Privacy Policy
Last updated: March 22, 2026
Cashy (“we”, “our”, or “the app”) is a personal finance tracking application. We are committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, and the choices you have.
1. Information We Collect
Account Information
When you create an account, we collect:
- Email address
- Display name
- Profile photo (if provided via Google or Apple sign-in)
Authentication is handled through Firebase Authentication. You may sign in with email/password, Google Sign-In, or Apple Sign-In.
Financial Data
All financial data you enter is stored locally on your device in a SQLite database. This includes:
- Bank accounts and balances
- Transactions (income, expenses, transfers)
- Categories and tags
- Budgets and spending limits
- Savings goals
- Subscriptions and recurring payments
- Activity logs
This financial data is never automatically uploaded to our servers. It remains on your device unless you explicitly choose to back it up to Google Drive.
Preferences and Settings
We store your app preferences locally on your device, including:
- Language preference (English or Arabic)
- Theme preference (light or dark)
- Base currency
- Notification and reminder settings
- Biometric lock settings
- Home screen widget configuration
2. How We Use Your Information
| Data | Purpose |
|---|---|
| Email & name | Account authentication and identification |
| Financial data | Displaying your transactions, budgets, goals, and reports within the app |
| Preferences | Personalizing your app experience (language, theme, currency) |
We do not sell, rent, or share your personal or financial data with any third parties for marketing or advertising purposes.
3. Third-Party Services
The app integrates with the following third-party services:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Firebase Authentication | User sign-in and account management | Email, name, profile photo | |
| Google Drive | Optional manual database backup and restore | Database file (only when you initiate a backup) | |
| Google Gemini AI | AI-powered transaction categorization and receipt scanning | Transaction text or receipt images (only when you use these features; requires your own API key) | |
| RevenueCat | RevenueCat | In-app subscription and purchase management | Anonymous user ID, purchase status |
| Currency Exchange API | Open-source (Fawaz Ahmed) | Live currency exchange rates | No personal data sent |
Analytics and tracking: We do not use any analytics, advertising, or tracking services. Firebase Analytics is explicitly disabled in the app.
4. Data Storage and Security
- Local-first: All financial data is stored locally on your device in a SQLite database. There is no automatic cloud sync.
- Google Drive backup: You may optionally back up your database to your own Google Drive account. This backup is stored in your personal Drive under a “Cashy Backups” folder. We do not have access to your Google Drive.
- Biometric security: On iOS, you can enable Face ID or Touch ID to lock the app, adding an extra layer of security.
- Authentication: We use Firebase Authentication, which follows industry-standard security practices for storing credentials.
- AI features: If you use AI-powered features (transaction parsing, receipt scanning), your own Google Gemini API key is stored locally on your device and is never sent to our servers.
5. Data Retention
Your financial data remains on your device for as long as you keep it. You can delete individual transactions, accounts, or categories at any time. You can also export your data as CSV or back up the full database to Google Drive.
If you delete the app, all locally stored data is permanently removed from your device. Any backups you made to Google Drive will remain in your Drive until you manually delete them.
Your Firebase authentication account can be deleted by contacting us at the email below.
6. Your Rights
You have the right to:
- Access your data: All your financial data is visible within the app and can be exported as CSV.
- Delete your data: You can delete any data within the app. Uninstalling the app removes all local data.
- Control backups: Google Drive backups are fully under your control; you can create, restore, or delete them at any time.
- Manage permissions: You can revoke Google Drive or sign-in permissions from your Google Account settings at any time.
- Opt out of AI features: AI-powered features (receipt scanning, voice transaction entry, auto-categorization) are optional and require your explicit action to use.
7. Children's Privacy
The app is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us so we can delete it.
8. Offline Functionality
The app is designed to work fully offline. An offline queue stores any pending actions and syncs them when appropriate. No internet connection is required for core functionality such as adding transactions, managing accounts, or viewing reports.
9. Notifications
The app may send local notifications for daily reminders and re-engagement after periods of inactivity. These notifications are generated locally on your device and are not powered by any third-party push notification services. You can disable notifications at any time in the app settings or your device settings.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be reflected on this page with an updated “Last updated” date. We encourage you to review this policy periodically.
11. Contact Us
If you have any questions about this Privacy Policy or your data, please contact us at: