Expensley Privacy Policy

Effective Date: January 25, 2026 Last Updated: March 18, 2026

App Name: Expensley (iOS app for iPhone) Contact Email: mhd.shibly@hotmail.com Terms of Service: https://expensley.app/terms

Key Points Summary

  • Your financial data stays on your device — we cannot access it
  • No account required — no email, name, or personal details collected
  • All smart features run entirely on-device — no data is sent to external servers or AI services
  • No ads, no analytics, no tracking — we don't sell or share your data
  • You control your data — uninstalling the app deletes all local data
  • Compliant with GDPR, CCPA, and international privacy laws

1. Overview

Expensley is designed with privacy as a core principle. Your financial data stays on your device, and we minimize data collection to only what's necessary to provide our services.

This privacy policy explains what data we collect, how we use it, and your rights regarding your information. It applies to users worldwide, including the EU/EEA, UK, USA, Canada, Australia, New Zealand, Switzerland, and UAE.

2. Data Controller Information

For the purposes of applicable data protection laws (including GDPR), the data controller is:

Expensley Email: mhd.shibly@hotmail.com

3. Data We Collect & Process

3.1 Local Data (On Your Device Only)

All data is stored exclusively on your device and is never transmitted to our servers or any third party:

| Data Type | Description | |-----------|-------------| | Transactions | All your expense and income records (title, amount, date, category, notes, currency) | | Budgets | Your per-category spending limits and monthly overall spending limit | | Recurring Templates | Scheduled recurring transaction rules, frequencies, and exception overrides | | User Preferences | Currency setting, monthly spending limit, notification preferences, and app configuration | | Category Patterns | Learned categorization preferences based on your corrections (stored locally on-device) | | Smart Categorization Data | On-device data used to improve categorization suggestions over time (stored locally, never transmitted) | | Activity & Streak Data | Current streak, longest streak, and active-days tracking (computed locally from your transactions) |

This data is stored securely on your device and is protected by your device's security features (passcode, Face ID, Touch ID). We cannot access, read, or recover this data.

3.2 On-Device Smart Features

Expensley includes intelligent features that run entirely on your device — no data is ever sent to external servers:

  • Natural Language Input: When you type expenses like "coffee 5" or "lunch 25", the text is interpreted locally on your device. No text is transmitted anywhere.
  • Auto-Categorization: Transactions are categorized automatically using on-device intelligence. It improves over time based on your corrections, runs entirely offline, and never shares data externally.
  • Receipt Scanning: Camera images are processed locally using Apple's Vision framework to extract the merchant name, amount, and date. The image and any extracted text never leave your device. Images are not stored by the app.
  • Insights & Digests: All spending analytics, period-over-period comparisons, Daily Digests, and Weekly Digests are computed entirely from your local transaction data. No data is sent externally.

No data is sent to any external service for processing.

3.3 Subscription Verification

Expensley offers optional premium subscriptions and a one-time lifetime purchase, managed through Apple's App Store using StoreKit 2. Subscription state is verified on-device. We receive:

  • Confirmation of subscription or purchase status (active, expired, tier) — handled entirely by Apple
  • No payment information or personal details

4. Device Permissions

Expensley may request the following device permissions:

| Permission | Purpose | Required? | |------------|---------|-----------| | Camera / Photo Library | Scanning receipts for transaction entry | Optional | | Notifications | Daily spending reminders and budget alerts | Optional |

You can revoke any permission at any time in your iOS Settings. Revoking camera access disables receipt scanning; revoking notifications disables spending reminders.

5. What We Do NOT Collect

Expensley does NOT:

  • ❌ Require account creation or login
  • ❌ Link to your bank accounts
  • ❌ Collect your name, email, phone number, or address
  • ❌ Store your financial transactions on our servers
  • ❌ Store your scanned receipt images or extracted text
  • ❌ Send data to external AI, LLM, or cloud processing services
  • ❌ Use advertising or analytics SDKs
  • ❌ Sell or share your data with advertisers or third parties
  • ❌ Track your location
  • ❌ Access your contacts, microphone, health data, or other device data beyond what is listed in Section 4
  • ❌ Use cookies or tracking technologies
  • ❌ Collect crash analytics or usage telemetry

6. Third-Party Services

Expensley does not use any third-party analytics, advertising, or cloud AI services. The only third-party integration is:

| Service | Purpose | Data Shared | |---------|---------|-------------| | Apple App Store | Subscription management and verification | Managed entirely by Apple; see Apple's Privacy Policy |

For subscription-related privacy information, refer to Apple's App Store Privacy Policy.

7. Data Retention

On-Device Data

Your local data (transactions, budgets, recurring templates, preferences, learned category patterns, and smart categorization data) remains on your device until you:

  • Delete the app (permanently removes all local data)
  • Use Settings → Reset All Data (permanently removes all transactions, budgets, recurring templates, and learned intelligence)

We have no access to this data at any time.

