Privacy Policy

Last Updated: December 2025

1. Introduction

Welcome to Saivly. This Privacy Policy explains how we collect, use, and protect your information when you use our personal finance tracking app (the “App”). By using Saivly, you agree to the practices described in this policy.

Saivly is operated by Aliaksandr Kharkevich, an individual entrepreneur (sole proprietor) doing business as “Saivly”, based in Warsaw, Poland.

This Privacy Policy is designed to comply with applicable data protection laws, including the EU General Data Protection Regulation (GDPR), and to meet typical Apple App Store review requirements. If you do not agree with this policy, please do not use the App.

2. Information We Collect

We only collect information that we need to operate Saivly, provide our services, and improve the App.

2.1 Account Information

• Email address (for account creation, login, and communication)
• Authentication identifiers and tokens (for secure login sessions)
• Basic profile metadata if you choose to provide it (e.g., preferred currency, language)

2.2 User-Generated Financial Data

Saivly is a manual personal finance tracker. We do not connect to your bank accounts or payment cards. All financial data is entered by you. This may include:

• Expenses and income transactions (amounts, dates, type)
• Categories and custom categories you create
• Notes and descriptions for transactions
• Account information (account names, currencies, and any balances you enter)
• Budgets, budget periods, and limits
• AI-assisted categorizations and related suggestions

2.3 Device, Usage, and Diagnostic Data

• Device information (device model, operating system version, language, app version)
• IP address and approximate location (e.g., country or region)
• Usage data (which screens or features are used and how often)
• Logs, crash reports, and performance data to help identify and fix issues and improve stability

2.4 Subscription and Payment Information

• Subscription status and product identifiers from Apple App Store and RevenueCat
• Information about subscription purchases, renewals, and cancellations (e.g., dates and product IDs)

Important: Saivly does not process, store, or have access to your payment card numbers or full payment details. All payments are processed securely by Apple App Store. We only receive information necessary to confirm whether your subscription is active.

2.5 AI-Assisted Features (OpenAI)

Saivly offers AI-assisted features such as voice input transcription, automatic or suggested categorization, and text-based suggestions. To provide these features, certain data may be temporarily sent to OpenAI (via API), for example:

• Short voice recordings and their text transcripts
• Transaction descriptions, notes, and related text
• Context needed to generate relevant suggestions or categorizations

We use OpenAI as a data processor under appropriate data processing terms. Data sent to OpenAI is used only to provide the requested AI function and, according to OpenAI’s API policies, is not used to train public models. AI-generated suggestions may not always be accurate or suitable for your situation. You should always review and, if necessary, correct AI-generated outputs before relying on them for financial decisions.

3. How We Use Information and Legal Bases (GDPR)

We process your personal data for specific purposes and rely on one or more of the following legal bases under the GDPR:

• To operate the App and provide core features: including creating and managing your account, storing your transactions, categories, budgets, and other data you enter.
  Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
• To provide Premium features and manage subscriptions: enabling and managing your Premium access, verifying subscription status, and handling subscription-related settings.
  Legal basis: Performance of a contract (Article 6(1)(b) GDPR).
• To provide AI-assisted features: such as voice transcription and automatic or suggested categorizations.
  Legal basis: Performance of a contract (Article 6(1)(b) GDPR) and our legitimate interests (Article 6(1)(f) GDPR) in improving the usefulness and efficiency of the App, while respecting your privacy.
• To maintain security and prevent abuse: detecting and preventing fraud, abuse, unauthorized access, and other security threats.
  Legal basis: Legitimate interests (Article 6(1)(f) GDPR) and, where applicable, compliance with legal obligations (Article 6(1)(c) GDPR).
• To improve the App and perform basic analytics: understanding how the App is used, identifying usability issues, and improving performance and features.
  Legal basis: Legitimate interests (Article 6(1)(f) GDPR) in improving and developing our services in a privacy-conscious way.
• To communicate with you: sending essential service-related messages (such as login alerts, subscription notices, or policy updates) and, where you have opted in, occasional informational or marketing emails.
  Legal basis: Performance of a contract (for essential communications) and, where applicable, your consent (Article 6(1)(a) GDPR) or our legitimate interests (Article 6(1)(f) GDPR).

4. Sharing of Information and Service Providers

We do not sell your personal data. We only share your information with trusted third parties when it is necessary to provide and improve Saivly, or when required by law.

