Legal

Privacy Policy

Hesabaty is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how we keep it safe.

Last updated: March 2026 · Effective date: March 2026

1. Who We Are

Hesabaty ("we", "our", "us") is a personal budgeting application designed for users in Egypt. We are the data controller for all personal data processed through the Hesabaty mobile app and this website.

Questions about this policy? Contact us at privacy@hesabaty.com.

2. Data We Collect

We collect only what is necessary to provide the service:

Account data

Email address (used for authentication and account recovery)
Display name (optional, used in the app interface)
Password (stored as a bcrypt hash — we never see your plain-text password)

Financial data you enter

Transaction amounts, dates, merchants, and categories you add manually or via automation
Budget limits and allocation templates you configure
Subscription and bill records you create
Goal names and target amounts
Account balances you record

All monetary amounts are stored as integers (piastres) to avoid floating-point errors. We never store raw bank account numbers or card numbers.

Automated tracking data

Apple Pay (iOS): When you use the Apple Shortcuts integration, the Shortcut sends us the merchant name, amount, currency, and timestamp. Raw Apple Pay receipt data is never transmitted to or stored by Hesabaty.
Bank SMS (iOS & Android): On iOS, an Apple Shortcut parses incoming bank SMS notifications and forwards extracted fields (amount, type, merchant, account last 4 digits) to the app. On Android, we request SMS read permission to parse messages from banks you configure. The raw SMS message text is never stored — only the parsed transaction fields are saved.

Voice input (optional)

When you use voice input to add a transaction, your speech is processed locally on-device using the system speech recognition framework. Only the parsed result (amount and merchant name) is saved — the audio is never transmitted to our servers.

Usage and device data

App crash reports and diagnostic logs (anonymised)
Device locale and language preference (to serve the correct language)
Push notification token (for reminders and budget alerts)

3. How We Use Your Data

To provide, maintain, and improve the Hesabaty service
To authenticate you and keep your account secure
To calculate budgets, rollovers, and analytics on your behalf
To send push notifications you have opted in to (reminders, alerts)
To process in-app subscription purchases via RevenueCat
To respond to your support requests

We do not sell your data. We do not use your financial data for advertising. We do not share your personal data with third parties except as described in Section 4.

4. Third-Party Services

We use a small number of trusted third-party services to operate Hesabaty:

Supabase

EU (Frankfurt)

Database, authentication, and file storage

RevenueCat

USA

In-app subscription management and purchase validation

Expo / EAS

USA

App build infrastructure and push notification delivery

Apple (iOS only)

USA

App Store distribution, Apple Pay processing

Google (Android only)

USA

Google Play distribution, billing

5. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) hosted in the EU (Frankfurt region). Data is encrypted at rest using AES-256 and in transit using TLS 1.3.
Authentication tokens are stored in your device's secure storage — iOS Keychain or Android EncryptedSharedPreferences. They are never stored in plain text.
Row-Level Security (RLS) is enforced on every database table — your data is isolated from other users at the database level.
We never store raw SMS content, raw bank messages, or audio recordings.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account:

Your personal data and all financial records are permanently deleted within 30 days.
Aggregated, anonymised usage statistics (with no personal identifiers) may be retained for service improvement.
Legal retention obligations may require us to keep billing records for up to 7 years.

7. Your Rights

You have the right to:

Access — request a copy of all data we hold about you
Correction — update inaccurate or incomplete data directly in the app or by contacting us
Deletion — delete your account and all associated data via Settings → Account → Delete Account
Export — export your transaction data as CSV or PDF at any time via Settings → Export
Portability — receive your data in a machine-readable format upon request
Objection — object to how we process your data

To exercise any of these rights, email us at privacy@hesabaty.com. We will respond within 30 days.

8. Children's Privacy

Hesabaty is not intended for users under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

9. Push Notifications

We send push notifications only for purposes you have consented to — budget alerts, subscription renewal reminders, and goal milestone updates. You can manage your notification preferences in Settings → Notifications, or via your device's notification settings.

10. Language

This Privacy Policy is written in English. An Arabic translation is available in the app. In case of any conflict between the English and Arabic versions, the English version prevails.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via a push notification or an in-app banner. The "Last updated" date at the top of this page will always reflect the most recent revision. Continued use of the app after changes are posted constitutes your acceptance of the updated policy.

12. Contact

Hesabaty — Privacy Enquiries
privacy@hesabaty.com