Welcome to Timmy ("we," "us," or "our"). Timmy is an AI-powered personal finance companion that helps you track expenses, manage budgets, monitor debts, and achieve savings goals. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").
By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this policy, please do not access the Service.
1. Information We Collect
We collect information that you voluntarily provide to us and information that is automatically gathered when you use the Service.
Account Information
When you create an account, we collect your:
Email address
Display name
Profile avatar (if provided)
Authentication credentials (securely hashed)
Financial Data
To provide our core money tracking features, we collect and store:
Transaction records (amounts, dates, descriptions, categories)
Wallet and currency information
Budget configurations and spending limits
Debt and loan details, including payment history
Savings goals and contribution records
Recurring bill schedules
Group and shared wallet information
AI Chat Interactions
When you interact with Timmy via the AI chat feature, we process the messages you send in order to parse and log transactions. Chat messages are processed by our AI service to extract financial information and are not stored beyond what is necessary for your transaction records.
Receipt Images
If you use the receipt scanning feature, uploaded images are processed to extract transaction details. Receipt images are stored securely in our cloud storage and are accessible only to you.
Device and Usage Information
We automatically collect certain information when you use the Service, including:
We use the information we collect for the following purposes:
Core Service Delivery: Processing and logging your transactions, managing wallets, tracking budgets, debts, and savings goals.
AI-Powered Features: Parsing natural language messages to extract transaction data, providing personalized financial insights, and enabling receipt scanning.
Account Management: Creating and maintaining your account, authenticating access, and managing subscription status.
Group Features: Facilitating shared wallets and group expense tracking among invited members.
Notifications: Sending budget alerts, bill reminders, debt payment reminders, and savings goal milestones.
Analytics and Improvement: Understanding how users interact with the Service to improve functionality, fix bugs, and develop new features.
Customer Support: Responding to your inquiries and resolving issues.
Communication: Sending service-related updates and, with your consent, promotional communications. You may opt out of promotional emails at any time.
3. AI and Data Processing
Timmy uses artificial intelligence to process your chat messages and extract financial transaction data. When you send a message such as "Spent $12 on lunch," our AI service analyzes the text to identify the amount, category, and other relevant details.
Important details about our AI processing:
Chat messages are sent to our AI service provider solely for the purpose of transaction parsing and are not used to train AI models.
The AI service provider does not retain your messages beyond the time required for processing.
AI-generated transaction suggestions are presented for your review before being saved to your account.
The AI features are designed to assist with financial tracking and do not constitute financial advice.
4. Data Storage and Security
Your data is stored securely using industry-standard infrastructure and encryption. We implement the following security measures:
All data is transmitted over SSL/TLS encrypted connections.
User authentication credentials are securely hashed and never stored in plain text.
Database access is restricted with row-level security policies, ensuring users can only access their own data.
Receipt images and files are stored in encrypted cloud storage buckets with access controls.
We regularly review and update our security practices to protect against unauthorized access, alteration, disclosure, or destruction of your data.
While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee its absolute security.
5. Third-Party Services
We use the following third-party services to operate and improve the Service. Each service processes data in accordance with its own privacy policy:
Supabase: Database hosting, user authentication, and file storage. Supabase provides enterprise-grade security with row-level access controls and encrypted storage.
AI Service Provider: Processes chat messages for transaction parsing. Messages are not retained or used for model training.
PostHog: Product analytics to understand feature usage and improve the Service. Collects anonymized usage data.
AppsFlyer: Mobile attribution and marketing analytics to measure the effectiveness of our outreach efforts.
Adapty: Subscription management and in-app purchase processing. Payment details are handled by Apple App Store and Google Play Store; we do not directly collect or store payment card information.
6. Data Sharing
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
Service Providers: With the third-party services listed above, solely for the purpose of operating the Service.
Group Members: When you join or create a shared group, other group members can see transactions logged to the shared wallet, as well as basic profile information (display name and avatar).
Legal Requirements: When required by law, regulation, legal process, or governmental request.
Protection of Rights: To protect the rights, property, or safety of Timmy, our users, or others.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide you the Service. Specifically:
Account Data: Retained until you delete your account.
Financial Records: Retained until you delete the specific records or your account.
AI Chat Messages: Not retained by the AI service provider beyond the time required for processing.
Analytics Data: Retained in anonymized form for product improvement purposes.
When you request account deletion, your personal data will be permanently removed from our systems within 72 hours. Some anonymized, aggregated data may be retained for analytical purposes. Inactive accounts (no login for 24 months or more) may be automatically deleted.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete personal data.
Deletion: Request deletion of your personal data and account.
Data Portability: Request a copy of your data in a structured, machine-readable format.
Restriction: Request restriction of processing of your personal data.
Objection: Object to the processing of your personal data for certain purposes.
Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
You can exercise many of these rights directly within the app through your account settings. For any other requests, please contact us using the information provided below.
If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.
9. Children's Privacy
The Service is not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we may have collected information from a child under 13, please contact us immediately.
10. Cookies and Tracking
Our website may use cookies and similar tracking technologies to enhance your browsing experience. These include:
Essential Cookies: Required for the website to function properly, such as language preferences and session management.
Analytics Cookies: Used to understand how visitors interact with our website, helping us improve content and user experience.
You can configure your browser to refuse cookies or alert you when cookies are being sent. However, some parts of the website may not function properly without cookies.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, through an in-app notification or email. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
12. Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at: