Kontaria← Back to Home

Privacy Policy

Effective Date: March 23, 2026

Luxury Labs (“we,” “us,” or “our”) operates the Kontaria mobile application and website (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By accessing or using Kontaria, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

1. Information We Collect

1.1 Account Information

When you create a Kontaria account, we collect:

  • Email address
  • Password (stored as a cryptographic hash by our authentication provider)
  • Display name (if provided)
  • Google account information (if you sign in via Google OAuth)

1.2 Financial Data

As the core functionality of Kontaria, we process and store financial information you share with us, including:

  • Expense and income amounts
  • Transaction descriptions and categories
  • Receipt images and their extracted data
  • Audio recordings of voice notes describing expenses
  • Currency and country preferences
  • Monthly income and initial balance (provided during onboarding)

1.3 Device and Technical Information

We automatically collect certain technical information, including:

  • Device type, model, and operating system
  • Unique device identifiers (for push notifications)
  • IP address
  • App version
  • Language and locale settings

1.4 Usage Data

We collect information about how you interact with the Service:

  • Feature usage and interaction patterns
  • Chat message history (text messages sent to the AI assistant)
  • Number of AI interactions consumed per billing period
  • Subscription tier and status
  • Crash reports and performance diagnostics

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and maintain the Service: Process your expenses, generate analytics and insights, and maintain your transaction history.
  • AI processing: Analyze text messages, receipt images, and voice notes using artificial intelligence to extract, categorize, and record financial transactions on your behalf.
  • Personalization: Customize the AI assistant's tone and behavior according to your preferences, and display financial data in your preferred currency and language.
  • Communication: Send transactional emails, push notifications (if enabled), and important service updates.
  • Advertising: Display relevant advertisements to users on the Free plan via Google AdMob.
  • Subscription management: Process and manage your subscription status, billing, and quota enforcement.
  • Improvement: Analyze usage patterns to improve the Service, fix bugs, and develop new features.
  • Security: Detect and prevent fraud, abuse, and security incidents, including rate limiting and request validation.

3. How AI Processes Your Data

Kontaria uses artificial intelligence to analyze the content you submit. Here is how each type of data is processed:

3.1 Text Messages

When you send a text message describing an expense or income, it is sent to a third-party AI provider (via OpenRouter) for natural language processing. The AI extracts transaction details such as amount, category, date, and description.

3.2 Receipt Images

When you upload a receipt photo, the image is sent to Google Gemini for visual analysis. The AI extracts line items, totals, vendor information, and categorizes the expense. Receipt images are stored in a private storage bucket accessible only to you.

3.3 Voice Notes

When you record a voice note, the audio file is sent to Google Gemini for transcription and analysis. The AI converts your speech to text, then extracts transaction details. Audio files are stored in a private storage bucket accessible only to you.

Important: Your data sent to AI providers is used solely for processing your request and is not used to train AI models. We do not share your financial data with AI providers for any purpose other than providing you with the Service.

4. Third-Party Services

We use the following third-party services to operate Kontaria. Each has its own privacy policy governing the use of your information:

ServicePurposeData Shared
SupabaseAuthentication, database, and file storageAccount data, transactions, media files
OpenRouter (AI)Text message processingChat messages and user context
Google Gemini (AI)Image and audio processingReceipt images, voice recordings
RevenueCatSubscription managementUser ID, subscription status, purchase history
Expo Push NotificationsPush notification deliveryDevice push tokens, notification content
Google AdMobAdvertising (Free plan users only)Device identifiers, ad interaction data
ResendTransactional email deliveryEmail address, email content
StripeWeb payment processingPayment information (processed directly by Stripe)
Apple App Store / Google PlayIn-app purchase processingPurchase receipts (processed by platform)

5. Data Storage and Security

Your data is stored securely using industry-standard practices:

  • Database: All structured data (account information, transactions, preferences) is stored in a PostgreSQL database hosted by Supabase with encryption at rest.
  • Media files: Receipt images and voice recordings are stored in Supabase Storage in a private bucket. Files are accessible only to the authenticated user who uploaded them, via time-limited signed URLs.
  • Authentication: Passwords are never stored in plain text. Authentication is handled by Supabase Auth with industry-standard hashing. Sessions use short-lived JWT access tokens with automatic refresh.
  • Transport security: All data transmitted between your device and our servers is encrypted using TLS/HTTPS.
  • Rate limiting: API endpoints are protected by rate limiting to prevent abuse and ensure service availability.
  • Security headers: Our API includes security headers (HSTS, CSP, X-Frame-Options) to protect against common web vulnerabilities.

While we implement robust security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you the Service. Specifically:

  • Account data: Retained until you delete your account.
  • Transaction history: Retained until you delete individual transactions or your account.
  • Chat history: Retained until you delete your account.
  • Media files: Retained until you delete the associated transaction or your account.
  • Usage logs: Retained for up to 90 days for security and debugging purposes.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal obligations).

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data and account.
  • Export: Request a portable copy of your data in a machine-readable format.
  • Restriction: Request that we limit the processing of your data in certain circumstances.
  • Objection: Object to the processing of your data for certain purposes, including direct marketing.
  • Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, please contact us at support@kontaria.com. We will respond to your request within 30 days.

8. Information for EEA Users (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract performance: Processing necessary to provide you with the Service you have requested (e.g., processing transactions, maintaining your account).
  • Legitimate interests: Processing necessary for our legitimate business interests (e.g., security, fraud prevention, service improvement), where those interests are not overridden by your rights.
  • Consent: Processing based on your explicit consent (e.g., push notifications, advertising).
  • Legal obligation: Processing necessary to comply with applicable laws.

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.

9. Information for California Users (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request deletion of your personal information, subject to certain exceptions.
  • Right to opt-out: You may opt out of the “sale” of your personal information. We do not sell personal information in the traditional sense; however, targeted advertising may constitute a “sale” under the CCPA. Free plan users may opt out of personalized ads in app settings.
  • Non-discrimination: We will not discriminate against you for exercising your CCPA rights.

10. Cookies and Local Storage

Kontaria uses minimal cookies and local storage mechanisms:

  • Authentication tokens: We store JWT access and refresh tokens in your device's local storage (AsyncStorage on mobile, browser storage on web) to maintain your session. These are essential for the Service to function and cannot be disabled.
  • User preferences: We store your theme, language, and display preferences locally on your device for a seamless experience.
  • Advertising cookies: For Free plan users, Google AdMob may use cookies or device identifiers for ad personalization. You may opt out of personalized ads through your device settings or within the app.

We do not use analytics cookies or third-party tracking cookies on the Kontaria website or application beyond what is described above.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. Our infrastructure providers and AI processing services may be located in the United States or other jurisdictions.

When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant data protection authorities
  • Data processing agreements with all third-party service providers
  • Ensuring third-party providers maintain adequate security standards

12. Children's Privacy

Kontaria is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@kontaria.com, and we will promptly delete such information.

Users between the ages of 13 and 18 may use Kontaria only with the involvement and consent of a parent or legal guardian.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the “Effective Date” at the top of this page
  • Notify you via email or in-app notification for significant changes
  • Provide at least 30 days' notice before material changes take effect

Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Luxury Labs

Email: support@kontaria.com

Website: https://kontaria.com