# Blumoni Privacy Policy Effective Date: 10.12.2025 ## 1. Introduction Blumoni ("Blumoni", "we", "us", or "our") is a personal finance and expense-sharing application. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Blumoni mobile application (the "App"). We process your personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR). --- ## 2. Data We Collect We collect and process the following categories of data: ### 2.1 Account & Profile Information - Phone number - Name or nickname - Optional contact details you choose to provide (such as email) ### 2.2 Financial & Transaction Data - Wallets and groups you create or join - Manually entered expenses, settlements, categories and notes - Bank accounts, balances and transactions imported via open banking providers (for example Salt Edge, GoCardless, or similar providers) where you choose to connect a bank ### 2.3 Device & Technical Data - Device identifier or session identifier - Operating system, app version - Network information required to provide the service ### 2.4 Usage & Analytics Data - Screens and features used in the App - Crash reports and performance information - Basic event data (for example, app opened, subscription screen viewed) We may combine the above data categories to operate the App and provide a consistent experience across your devices. --- ## 3. How We Use Your Data We use your data for the following purposes: - **Providing the service** - Creating and managing your Blumoni account - Syncing your data across your devices - Calculating balances, shares and settlements between users - **Open banking connections (optional)** - Importing transactions and balances from your bank via a regulated open banking provider - Keeping your imported financial data in sync - **Security & fraud prevention** - Protecting your account against unauthorized access - Detecting abuse or suspicious activity - **Analytics & improvements** - Understanding how the App is used - Fixing bugs and improving performance and UX - **Support & communication** - Responding to your support requests - Informing you about important changes to the App or this Policy We do not use your financial transaction content for advertising. --- ## 4. Legal Bases (GDPR) We process your personal data under the following legal bases: - **Performance of a contract** – to provide you with the App and its core features. - **Legitimate interests** – to secure the App, prevent abuse, and improve functionality and performance. - **Consent** – for optional features (for example, push notifications) where required by law. - **Legal obligations** – where we must keep certain records to comply with applicable law. --- ## 5. Data Sharing & Processors We do **not** sell your personal data. We share data only with: - **Open banking providers** (such as Salt Edge, GoCardless, or similar regulated providers) When you choose to connect a bank, your financial data is retrieved through such a provider in accordance with their terms and your bank’s security requirements. - **Cloud and infrastructure providers** We host our servers and databases with trusted infrastructure providers. They act as data processors and may only process data on our instructions. - **Analytics and crash reporting providers** We use services such as Firebase Analytics and Firebase Crashlytics to understand app usage and stability. - **Push notification providers** We use Firebase Cloud Messaging (FCM) to send device notifications where you have granted permission. - **Legal and compliance recipients** Where required by law, regulation, or legal process (for example, courts or regulators). All such providers are bound by contracts and are not allowed to use your data for their own independent purposes. --- ## 6. Data Security We use a combination of technical and organizational measures to protect your data: - All communication between the App and our servers is protected using **HTTPS (encryption in transit)**. - Access to production systems is restricted to authorized personnel only. - On your device, we use secure storage mechanisms where appropriate. > **Important:** At this time, data in our server-side database is **not encrypted at rest**. > It is, however, stored in secured infrastructure with access controls, logging and network protections. > We will update this Policy if we introduce server-side encryption at rest for stored data. No method of transmission or storage is 100% secure, but we work continuously to protect your information. --- ## 7. Data Retention We retain your data only for as long as necessary to: - Provide and maintain the App and related services - Comply with legal, accounting, or regulatory requirements - Resolve disputes and enforce our agreements If you delete your account or request deletion of your data, we will remove or anonymize your personal data within a reasonable timeframe, unless we are legally required to retain certain information. --- ## 8. Your Rights Depending on your location (for example, within the EU/EEA), you may have the following rights: - **Access** – request a copy of your personal data. - **Rectification** – request correction of inaccurate or incomplete data. - **Deletion** – request deletion of your personal data, subject to legal retention requirements. - **Restriction** – request restriction of certain processing activities. - **Portability** – request a copy of your data in a commonly used, machine-readable format. - **Objection** – object to processing based on legitimate interests, in certain cases. - **Withdraw consent** – where processing is based on consent, you may withdraw it at any time. To exercise your rights, please contact us using the details in section 11. We may need to verify your identity before responding. --- ## 9. Children’s Privacy Blumoni is not intended for children under 16 and we do not knowingly collect data from children under 16. If you believe that a child has provided us with personal data, please contact us so we can delete it. --- ## 10. International Transfers Your data may be processed and stored in countries outside your country of residence, including within the European Union and potentially other jurisdictions. Where required by law, we take appropriate steps (such as standard contractual clauses) to ensure adequate protection for such transfers. --- ## 11. Contact Us If you have questions, concerns, or requests about this Privacy Policy or your personal data, you can contact us at: **Email:** info@blumoni.com --- ## 12. Changes to This Policy We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App or by other appropriate means. Your continued use of the App after the effective date of an updated Policy constitutes your acceptance of the changes.