Back to Home

Privacy Policy

Last updated: May 24, 2026 · Effective: May 24, 2026

Your privacy matters. Veyno is built local-first: your financial data lives on your device, not on our servers. This policy explains exactly what data we do collect, why, and what your rights are under GDPR.

1. Who we are

Veyno is operated as a sole proprietorship registered in the Netherlands (Chamber of Commerce / KVK: [TO BE ADDED]) under the trade name "Veyno" ("we", "us", "our"). For privacy questions or to exercise your rights, contact us at support@veyno.app.

Under the EU General Data Protection Regulation (GDPR), we act as the data controller for the personal data described below.

2. What data we collect

2.1 Account data (when you sign up)

• Email address — used to identify your account and send confirmation / password-reset emails
• Password — stored as a salted hash by our authentication provider; we never see your plaintext password
• Display name and currency preference — chosen during onboarding

2.2 Financial data (stays on your device)

All financial information you enter — expenses, categories, budgets, net worth snapshots, saving goals, and recurring expenses — is stored locally on your iOS device using Apple's SwiftData framework, encrypted at rest with iOS file protection.

To enable cross-device sync and protect against device loss, this data is mirrored to your private account on our backend (see "Third-party processors" below). It is encrypted in transit and is only accessible by you when authenticated. We never access, mine, or share your financial data.

2.3 Subscription data

When you purchase a Veyno Premium subscription:

• The payment itself is processed entirely by Apple; we never see your payment card details
• Subscription status (active, expired, trial) is managed via RevenueCat, which receives an anonymized user identifier and a copy of the Apple receipt so we can verify entitlements across your devices

2.4 Diagnostic data

If you opt in to share diagnostics through iOS Settings → Privacy → Analytics, Apple may share anonymized crash reports with us. No personal or financial data is included.

2.5 Website data

If you join the waitlist on veyno.app, we store your email address to notify you of the launch. You can unsubscribe at any time by emailing us.

3. Why we process your data (legal basis)

• To provide the service (Art. 6(1)(b) GDPR — performance of a contract): account, sync, subscription
• To meet legal obligations (Art. 6(1)(c) GDPR): tax records on subscription revenue, fraud prevention
• Your consent (Art. 6(1)(a) GDPR): waitlist email, opt-in diagnostics — you can withdraw consent at any time

4. Third-party processors

We use the following sub-processors. Each is bound by GDPR-compliant data processing agreements.

• Supabase Inc. (USA / EU) — authentication and encrypted cloud storage of your account + synced data. Privacy policy
• RevenueCat, Inc. (USA) — subscription state management and entitlement validation. Privacy policy
• Apple Inc. (USA) — App Store distribution, in-app purchases, and optional anonymized diagnostics. Privacy policy

5. International data transfers

Some processors operate outside the EU/EEA. Where data is transferred to the USA, we rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses to ensure an adequate level of protection.

6. Data retention

• Account & synced data: retained for the lifetime of your account. Deleted permanently within 30 days after you delete your account from inside the app (Settings → Delete account)
• Subscription records: retained for as long as legally required for tax purposes (currently 7 years under Dutch law), then deleted
• Waitlist emails: until you unsubscribe

7. Your rights under GDPR

You have the right to:

• Access the personal data we hold about you
• Rectify inaccurate data
• Erase your data ("right to be forgotten") — available directly in the app via Settings → Delete account, or by emailing us
• Restrict or object to certain processing
• Data portability — request an export of your data in a machine-readable format
• Withdraw consent for any processing based on consent
• Lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated

To exercise any of these rights, email support@veyno.app. We will respond within 30 days.

8. Security

We take security seriously:

• Local data on your device is encrypted at rest using Apple's file protection
• All network traffic uses TLS 1.2 or higher with certificate pinning
• Passwords are never stored in plaintext — only as salted hashes managed by Supabase Auth
• The app detects rooted/jailbroken devices and warns you, since these compromise local encryption

No system is 100% secure. If we ever become aware of a breach affecting your data, we will notify you within 72 hours as required by GDPR Art. 33.

9. Children's privacy

Veyno is not directed at children under 13 and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated in the app or via email at least 30 days before they take effect. The "Last updated" date at the top reflects the current version.

11. Contact

For any privacy-related question, complaint, or rights request:

support@veyno.app