4.1 Service Providers (Processors)

We use third-party service providers who process personal data on our behalf, including:

• Cloud hosting and database providers (e.g., Supabase): to securely store and manage your data.
• Subscription and billing providers (RevenueCat, Apple App Store): to manage subscriptions, billing, and access control.
• AI service providers (e.g., OpenAI): to process voice and text data for AI-assisted features.
• Analytics and diagnostics tools: to understand App performance and reliability, using aggregated or pseudonymized data where possible.

These providers only process your data under our instructions and are bound by contracts that require them to protect your data and use it only for the specified purposes.

4.2 Legal and Safety Requirements

We may disclose your information if we reasonably believe it is necessary to:

• Comply with a legal obligation, court order, or request from a public authority
• Protect the rights, property, or safety of Saivly, our users, or others
• Detect, prevent, or address fraud, security, or technical issues

5. International Data Transfers

Saivly is operated from Poland (European Union). Some of our service providers (such as Supabase, RevenueCat, OpenAI, and certain analytics providers) may process your data in countries outside the European Union/European Economic Area, including the United States.

When we transfer personal data to countries outside the EU/EEA, we use appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other legally recognized mechanisms, to ensure that your data is protected to a level essentially equivalent to that in the EU/EEA.

6. Data Retention

We retain your data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

• Account data: retained while your account is active. After you request deletion of your account, we will delete or anonymize this data within a reasonable time, except where we are legally required to keep it (for example, for tax or accounting purposes).
• User-generated financial data: retained while your account is active so that you can access your transaction history and budgets. When you request account deletion, we aim to delete or anonymize this data, subject to any legal retention requirements.
• Subscription and billing data: may be retained for the duration required by applicable financial and tax laws (for example, 5–10 years, depending on jurisdiction).
• Logs and diagnostic data: typically retained for a short period (for example, 30–90 days) to support security and troubleshooting, then deleted or anonymized.
• Backups: your data may appear in encrypted backups that are stored for a limited retention period before being overwritten.

If you have questions about specific retention periods for your data, you can contact us at alekskharkevich96@gmail.com.

7. Your Rights (Including GDPR)

If you are located in the European Union, European Economic Area, or the United Kingdom, you have the following rights under data protection laws. Where feasible, we aim to respect these rights for all users:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct inaccurate or incomplete personal data.
• Right to erasure (“right to be forgotten”): You can request deletion of your personal data in certain circumstances, for example when it is no longer needed for the purposes for which it was collected.
• Right to restriction of processing: You can ask us to restrict the processing of your data in certain situations (for example, while we are reviewing a request or dispute).
• Right to data portability: You can request that we provide your personal data in a structured, commonly used, machine-readable format and, where technically feasible, transmit it to another controller.
• Right to object: You can object to processing based on our legitimate interests. We will stop processing unless we have compelling legitimate grounds to continue or need the data for legal claims.
• Right to withdraw consent: Where we rely on your consent (for example, for marketing), you can withdraw it at any time. This will not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at alekskharkevich96@gmail.com. We may need to verify your identity before responding to your request.

If you are in the EU/EEA, you also have the right to lodge a complaint with your local data protection authority. In Poland, this is the President of the Personal Data Protection Office (UODO).

Note: Deleting the Saivly app from your device does not automatically delete your account or cancel your App Store subscription. To delete your data, please contact us or use any in-app deletion tools if available. To cancel your subscription, you must use your Apple ID settings (Settings → [Your Name] → Subscriptions).

8. Children’s Privacy

Saivly is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that information as soon as possible. If you believe a child has provided us with personal data, please contact us immediately.

9. Data Security

We take the security of your data seriously and implement reasonable technical and organizational measures to protect it, including:

• Encrypting data in transit using secure protocols such as HTTPS/TLS
• Using reputable cloud and database providers with strong security and compliance controls
• Restricting access to personal data to authorized personnel only
• Regularly monitoring our systems for vulnerabilities and security issues

However, no system is completely secure. We cannot guarantee absolute security of your data. If you suspect any unauthorized access to your account or data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or technical developments. When we make material changes, we will update the “Last Updated” date at the top of this page and, where appropriate, notify you through the App or by email.

Your continued use of Saivly after any changes take effect will constitute your acceptance of the updated Privacy Policy. If you do not agree with the updated Policy, you should stop using the App.

11. Contact Information