Privacy Policy

1. Introduction

IOriented Digital Creations Limited ("we", "our", or "us") operates the FiGuru mobile application (the "App"), a personal-finance management tool. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App.

Please read this Privacy Policy carefully. By using the App, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Username
• Password (stored as a one-way hash; we never see your plaintext password)

2.2 Financial Data

We store the financial information you enter or import into the App, including:

• Account names, balances, and currency
• Transactions you record (date, amount, category, merchant, notes)
• Receipts and statement images you upload
• Budgets, goals, categories, and tags you create
• Shopping lists and recurring-bill schedules

We do not connect directly to your bank. The App does not collect, store, or transmit your online banking credentials. Any account data in the App is information you enter yourself or import from files (CSV, OFX, PDF statements) that you choose to share with the App.

2.3 Usage Data

We automatically collect certain information when you use the App:

• Device type and operating system
• App version
• Feature usage patterns (anonymized)
• Error logs for troubleshooting

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the App
• Sync your accounts and transactions across devices
• Process AI-powered features (receipt scanning, automatic categorization)
• Generate spending insights and budget summaries
• Send important service updates
• Respond to your support requests
• Detect and prevent fraud or abuse of the App itself

We do not sell your personal or financial data, and we do not use your financial data for advertising.

4. AI Services and Third-Party Providers

Our App uses AI services to power certain features. When you use these features, the minimum data necessary may be processed by:

• Anthropic (Claude AI) — receipt parsing and transaction categorization
• Google Vertex AI — image OCR for receipts and statements
• OpenAI — text-embedding search across transactions

These providers process data according to their own privacy policies and do not retain it for training purposes under our agreements. We only share the minimum data necessary to provide the requested feature — for example, the image of a receipt is sent for OCR, but your account balances and unrelated transactions are not.

5. Data Storage and Security

Your data is stored on servers hosted by Google Cloud Platform in North America. We implement industry-standard security measures including:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest
• Salted, one-way password hashing
• Role-scoped access controls on internal systems
• Regular security audits

6. Data Sharing

We do not sell your personal information. We may share data only in these circumstances:

• Service providers — third parties who help us operate the App (hosting, AI services), under contractual data-protection obligations
• Legal requirements — when required by law or to protect our rights
• Business transfers — in connection with a merger or acquisition, with notice to you
• With your consent — when you explicitly authorize sharing

7. Your Rights

You have the right to:

• Access — request a copy of your personal data
• Correction — update or correct inaccurate data
• Deletion — request deletion of your account and data
• Export — download your transactions and accounts in a portable format
• Withdraw consent — opt out of optional data processing

To exercise these rights, contact us at privacy@ioriented.com.

8. Data Retention

We retain your data for as long as your account is active. If you delete your account, we will delete your personal and financial data within 30 days, except where we are required to retain it for legal or regulatory purposes (for example, anonymized aggregate logs).

9. Children's Privacy

The App is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy in the App and updating the "Last updated" date. Your continued use of the App after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: