Legal

Privacy Policy

Last updated: April 8, 2026

This Privacy Policy explains how information may be handled in the YouOweMe iOS app. It is written to give users and App Store reviewers a clear, practical summary of what information may be processed, why it may be processed, and what choices users have.

Quick summary

  • You can use the app without creating a YouOweMe account.
  • The app stores data locally on your device and may also sync Core Data through Apple iCloud/CloudKit when available for your Apple account and device settings.
  • If you sign in with Apple to use Cloud Accounts, selected profile and ledger data is stored in Firebase services.
  • If you create snapshot statement links or live links, those pages are public to anyone with the link. Snapshot statement links are temporary and are set to expire after 3 days. Live links may update when related borrower data changes and remain available until they expire, are stopped, are removed, or the related Cloud Account data is deleted.
  • If you use AI features such as voice-to-entry parsing, follow-up generation, repayment update generation, or ask-for-loan generation, the text and related context needed for that feature are sent to Firebase Cloud Functions and then to OpenAI.
  • The app uses crash reporting. Firebase Analytics code is present, but Analytics collection is disabled in the bundled configuration for the app version this policy is intended to cover.
  • We do not sell your personal information.

Owner and Data Controller

Ievgenii Iablonskyi
Gang Seruni 11, Sawangan, Nusa Dua, Benoa
Kecamatan Kuta Selatan, Kabupaten Badung
Bali 80362
Indonesia

Contact: use the website support form.

What information may be processed in the iOS app

App records and content

This includes borrower names or labels, balances, loan or shared-expense entries, dates, notes, categories, reminders, recurring-entry settings, interest settings, export history, profile names and images, selected cloud-account identifiers, and related app settings or cache state.

Cloud Accounts and Firebase data

If you use Cloud Accounts, the app may process your Firebase user ID, email address, cloud-account display name, main currency, borrower records, entry records, and cloud profile images in Firebase Authentication, Cloud Firestore, and Cloud Storage.

Exports, PDFs, statement links, and live links

If you create exports, PDFs, statement links, or live links, the information included in those outputs is processed to create them. Text, CSV, and PDF exports are created locally on the device. Snapshot statement links and live links are public link-based pages.

Snapshot statement links are temporary, are not updated after creation, and are set to expire after 3 days. After expiry, the public page is intended to become unavailable, although backend cleanup or physical deletion timing may vary. Live links may update when the related borrower data changes and remain available until they expire, are stopped, are removed, or the related Cloud Account data is deleted.

AI feature requests

If you use AI features, the app may process transcribed or typed text and related context such as borrower names, balances, entry summaries, dates, reasons, locale, and time zone to generate the requested result.

Support and diagnostics

If you contact support, we may process your email address, your message, and any system report or diagnostic information you choose to send so that we can reply and investigate issues. The app also uses crash reporting and may process crash and diagnostic data through service providers.

How information may be used

  • To provide the app’s core features, including tracking balances, reminders, recurring entries, statements, AI-assisted text generation, and shared outputs.
  • To enable Apple iCloud/CloudKit sync and optional Cloud Accounts.
  • To provide support and respond to questions, bug reports, or deletion requests.
  • To maintain, secure, debug, and improve the app.
  • To comply with legal obligations or protect against misuse.

Legal bases for processing

  • Performance of a contract or steps requested by you, for example when the app provides tracking, sync, AI feature requests, sharing, statement, export, or support features you choose to use.
  • Legitimate interests, such as keeping the service secure, preventing abuse, debugging issues, maintaining reliability, and improving the app.
  • Consent, where consent is the appropriate legal basis for optional processing.
  • Compliance with legal obligations, including requests required by law or the defense of legal claims.

Recipients and sharing

  • Recipients may include Apple for Sign in with Apple and iCloud/CloudKit.
  • Recipients may include Google/Firebase for Authentication, Cloud Firestore, Cloud Storage, Cloud Functions, Remote Config, Crashlytics, and App Check.
  • Recipients may include OpenAI for AI feature requests.
  • Recipients may include ExchangeRate-API for currency rate lookups.
  • Recipients may include the people or apps you choose to share exports, PDFs, statement links, or live links with.
  • If required by law, legal process, or a valid governmental request.

Where third-party providers process information on our behalf, they are expected to handle it under contractual or legal protections consistent with this Privacy Policy and applicable law. We do not sell personal information.

International transfers

Firebase share-page and live-link functions currently run in the United States. AI-related Firebase Functions may be routed through United States, Europe, or Asia regions depending on the feature and device region. OpenAI and other providers may process data in countries other than your own. Where required by applicable law, appropriate safeguards are used for such transfers, such as contractual protections or other recognized transfer mechanisms.

Data retention

Local app data remains on the device, and iCloud/CloudKit-synced data may remain in the user’s Apple account, until deleted by the user or removed through device or account settings. Firebase cloud-account data may remain until deleted from Firebase systems. Temporary snapshot statement links are set to expire after 3 days, and live links may remain available until they expire, are stopped, are removed, or the related Cloud Account data is deleted. Backend cleanup or physical deletion timing may vary. Crash and diagnostic data are retained under provider settings. Support emails are retained in the support mailbox until deleted.

Security

Reasonable technical and organizational measures are used to help protect information, but no method of transmission or storage is completely secure. If you create statement links or live links, please use them carefully. They are public link-based shares, not authenticated secure portals.

Deletion, consent withdrawal, and privacy requests

  • You can delete local records in the app and remove the app to delete on-device storage.
  • If you use Cloud Accounts, use the in-app account deletion controls where available in your app version for the fastest result. Deleting a Cloud Account removes Cloud Account data controlled by the app, including account-owned live links.
  • Temporary snapshot statement links created before deletion may remain available until their 3-day expiry because they are public snapshot pages and are not updated after creation.
  • For cloud-account or support-data deletion requests, use the website support form with enough information to identify the relevant account, communication, or shared output.
  • If you use iCloud/CloudKit, you may also need to manage synced data through your Apple account or device settings.

We may need to verify your identity before completing a request. Some information may be retained where necessary for security, backup integrity, dispute resolution, or legal compliance.

Your choices

  • You can use the app without creating a YouOweMe account.
  • You can avoid optional Cloud Accounts if you prefer not to store selected data in Firebase services.
  • You can manage iCloud/CloudKit sync through your Apple account and device settings where applicable.
  • You can contact support if you have questions about privacy or want to request an update about information you shared directly with support.

Your rights

Depending on your location and the applicable law, you may have rights to request access, correction, deletion, restriction, portability, or objection. You may also be able to withdraw consent for optional processing where consent is the legal basis.

If you are in the EEA, UK, or another jurisdiction with similar rights, you may also have the right to lodge a complaint with your local data protection authority.

Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. Any updated version will be posted on this page with a new “Last updated” date.

Contact

If you have any questions about this Privacy Policy, please use the website support form.

Back to Home Read the Blog