Privacy Policy

1. Introduction

Koink is operated by Usap.io (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Koink mobile application and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

Koink offers two modes of use:

• Anonymous mode (default): On first launch, a pseudonymous account is created automatically. No name or email is collected. You receive a unique user ID only.
• Sign in (optional): If you choose to link a Google account, we receive your display name and email address through OAuth. Your password is never transmitted to or stored by Koink.

2.2 Financial Data

• Receipts: When you scan a receipt, we process the image to extract merchant name, merchant address, phone number, tax ID, receipt number, date, time, line items (names, quantities, prices), subtotals, taxes, discounts, service charges, totals, currency, payment method, and the last four digits of any payment card visible on the receipt.
• Receipt images: If enabled in settings, a compressed copy of the receipt photo is saved locally on your device and uploaded to our cloud storage so you can view the original receipt on any device. Images are stored in a private, user-scoped bucket accessible only to you. You can disable this at any time in Settings > Receipt Images.
• Wallet entries: Income, expenses, and debt records you create, including amounts, categories, notes, and the names of people involved in debts (lent/borrowed).
• Budgets: Monthly budget amounts you set, stored by month.

2.3 Journal Entries

Journal entries you write, including titles, body text, mood tags, custom tags, and associated journal names. Journal content may contain personal reflections and is treated as sensitive data.

2.4 Location Data

When you create a journal entry, Koink may request your location (foreground only, “when in use”). If granted, we collect:

• Coordinates: Latitude and longitude at approximately 100-meter accuracy (not full GPS precision).
• Place name: A reverse-geocoded location name (e.g., “Robinsons Galleria, Ortigas”) resolved on-device.

Location is entirely optional. You can deny the permission prompt and still use all journal features without location tagging.

2.5 Trip and Split Data

• Trip names, icons, currencies, and starting balances.
• Split participant names (typed manually by you — Koink does not access your device contacts), item assignments, and settlement records.
• In group trips, your display name, role (owner/member), and split details are visible to other group members.

2.6 Device Information

• Device identifier: We collect a device-specific identifier. This is used solely to enforce receipt scan quotas and prevent abuse. It is not used for advertising or cross-app tracking.

2.7 Subscription and Purchase Data

If you subscribe to Koink Premium or purchase credit packs, Apple processes the transaction. We receive a transaction receipt from Apple to verify your entitlement, but we do not collect or store your payment method, credit card number, or billing address. Subscription status and bonus credit balances are stored on our servers tied to your user ID.

2.8 Preferences

Display name, color theme, appearance mode, font preferences, currency selection, and font scale — stored locally on your device and synced to the cloud if you sign in.

2.9 Spending Insights Program

Koink offers an optional Spending Insights Program that helps us improve the app and generate anonymized, aggregated spending intelligence for market research purposes. This program is enabled by default and can be turned off at any time in Settings under "Help Improve Koink."

What we collect

When the program is enabled, the following data is recorded each time you save a receipt (scanned or manual):

• Merchant or store name and spending category
• Transaction amount and currency
• Month of the transaction (exact dates are never stored)
• Day of week and time of day (behavioral patterns only)
• Payment method, generalized as cash, card, digital wallet, or other
• Number of line items and whether the bill was split
• Region, derived from transaction currency or device location
• For scanned receipts: the raw text extracted from the receipt image
• For saved images: a reference to the stored receipt image

How we use this data

• Internal analytics: A pseudonymous internal identifier is associated with each record to enable spending trend analysis over time, such as tracking category shifts or seasonal patterns across user cohorts.
• Aggregated research: We may share anonymized, aggregated insights with third-party market research partners. When data is shared externally, all identifiers — including the internal pseudonymous ID — are removed. External recipients receive only statistical summaries and anonymized datasets from which no individual can be identified.

What we never share externally

The following are never included in any data shared with third parties: your user ID, device ID, name, email address, account credentials, journal entries, or any information that could reasonably identify you as an individual.

Your controls

• Opt out at any time: Toggle off "Help Improve Koink" in Settings. This immediately stops all future data collection under this program.
• Account deletion: If you delete your Koink account, the internal identifier linking insight records to your account is permanently removed, making all previously submitted records fully anonymous.
• No effect on app functionality: Opting out of the Spending Insights Program does not limit any feature of the app.

3. How We Use Your Information

• Providing the Service: Storing, organizing, and displaying your financial records, journal entries, budgets, and trip splits.
• AI receipt scanning: Receipt images are uploaded to our server and processed through AI services for text extraction and structured data parsing. Images are used transiently during the scan and are not permanently stored on our servers.
• AI journal features: When you manually trigger AI writing assistance, your journal entry title, body text, and/or selected text are sent to our AI service for processing. This only happens when you explicitly use the AI writing feature.
• AI categorization and translation: Transaction descriptions may be sent to our AI service for automatic categorization. Receipt item text may be sent for translation when you request it.
• Cloud sync: If you sign in with Google, your data is encrypted on-device and synced to our cloud servers so you can access it across devices. Our servers store only encrypted ciphertext.
• Scan quota enforcement: Your device identifier is used to track and enforce monthly receipt scan limits.
• Group collaboration: In group trips, your display name and split data are shared with group members to facilitate bill splitting and settlement tracking.
• Spending Insights: If enabled, transaction metadata is collected and used for internal analytics and anonymized market research as described in Section 2.9.

