Last updated: February 17, 2026
Your privacy is important to us. This policy explains what data Sumioo collects (and what it doesn't), how AI features work, and your rights under California, Virginia, and federal law.
1. Introduction
This Privacy Policy describes how Sumioo ("we", "us", or "our") handles information when you use our mobile application. We are committed to protecting your privacy and being transparent about our data practices. By using Sumioo, you agree to the practices described in this policy.
2. Information We Do Not Collect
Sumioo is designed with a privacy-first, offline-first architecture. We do not collect, store, transmit, or have access to any of the following: your financial data (transactions, receipts, budgets, net worth entries, savings goals), your personal information (name, email, phone number, address), your device identifiers or advertising IDs, your location data, your contacts or calendar data, your browsing history, or any biometric data. All data you enter into Sumioo is stored exclusively on your device using an encrypted local database. We have no servers that receive or store your personal data.
3. Information Collected by Third Parties
While we do not collect your data directly, certain third-party services integrated into the app may collect limited information as described below:
Google Gemini AI: When you use AI-powered features (receipt scanning, budget planning, spending insights, Sumi AI chat, bank statement import), the text or image data you submit is sent to Google's Gemini API for processing. This data is used solely to generate a response and is subject to Google's privacy policy and data processing terms. We do not send any personally identifiable information, account credentials, or device identifiers to Google. AI usage is subject to limits (currently 200 requests per month, 25 per day).
Apple App Store / Google Play Store: If you purchase a Pro subscription, payment processing is handled entirely by Apple or Google. We do not receive or store your payment information, credit card numbers, or billing address. We receive only a confirmation of your subscription status.
RevenueCat: We use RevenueCat to manage subscription status across platforms. RevenueCat may receive an anonymous app user ID and subscription purchase receipts from Apple or Google. RevenueCat does not receive your name, email, financial data, or any content you enter into the app. For more information, see RevenueCat's privacy policy at https://www.revenuecat.com/privacy.
4. Local Data Storage
All financial data you enter into Sumioo (transactions, budgets, net worth entries, savings goals, categories, and receipts) is stored in a local SQLite database on your device. Your name and preferences are stored in on-device storage. Sensitive flags such as your Pro subscription status and app lock preference are stored using your device's secure storage (Keychain on iOS, EncryptedSharedPreferences on Android). Backup files are created locally and shared only at your discretion through your device's native share sheet. We never have access to your backup files.
5. Data Sharing
We do not sell, rent, trade, or otherwise share your personal information with any third party for marketing, advertising, or any other purpose. The only data transmission that occurs is when you explicitly use AI-powered features, in which case the specific text or image you submit is sent to Google's Gemini API as described above. No data is shared with analytics providers, advertising networks, data brokers, or any other third parties.
6. Children's Privacy
Sumioo is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. Since we do not collect personal information from any users, this concern does not arise in practice. If you believe a child under 13 has provided personal information through our app, please contact us.
7. Your Rights Under California Law (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
Right to Know: You have the right to know what personal information we collect, use, and disclose. As stated in this policy, we do not collect personal information.