Krateo
  • Home
  • Features
  • Who it's for
    • Individuals
    • Couples
    • Families
    • Sole proprietors
    • Kids

Privacy Policy

Effective date: July 2, 2026 · Last updated: June 16, 2026

This policy is issued by the founder as a sole proprietor ahead of Krateo's formal corporate entity being established. It will be reassigned to that entity, with an updated contact address, once formed post-launch.

Carlos Dente, an individual doing business as Krateo ("Krateo", "we", "us") operates the Krateo mobile application (the "App"), a private household budgeting and money-tracking tool. This policy explains what personal data we process, why, and the choices and rights you have. We designed Krateo to collect as little as possible.

1. Who is the controller

The data controller is Carlos Dente, doing business as Krateo, Gold Hill Road, Fort Mill, SC. Contact for any privacy question or to exercise your rights: Contact@KrateoMoney.com.

2. What we collect

You give us:

  • Account data — your name, email, and password (passwords are handled by Firebase Authentication; we never see them in plaintext). If you use Sign in with Apple, we receive the identifier Apple shares (and, if you choose, a relay email).
  • Financial data you enter — transactions, bills, budgets, accounts, credit-card balances, trips and trip expenses, notes, and household membership. This is the core of the service and stays within your household.
  • Receipt images — only when you choose to snap or import a receipt. The image is sent for optical character recognition (see §4, Google Cloud Vision) and stored with the transaction you create.
  • Credit-score details (optional feature, only if you use it and we have enabled it) — first name, last name, date of birth, and postal address, used solely to request a soft credit-score check through a backend partner. We never ask for, collect, or store your Social Security Number in the App.
  • Bank connection data (optional feature, only if you connect a bank) — handled through Plaid (see §4). Bank login credentials are entered with Plaid and never seen or stored by Krateo. Access tokens are stored server-side only and are never exposed to the App.

We collect automatically:

  • Device/app data — your chosen language and timezone, and a push notification token (only if you enable notifications).
  • Consent records — the version and timestamp of the terms/age/disclaimer acceptance you give, kept as a compliance record.

We do NOT collect:

  • No Social Security Numbers in the App.
  • No precise geolocation, no biometrics.
  • No advertising identifiers and no third-party analytics or tracking SDKs. Krateo contains no ad networks and no behavioral trackers.

3. Why we process it (and our legal bases under GDPR/UK GDPR/LGPD)

PurposeDataLegal basis
Provide and sync the budgeting service across your householdAccount + financial dataPerformance of a contract
Receipt OCR to pre-fill a transactionReceipt imageContract (you initiated it)
Send re-engagement / reminder notificationsPush token, languageConsent (you enable notifications)
Optional soft credit-score checkName, DOB, addressConsent (explicit, per use)
Optional bank importPlaid connectionConsent (explicit, per connection)
Anonymous, aggregate product statistics (no PII)Coarse, de-identified countsLegitimate interests
Security, fraud prevention, legal complianceAccount + consent recordsLegitimate interests / legal obligation

You can withdraw consent at any time (e.g., disable notifications, disconnect a bank, or delete your account); withdrawal does not affect prior processing.

4. Who we share it with (sub-processors)

We do not sell your personal information and do not share it for cross-context behavioral advertising. We use the following processors, each bound by a data-processing agreement.

ProcessorPurposeData involved
Google Firebase (Auth, Firestore, Cloud Functions)Accounts, database, backendAccount + financial data
Google Cloud VisionReceipt OCRReceipt images you submit
Google (Gemini via Genkit)AI chat / budgeting math (server-side)The pre-computed numbers needed for your request
ExpoPush notification deliveryPush token
AppleSign in with Apple (if used)Apple identifier
Plaid (only if you connect a bank)Bank data aggregationBank connection, transactions
Our credit-monitoring partner (only if the credit-score feature is enabled and you use it; named in-app when you enable it)Soft credit-score checkName, DOB, address

We may also disclose data if required by law, to protect rights and safety, or in connection with a corporate transaction (with notice where required).

5. International transfers

Data is stored and processed on Google Cloud infrastructure, primarily in the United States. Where we transfer personal data out of the EEA/UK/Brazil, we rely on appropriate safeguards — the EU Standard Contractual Clauses (2021) and the UK International Data Transfer Addendum as incorporated into the Google Cloud Data Processing Addendum, plus supplementary measures.

6. How long we keep it

We keep your data while your account is active. When you delete your account (Settings → Delete account), a server-side process erases your user record and removes you from your household; data you contributed to a shared household may persist for the remaining members unless they delete it. We retain limited records (e.g., consent logs) where required for legal/compliance purposes.

7. Your rights

Depending on where you live (EEA/UK GDPR, California CCPA/CPRA, Brazil LGPD, and others), you may have the right to: access a copy of your data, correct it, delete it, port it, restrict or object to processing, withdraw consent, and — under CCPA/CPRA — to know, delete, correct, and to opt out of sale/sharing (note: we do not sell or share for advertising).

  • Delete now: Settings → Delete account (in-app, server-side erasure).
  • Other requests: email Contact@KrateoMoney.com. We respond within the timeframes the applicable law requires (GDPR/LGPD ≈ 30/15 days; CCPA ≈ 45 days). You also have the right to lodge a complaint with your supervisory authority (e.g., your EU DPA, the UK ICO, or Brazil's ANPD).

8. Children and family members

To create a Krateo account and set up a household, you must be 18 or older (or the age of majority where you live); the household owner confirms this at the consent gate. The owner is the adult who accepts these terms on behalf of their household and is responsible for the members they invite.

Invited family members may be younger. A household owner can invite family members of any age via a private invite. By inviting a minor, the owner confirms they are that minor's parent or legal guardian (or otherwise authorized to consent on their behalf), which serves as the verifiable parental consent contemplated by COPPA/GDPR-K. We do not knowingly let children create their own standalone accounts, and we do not knowingly collect personal data from a child outside an adult-led household. If you believe a child has provided us data improperly, contact Contact@KrateoMoney.com and we will delete it.

9. Security

We use encryption in transit, Firebase Authentication, and database security rules that restrict household data to its members. Bank access tokens and API keys are held server-side and are never shipped in the App. No method is 100% secure; we will notify you and regulators of a qualifying breach as required by law (e.g., GDPR's 72-hour rule).

10. Changes and contact

We will post changes here and update the "last updated" date; material changes will be signaled in-app. Questions: Contact@KrateoMoney.com.

© 2026 Krateo. All rights reserved. · Privacy Policy · Terms of Service