Privacy Policy
Effective date: July 2, 2026 · Last updated: June 16, 2026
Carlos Dente, an individual doing business as Krateo ("Krateo", "we", "us") operates the Krateo mobile application (the "App"), a private household budgeting and money-tracking tool. This policy explains what personal data we process, why, and the choices and rights you have. We designed Krateo to collect as little as possible.
1. Who is the controller
The data controller is Carlos Dente, doing business as Krateo, Gold Hill Road, Fort Mill, SC. Contact for any privacy question or to exercise your rights: Contact@KrateoMoney.com.
2. What we collect
You give us:
- Account data — your name, email, and password (passwords are handled by Firebase Authentication; we never see them in plaintext). If you use Sign in with Apple, we receive the identifier Apple shares (and, if you choose, a relay email).
- Financial data you enter — transactions, bills, budgets, accounts, credit-card balances, trips and trip expenses, notes, and household membership. This is the core of the service and stays within your household.
- Receipt images — only when you choose to snap or import a receipt. The image is sent for optical character recognition (see §4, Google Cloud Vision) and stored with the transaction you create.
- Credit-score details (optional feature, only if you use it and we have enabled it) — first name, last name, date of birth, and postal address, used solely to request a soft credit-score check through a backend partner. We never ask for, collect, or store your Social Security Number in the App.
- Bank connection data (optional feature, only if you connect a bank) — handled through Plaid (see §4). Bank login credentials are entered with Plaid and never seen or stored by Krateo. Access tokens are stored server-side only and are never exposed to the App.
We collect automatically:
- Device/app data — your chosen language and timezone, and a push notification token (only if you enable notifications).
- Consent records — the version and timestamp of the terms/age/disclaimer acceptance you give, kept as a compliance record.
We do NOT collect:
- No Social Security Numbers in the App.
- No precise geolocation, no biometrics.
- No advertising identifiers and no third-party analytics or tracking SDKs. Krateo contains no ad networks and no behavioral trackers.
3. Why we process it (and our legal bases under GDPR/UK GDPR/LGPD)
| Purpose | Data | Legal basis |
|---|---|---|
| Provide and sync the budgeting service across your household | Account + financial data | Performance of a contract |
| Receipt OCR to pre-fill a transaction | Receipt image | Contract (you initiated it) |
| Send re-engagement / reminder notifications | Push token, language | Consent (you enable notifications) |
| Optional soft credit-score check | Name, DOB, address | Consent (explicit, per use) |
| Optional bank import | Plaid connection | Consent (explicit, per connection) |
| Anonymous, aggregate product statistics (no PII) | Coarse, de-identified counts | Legitimate interests |
| Security, fraud prevention, legal compliance | Account + consent records | Legitimate interests / legal obligation |
You can withdraw consent at any time (e.g., disable notifications, disconnect a bank, or delete your account); withdrawal does not affect prior processing.
4. Who we share it with (sub-processors)
We do not sell your personal information and do not share it for cross-context behavioral advertising. We use the following processors, each bound by a data-processing agreement.
| Processor | Purpose | Data involved |
|---|---|---|
| Google Firebase (Auth, Firestore, Cloud Functions) | Accounts, database, backend | Account + financial data |
| Google Cloud Vision | Receipt OCR | Receipt images you submit |
| Google (Gemini via Genkit) | AI chat / budgeting math (server-side) | The pre-computed numbers needed for your request |
| Expo | Push notification delivery | Push token |
| Apple | Sign in with Apple (if used) | Apple identifier |
| Plaid (only if you connect a bank) | Bank data aggregation | Bank connection, transactions |
| Our credit-monitoring partner (only if the credit-score feature is enabled and you use it; named in-app when you enable it) | Soft credit-score check | Name, DOB, address |
We may also disclose data if required by law, to protect rights and safety, or in connection with a corporate transaction (with notice where required).
5. International transfers
Data is stored and processed on Google Cloud infrastructure, primarily in the United States. Where we transfer personal data out of the EEA/UK/Brazil, we rely on appropriate safeguards — the EU Standard Contractual Clauses (2021) and the UK International Data Transfer Addendum as incorporated into the Google Cloud Data Processing Addendum, plus supplementary measures.
6. How long we keep it
We keep your data while your account is active. When you delete your account (Settings → Delete account), a server-side process erases your user record and removes you from your household; data you contributed to a shared household may persist for the remaining members unless they delete it. We retain limited records (e.g., consent logs) where required for legal/compliance purposes.
7. Your rights
Depending on where you live (EEA/UK GDPR, California CCPA/CPRA, Brazil LGPD, and others), you may have the right to: access a copy of your data, correct it, delete it, port it, restrict or object to processing, withdraw consent, and — under CCPA/CPRA — to know, delete, correct, and to opt out of sale/sharing (note: we do not sell or share for advertising).
- Delete now: Settings → Delete account (in-app, server-side erasure).
- Other requests: email Contact@KrateoMoney.com. We respond within the timeframes the applicable law requires (GDPR/LGPD ≈ 30/15 days; CCPA ≈ 45 days). You also have the right to lodge a complaint with your supervisory authority (e.g., your EU DPA, the UK ICO, or Brazil's ANPD).
8. Children and family members
To create a Krateo account and set up a household, you must be 18 or older (or the age of majority where you live); the household owner confirms this at the consent gate. The owner is the adult who accepts these terms on behalf of their household and is responsible for the members they invite.
Invited family members may be younger. A household owner can invite family members of any age via a private invite. By inviting a minor, the owner confirms they are that minor's parent or legal guardian (or otherwise authorized to consent on their behalf), which serves as the verifiable parental consent contemplated by COPPA/GDPR-K. We do not knowingly let children create their own standalone accounts, and we do not knowingly collect personal data from a child outside an adult-led household. If you believe a child has provided us data improperly, contact Contact@KrateoMoney.com and we will delete it.
9. Security
We use encryption in transit, Firebase Authentication, and database security rules that restrict household data to its members. Bank access tokens and API keys are held server-side and are never shipped in the App. No method is 100% secure; we will notify you and regulators of a qualifying breach as required by law (e.g., GDPR's 72-hour rule).
10. Changes and contact
We will post changes here and update the "last updated" date; material changes will be signaled in-app. Questions: Contact@KrateoMoney.com.