CSV Export

You may optionally export your transactions as a CSV file from Settings → Export Transactions as CSV (Premium feature). This file is stored wherever you choose to save it on your device and is your responsibility to manage.

8. Data Security

Your on-device data is protected by iOS's built-in security features, including:

  • Encryption at rest via iOS device encryption
  • Biometric protection (Face ID / Touch ID / passcode) at the device level
  • Secure local storage managed by the operating system

No data leaves your device, so no network transmission security is required for your financial data.

9. Children's Privacy

Expensley is not specifically directed to children under 13. We do not knowingly collect personal information from children.

  • No account required: The app does not request children to provide personal information
  • Parental responsibility: Parents/guardians are responsible for supervising minors' use, especially when using the camera to scan documents
  • COPPA Compliance (USA): We do not knowingly collect personal information from children under 13
  • All ages accessible: Since no personal information is collected or transmitted, the app can be used by anyone

10. Your Privacy Rights

10.1 Rights for All Users

Since all your financial data is stored locally on your device:

  • Access: Your data is always accessible within the app
  • View: You can view all your transactions, budgets, and settings in the app
  • Export: You can export your transaction data as a CSV file via Settings
  • Delete: Uninstalling the app permanently deletes all local data

10.2 EU/EEA & UK Users (GDPR / UK GDPR)

If you are in the European Union, European Economic Area, or United Kingdom, you have the following rights under GDPR:

| Right | Description | How to Exercise | |-------|-------------|-----------------| | Access | Request a copy of your personal data | Your data is on your device; no personal data processed by us | | Rectification | Correct inaccurate data | Edit directly in the app | | Erasure ("Right to be Forgotten") | Request deletion of your data | Uninstall the app to delete all local data | | Restriction | Limit how we process your data | No external processing occurs; all data is local | | Data Portability | Receive your data in a portable format | Export via CSV in Settings | | Object | Object to processing based on legitimate interest | Contact us at mhd.shibly@hotmail.com |

Supervisory Authority: You have the right to lodge a complaint with a data protection supervisory authority in your EU Member State.

10.3 California Users (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: What personal information we collect, use, and disclose
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out of Sale: We do not sell your personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

Note: Expensley is designed to operate without collecting personal information. No personal information is transmitted from the app.

To exercise your rights, contact: mhd.shibly@hotmail.com

10.4 Australia & New Zealand Users

If you are in Australia, you have rights under the Privacy Act 1988 and Australian Privacy Principles (APPs). If you are in New Zealand, you have rights under the Privacy Act 2020.

You may:

  • Access your personal information
  • Request correction of inaccurate information
  • Make a complaint to the OAIC (Australia) or OPC (New Zealand)

10.5 Canada Users (PIPEDA)

Canadian users have rights under PIPEDA and applicable provincial privacy laws, including:

  • Access to your personal information
  • Correction of inaccurate information
  • Right to withdraw consent

10.6 Switzerland Users (revDSG/nFADP)

Swiss users have rights under the Swiss Federal Act on Data Protection, including:

  • Right to information about data processing
  • Right to data portability
  • Right to object to automated decision-making

10.7 UAE Users (PDPL)

UAE users may have rights under the UAE Personal Data Protection Law, including:

  • Right to access personal data
  • Right to request correction or deletion
  • Right to object to processing

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Providing notice within the app for material changes

Continued use of Expensley after an update means you acknowledge the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us at:

Email: mhd.shibly@hotmail.com

For EU users: You may also contact your local data protection authority.

13. Data Summary Table

| Data Type | Stored | Where | Shared With | Retention | |-----------|--------|-------|-------------|-----------| | Transactions, Budgets, Recurring Templates | ✅ | Your device only | ❌ Never | Until you delete | | User Preferences | ✅ | Your device only | ❌ Never | Until you delete | | Category Patterns (learned corrections) | ✅ | Your device only | ❌ Never | Until you delete or reset | | Smart Categorization Data | ✅ | Your device only | ❌ Never | Until you delete or reset | | Activity & streak data | ✅ | Your device only (computed locally) | ❌ Never | Until you delete | | Receipt images (camera scan) | ❌ | Processed on-device, not stored | ❌ Never | Not stored | | Text input (natural language) | ❌ | Processed on-device, not stored | ❌ Never | Not stored | | Subscription status | ✅ | Apple's servers | ✅ Apple only | Per Apple's policy |

14. Legal Basis for Processing (GDPR)

| Processing Activity | Legal Basis | |--------------------|-------------| | Providing core app features (local storage of transactions, budgets, templates) | Performance of contract | | On-device smart input interpretation and auto-categorization | Performance of contract / Legitimate interest | | On-device receipt scanning via Apple Vision framework | Performance of contract / Legitimate interest | | On-device Insights, Digests, and streak calculations | Performance of contract / Legitimate interest | | Notification delivery (if enabled) | Consent | | Subscription and lifetime purchase management | Performance of contract (via Apple) |

This privacy policy is designed to be transparent and honest about our data practices. Expensley is built for people who value their financial privacy.