.
• Biometric authentication: Biometric templates never leave your device — biometric unlock is used only to secure a local session token.

3. How We Use Your Information

We use the collected information for various purposes:

• To provide and maintain our receipt scanning and expense tracking services
• To process receipt images using AWS Textract OCR technology
• To automatically categorize purchases and items using AI
• To generate spending analytics and insights
• To enable family sharing features
• To process subscription payments and manage your account
• To send you notifications about your account and services
• To improve our services and develop new features
• To detect, prevent, and address technical issues or fraudulent activity
• To comply with legal obligations

4. Data Storage and Security

4.1 Cloud Storage

Your data is securely stored using Amazon Web Services (AWS) infrastructure, including:

• AWS S3: Receipt images and related files are stored on Amazon S3. Uploaded images are processed by our backend and may be passed to AWS Textract for OCR.
• AWS Textract: We use Amazon Textract to perform OCR on receipt images to extract text, totals, line items and other structured data.
• AWS RDS (PostgreSQL): Processed purchase and user metadata are stored in our encrypted PostgreSQL database.
• AWS Cognito: Used for user authentication and identity management. Cognito attributes may be updated by the app (for example to record consent choices).

4.2 Security Measures

We use encryption, access controls, and regular audits to protect your data against unauthorized access and loss.

4.3 Data Retention

• Free Tier: 6 months of data retention
• Premium Users: Unlimited data retention
• You can delete your account at any time. All associated data will be permanently erased within 30 days.

5. Third-Party Services

We use the following third-party services:

• Amazon Web Services (AWS): Cloud infrastructure (S3, Textract, RDS, Cognito) that stores and processes images and app data.
• Qonversion: Subscription management and entitlement service used in-app to manage purchases and paywalls (we do not process credit-card payments ourselves; billing is via Apple/Google).
• Apple App Store / Google Play: App distribution and in-app purchase processing (billing and refund requests are handled through the respective stores).
• Mixpanel: Mobile analytics used to understand feature usage and improve the product. Analytics tracking is subject to your consent toggle in the app and platform ATT permission on iOS.

These third parties have access to your information only to perform tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Qonversion: Qonversion processes subscription and entitlement identifiers only to validate and manage access to Premium features. It does not access or store personal information about users beyond technical subscription identifiers.

EU users: Analytics and tracking tools are disabled by default for EU users until explicit consent is provided through the app consent flow.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

• Family Sharing: With family members you explicitly invite to your family group
• Service Providers: With trusted third-party vendors who help us operate our services
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, sale, or acquisition of all or part of our company
• With Your Consent: When you explicitly consent to sharing your information

7. Your Rights and Choices

You have the following rights regarding your personal information:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data (we will remove your account and, where technically feasible, associated data within 30 days of confirmation; cached/backed up copies may persist longer as required by law)
• Export: Export your purchase data in CSV or PDF format (export features are available to Premium users and for account portability requests)
• Opt-Out: Unsubscribe from marketing communications and opt-out from analytics/tracking where applicable
• Restriction: Limit how we use your information

To exercise these rights, contact us at privacy@yomio.app. For GDPR requests from EU/EEA residents we will verify identity before servicing requests to protect user data.

8. Children’s Privacy

Yomio is not intended for children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

If we become aware that we have collected personal information from a child in violation of this policy, we will promptly delete that information upon verification and request.

9. International Data Transfers

Your information may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

Where transfers outside the European Economic Area (EEA) occur, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and other appropriate safeguards to protect your data.

Our website may also use cookies for authentication and analytics. Users can manage cookie preferences through their browser or via the app consent settings.

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us:

• Email: privacy@yomio.app
• Support: support@yomio.app