Privacy Policy

This service (the "Service") complies with the Korean Personal Information Protection Act (PIPA) and processes user personal information as follows.

1. Categories Collected and Method

• Account: email, password (stored only as PBKDF2 hash; never in plaintext)
• Transaction data: records you manually enter or upload (screenshots, natural-language notes, notifications forwarded from your own device, CSV). We do not automatically collect data from financial institutions.
• Access logs: authentication and data-access timestamps, IP (for security and legal-obligation compliance)

2. Purpose of Use

To provide bookkeeping, categorization, and statistics; to identify and authenticate users; to prevent abuse.

3. Retention and Disposal

• Account and transaction data: deleted without delay upon account closure
• Access logs: retained at least 1 year for security, then deleted

4. Security Measures

• HTTPS (TLS) in transit, PBKDF2 password hashing
• Sensitive settings encrypted at rest with Fernet (symmetric)
• Access control, audit logs, optional two-factor authentication
• Per-user physical database isolation

5. Processing Delegation and Cross-Border Transfer

Data is stored on cloud infrastructure; if the region is outside Korea, the transfer is disclosed. We do not sell or share personal information with third parties.

6. User Rights

You may request access, correction, deletion, or suspension of processing of your information. Account closure deletes all data.

Contact: operator (via in-app settings). This document may be updated as the service changes.