4. Third-Party Services

We use third-party services for authentication, cloud database hosting, AI-powered features (receipt scanning, categorization, translation, and journal writing assistance), and backend infrastructure. These services process data according to their respective privacy policies.

Receipt images and extracted text are sent to AI services only during active scanning or when you explicitly use AI features. Images are processed transiently and are not permanently stored by these services.

We do not use any analytics, crash reporting, or advertising SDKs. The app does not contain any tracking services.

Anonymized, aggregated spending data from the Spending Insights Program (Section 2.9) may be shared with third-party market research partners. This data contains no personal identifiers and cannot be used to identify individual users.

5. Data Storage and Security

5.1 Local Storage

All your data is stored locally on your device within the app's sandboxed storage. This data is protected by iOS's built-in data protection (hardware encryption at rest).

5.2 Cloud Storage

If you sign in with Google, your data is encrypted on-device and synced via HTTPS (TLS encryption in transit) to our cloud database. Data is stored keyed to your user ID. Anonymous users' data is never sent to the cloud.

5.3 End-to-End Encryption

All synced data (receipts, wallet entries, journal entries, trips, split contacts, split sessions, and preferences) is encrypted on your device using AES-256-GCM before being transmitted to our servers. Our servers store only encrypted ciphertext — we cannot read your data. All network communication additionally uses HTTPS/TLS for transport-layer encryption.

For full technical details, see our Encryption page.

5.4 Authentication Tokens

Your access token and anonymous session refresh token are stored locally on your device. These are used to authenticate API requests and are cleared on sign-out or account deletion.

6. Data Sharing

We do not sell, trade, or rent your personal information. Data is shared only in these circumstances:

• Third-party AI services: As described in Section 4, receipt images and text are processed by third-party AI services. These services process data according to their respective privacy policies.
• Group trip members: When you participate in a group trip, your display name and split/settlement data are visible to other group members.
• Legal requirements: When required by law, regulation, or valid legal process.
• Safety: To protect the rights, safety, or property of Usap.io, our users, or the public.

7. Your Rights and Controls

7.1 Anonymous Use

You can use Koink without creating an account or providing any personal information. Anonymous users get a pseudonymous ID only. All data stays on your device.

7.2 Data Deletion

The app provides granular deletion options:

• Delete Finance Data: Removes all receipts, wallet entries, split sessions, contacts, and trip data from both your device and the cloud.
• Delete Journal Data: Removes all journal entries and journals from both your device and the cloud.
• Delete Account: Permanently deletes your entire account including all cloud-synced data, profile, group memberships, friend connections, shared splits, and authentication records. Your device is reset to a fresh anonymous session.

Note: Device-level scan quota records are retained after account deletion to prevent quota abuse through account recreation.

7.3 Location Control

You can deny or revoke location permission at any time through iOS Settings. Existing location data in journal entries can be removed by editing or deleting those entries.

7.4 Cloud Sync Control

Cloud sync is only active for signed-in (non-anonymous) users. You can remain anonymous to keep all data local-only.

8. Camera and Photo Access

Koink accesses your camera for receipt scanning. Photos can also be selected from your library using a privacy-preserving photo picker, which does not require full photo library access.

• Receipt image saving: If “Save Receipt Images” is enabled (on by default), receipt photos are compressed and saved locally on your device. For signed-in users, images are also uploaded to our cloud storage so you can view them on other devices. You can disable this in Settings.
• Save to Camera Roll: If enabled (off by default), receipt photos are also saved to your device's photo library. This requires the “Add Photos Only” permission and does not grant Koink access to read your existing photos.
• Shared receipt images: In group trips, receipt images uploaded by the payer are accessible to other group members via a secure backend proxy. Images are cached locally on each member's device and deleted when the split is removed.

9. Notifications

Koink does not use push notifications or any remote notification service. All notifications are in-app only, generated from real-time events (e.g., when a group member joins a trip or a split is updated). Notification data is stored locally and is not synced to the cloud.

10. Tracking

Koink does not engage in cross-app tracking. We do not use any advertising identifiers. The device identifier we collect is used exclusively for scan quota enforcement and is not shared with any third parties for tracking or advertising purposes.

11. Children's Privacy

The Service is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that we have collected such information, we will delete it promptly.

12. Data Collected — Summary

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date. Continued use of the Service after changes constitutes acceptance.

14. Contact Us

If you have questions about this Privacy Policy, please contact us at mano@usap.io.