Effective date: 21 February 2026

This Privacy Policy explains how Bantal ("the App") collects, uses, and protects your information. By using the App you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

• Account data: display name, email address, authentication identifiers.
• Financial data you enter: transactions, categories, accounts, and related metadata.
• Device/diagnostics: app version, device model, OS version, language, crash/diagnostic data.
• Notifications: your notification preferences and the fact a notification was delivered on device.

We do not collect precise location, contacts, photos, or microphone data unless you explicitly choose features that require them.

---

1.1 Image-Based Transaction Extraction (AI Feature)

When you use the App’s AI-powered transaction extraction feature, we process certain information necessary to convert your credit card statement image into structured transaction data.

A. User-Provided Content

• Photos or images of credit card statements uploaded by you.
• Transaction details contained within the image, including transaction date, amount, and merchant description.

B. Purpose of Processing

Uploaded images are securely transmitted to a third-party AI service (OpenAI API) for the sole purpose of:

• Reading and interpreting the statement image.
• Extracting structured transaction data (date, amount, description).

C. What We Do NOT Collect or Require

This feature does not require or intentionally collect personally identifiable information (PII), including:

• Full credit or debit card numbers
• Card verification values (CVV)
• Customer identification numbers
• Account numbers
• Cardholder names

Users are strongly encouraged to redact any sensitive personal identifiers before uploading images.

D. Third-Party Processing

To enable AI-based image recognition and data extraction, uploaded images are securely transmitted to OpenAI, L.L.C. for processing. OpenAI processes the data solely to provide the requested AI functionality. Their data handling practices are governed by their own privacy policy.

E. Data Storage and Retention

• Images are processed temporarily for AI analysis.
• Extracted transaction data (date, amount, description) may be stored locally on your device or within optional cloud sync services you enable.
• We do not intentionally retain full statement images beyond the time necessary for processing unless explicitly enabled by you.

F. User Responsibility

By using this feature, you acknowledge that you are responsible for ensuring that uploaded images do not contain unnecessary personal data. The App only requires transaction-level information (date, amount, description) to function properly.

Required User Input for This Feature

To use the AI transaction extraction feature, you must provide a clear image or photo of a credit card statement. The system will extract only:

• Transaction date
• Transaction amount
• Transaction description

No personal identification information is required for this feature to operate.

2. How We Collect

• You provide data when creating an account and entering transactions.
• Data is stored on device and, if enabled, synced to cloud services.
• Diagnostics/analytics help improve reliability and performance.

3. Use of Data

• Provide budgeting/transaction features, categories, accounts, reports.
• Sync across devices (if enabled).
• Deliver local notifications you configure.
• Improve, secure, and support the App; comply with legal obligations.

4. Processing & Storage

• On‑device: stored in app sandbox.
• Cloud (optional): if enabled, data may be processed by Google Firebase (Authentication, Firestore/Realtime Database, Analytics, Crashlytics) which may operate in multiple regions. Google's privacy terms apply.

5. Sharing

We do not sell personal data. We share data only with service providers (e.g., Firebase) under appropriate terms, or when required by law.

6. Retention

We retain data while your account remains active. You may delete local data and request deletion of cloud data. Backups/logs may persist for a limited period.

7. Your Choices & Rights

• Access, update, or delete data you entered.
• Export or delete your account on request.
• Manage notifications in iOS Settings > Notifications.
• Opt out of analytics where the platform offers such controls.

8. Children's Privacy

The App is rated 4+ by Apple and is designed to be appropriate for children 4 years and older. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you are a parent or guardian and believe your child has provided us with personal information, please contact us so we can delete such information.

9. Security

We implement robust security measures by leveraging Apple's framework security standards and Firebase's enterprise-grade security infrastructure. Our security approach includes transport encryption, secure authentication protocols, and restricted access controls. We continuously monitor and update our security practices to maintain the highest standards of data protection.

10. International Transfers

Third‑party providers (e.g., Firebase) may process data in other countries. We rely on contractual and provider compliance safeguards.

11. Changes

We may update this policy; changes will be posted here with a new effective date.