Legal

Privacy Policy

Anjin · 按針 · Effective date: May 2026

Anjin is a personal expense tracker. This policy explains what data we collect, how we use it, and your rights as a user. We believe in plain language — no legal fog.

Data we collect

Data you provide

Account information — email address and display name when you sign up
Financial data — expenses, income, budgets, and categories you log in the app
Profile preferences — home currency, country, display name

Data collected automatically

Location — GPS coordinates are stored only when you log an expense and explicitly allow location access. Location is never collected in the background.
Usage events — anonymised events (e.g. "expense saved", "auth failed") sent to PostHog for crash and performance monitoring. No personal or financial data is included.

Data we do NOT collect

We do not sell your data to third parties
We do not collect contacts, photos, or any data outside the app
Voice recordings are processed on-device by your OS speech recognition — we never receive or store the audio

How we use your data

Purpose	Data used
Sync your expenses across devices	Financial data, stored in Supabase
Show exchange rates	No personal data — rates fetched from open.er-api.com, cached in Supabase
OCR receipt scanning	Receipt image processed on-device by Tesseract.js; no image is sent to any server
Push notifications (web only)	A device push token may be stored in Supabase and used only for alerts you opted into. The Android app does not currently support push notifications.
App improvement	Anonymised usage events via PostHog

Third-party services

Service	Purpose	Privacy policy
Supabase	Database and authentication	supabase.com/privacy
Groq	AI voice transcript parsing	groq.com/privacy
PostHog	Anonymous usage analytics	posthog.com/privacy
Open Exchange Rates API	Exchange rates (no account required)	open.er-api.com
CARTO / OpenStreetMap	Map tiles	carto.com/privacy

Data storage and security

All financial data is stored in Supabase (hosted on AWS). Row Level Security (RLS) ensures you can only ever access your own data — not other users'.
Authentication is handled by Supabase Auth. Passwords are never stored in plain text.
All data in transit is encrypted over HTTPS.

Data retention

Your data is retained for as long as your account is active. You can delete your account and all associated data at any time from the Settings screen inside the app.

Your rights

You have the right to:

Access all data we hold about you (export available from Settings)
Delete your account and all data permanently
Opt out of analytics (disable in Settings → Privacy)

Children

Anjin is not directed at children under 13. We do not knowingly collect personal data from children under 13.

Changes to this policy

We will notify you of material changes via the app. Continued use after changes constitutes acceptance of the updated policy.

Contact

Questions or requests about your data?

✉ privacy@anjin.app