Gastonia logo Gastonia

Privacy Policy

Effective June 1, 2026

This Privacy Policy describes how Gastonia ("we", "us", or "our") collects, uses, and shares information about you when you use the Gastonia mobile application and related services (the "Service"). By using the Service, you agree to the practices described here.

1. Information we collect

We collect only what we need to make the Service work:

  • Account information. When you sign up we collect your name, email address, and a hashed password. We never store passwords in plain text.
  • Profile preferences. Your default currency, secondary currencies, language preference, and budget-alert preference, so the app behaves as you configured it.
  • Expense data. The expenses you record — amount, currency, merchant, category, date, and any notes — together with the original voice transcript (if you used voice input) so we can show you what was captured.
  • Voice recordings (transient). When you use voice input, the recording is uploaded to our servers, transcribed by our speech provider, and then discarded. We retain the resulting text transcript with your expense; we do not retain the audio file.
  • Subscription state. Whether your trial is active, expired, or you have an active paid subscription. Payment details themselves are handled by Google Play Billing and are not visible to us.
  • Operational logs. Standard server logs (IP address, timestamp, requested endpoint, response status) used for debugging and abuse prevention. These are retained for up to 30 days.

We do not collect device contacts, location, advertising identifiers, or browsing activity outside the app.

2. How we use information

  • To provide and maintain the Service (authentication, sync, dashboards).
  • To transcribe and categorize the expenses you record by voice.
  • To trigger budget alerts you have opted in to receive.
  • To verify your subscription status with Google Play.
  • To respond to support requests and abuse reports.
  • To improve the reliability and security of the Service.

We do not use your data for advertising, and we do not sell personal data.

3. Third-party processors

We rely on a small number of carefully selected service providers to run the Service. Each receives only the minimum data needed to perform its job.

  • Deepgram, Inc. — speech-to-text transcription of voice recordings. Recordings are streamed directly to Deepgram for processing.
  • Anthropic, PBC. — large-language-model parsing that turns transcripts into structured expenses. We send transcript text and receive a structured JSON response.
  • Google LLC — Google Play Billing handles all payment processing for subscriptions. We receive only the resulting purchase token and subscription status, never card or banking details.
  • Hosting provider — our servers run on a commercial cloud provider in standard data centres with TLS in transit and encryption at rest.

4. Data retention

We keep your account and expense data for as long as your account is active. If you delete your account, all expenses, categories, budgets, voice transcripts, and budget alerts associated with it are permanently deleted within 30 days. Standard backups may retain copies for up to 90 days, after which they are overwritten.

5. Your rights

You have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information directly from the app's settings screen.
  • Delete your account and all associated data. You can request deletion by emailing support@gastonia.app.
  • Export your expense data in a machine-readable format on request.
  • Object to or restrict certain processing of your data.

6. Security

We use TLS for all network traffic, hash all passwords with industry-standard algorithms, and apply the principle of least privilege internally. No system is perfectly secure; if we learn of a breach affecting your data we will notify affected users without undue delay.

7. Children's privacy

The Service is not directed to children under 13, and we do not knowingly collect data from anyone under 13. If you believe we have collected data from a child, please contact us at support@gastonia.app and we will delete it.

8. International transfers

Our servers and processors may be located outside your country of residence. Where this involves transferring data internationally, we rely on standard contractual safeguards offered by our processors.

9. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes we will update the "Effective" date above and, if appropriate, notify users in-app or by email.

10. Contact us

Questions about this Privacy Policy or our data practices? Reach us at support@gastonia.app.