Privacy Policy
Last updated: February 20, 2026
Overview
Sum works without account registration or login. By default, your financial data stays on your device.
Data We Process
On Your Device
- Transactions, categories, recurring rules, and app settings are stored locally (SwiftData).
- Local learning data (for example merchant mappings, note-category suggestions, and location suggestions) stays on your device.
Anonymous Analytics (Optional)
Analytics are enabled by default and can be disabled at any time in Settings.
If enabled, we process event data such as app information, screen/session metrics, usage events, aggregated preferences, and pseudonymous context.
For analytics, we do not send account identifiers, advertising IDs, transaction notes, or full custom category names.
Cloud Backup (Optional)
- Your backup payload is encrypted on your device (AES-256-GCM) before upload.
- The encryption key is stored in your iCloud Keychain.
- Backup data is stored encrypted in Firebase.
Personal Cloud Sync & AI Assistants (Optional)
- Transactions, categories, and recurring rules are synced as encrypted changes.
- A random backup ID and authentication secret are used instead of user accounts.
- You can create/revoke API keys and approve OAuth connections for external assistants.
- Disabling AI Assistants revokes active API keys and related OAuth tokens server-side.
- For authorized AI/API requests, your sync encryption key is stored on the server in encrypted form.
List Sharing (Optional)
- List payloads are end-to-end encrypted with per-list keys.
- Invite links do not include list encryption keys.
- Membership and key exchange metadata are processed to sync collaborators.
AI Auto Mode (Optional)
- Merchant text, available category names, and locale are sent to the categorization backend.
- Optional learned merchant-context mappings may be included.
- Amounts and full transaction payloads are not required for this categorization request.
- The backend currently uses Anthropic Claude Haiku for categorization.
AI Analysis (Optional)
- A structured export can include amounts, categories, notes, recurring rules, and aggregated stats.
- Data is either prepared locally and copied to your clipboard, or requested from the Sum API when Cloud Sync is enabled.
- Data you share with external AI tools is processed under those providers' policies.
Feedback (Optional)
- We process your feedback message and optional email address.
- We also process technical metadata (for example app/build version, iOS version, device model, language, country, premium status, technical device ID).
Third-Party Services
| Service | Purpose |
|---|---|
| Firebase (Google) | Backend infrastructure, analytics events, encrypted backup/sync/sharing, feedback processing |
| RevenueCat | In-App Purchases and subscription status |
| Anthropic | Auto Mode merchant categorization and optional connected assistants |
| OpenAI (ChatGPT) | Optional connected assistants and user-initiated AI analysis sharing |
| Apple (iCloud Keychain) | Secure storage and sync of encryption keys |
Your Controls and Rights
Depending on your location, you may have rights to access/export/delete data, withdraw consent for optional analytics and AI features, disable AI assistants, and request cloud-data deletion.
For EU/EEA Residents (GDPR)
Legal bases include consent (optional analytics/AI), contract performance (requested app features), and legitimate interests (security, abuse prevention, reliability).
For California Residents (CCPA/CPRA)
We do not sell personal information.
For Brazil Residents (LGPD)
You can exercise your rights by contacting us.
Children's Privacy
Sum is not directed to children under 13. We do not knowingly collect personal data from children.
Changes
We may update this policy. Please check the "Last updated" date.
Contact
Questions? Email: [email protected]