Privacy Policy

Last updated: 2026-05-12

1. Identity and Contact Details

This Privacy Policy explains how Bucko collects, uses, stores, and shares personal data when you use the Bucko mobile app, related services, and any Bucko website pages that link to this policy.

Bucko is currently operated by an individual operator.

• Legal name: Gergő Szabó
• Business or postal address: Bucko does not currently publish a postal address for customer contact.
• Support email: szabogergo.ev@gmail.com
• Privacy email: szabogergo.ev@gmail.com
• Website: https://buckobudget.com

For the purposes of applicable data protection law, including the GDPR where applicable, the operator above is the data controller for Bucko unless this policy states otherwise.

2. Scope of This Policy

This policy applies to:

• the Bucko mobile application;
• Bucko support interactions;
• Bucko website pages that link to this policy; and
• related subscription, analytics, AI, and notification features connected to Bucko.

This policy does not govern third-party services that have their own privacy notices, including app stores, authentication providers, subscription platforms, payment processors, and external websites linked from Bucko.

3. Categories of Personal Data We Collect

Depending on how you use Bucko, we may collect the following categories of personal data:

Account and identity data

• account identifiers such as your Clerk user ID;
• email address;
• name and profile details if made available by your authentication provider;
• authentication provider details, such as sign-in method or social login source.

Financial and budgeting data

• wallets, wallet names, balances, currencies, emojis, brand domain references, and goals;
• transactions, including amounts, transaction type, merchant or transaction names, dates, notes, tags, and categories;
• recurring transactions and recurrence settings;
• category goals;
• account settings and feature preferences.

Shared wallet and collaboration data

• wallet membership records;
• invite code records;
• shared wallet associations and activity visible within a shared wallet.

AI and chat data

• natural-language inputs you submit;
• chat messages and prompts;
• AI-generated suggestions, classifications, or proposed actions;
• receipt interpretation outputs and extracted transaction suggestions.

Receipt and image data

• receipt or transaction-related images you upload for scanning;
• extracted line items, amounts, dates, merchant descriptions, and related AI-generated proposals.

Subscription and purchase data

• subscription status and entitlement information from RevenueCat;
• app-user identifiers used to associate subscription status with your Bucko account.

Bucko does not directly process or store your full payment card details for in-app subscriptions.

Device, app, and usage data

• app version;
• platform and device metadata;
• locale and language settings;
• coarse diagnostic and error information;
• analytics event data related to feature usage.

Notifications data

• push notification identifiers and aliases used by OneSignal;
• notification engagement events where supported by OneSignal.

Support and feedback data

• feedback type and message content;
• contact email you provide for follow-up;
• related app version, locale, and platform context.

Local device data

• app preferences stored locally on your device, including display preferences, launch preferences, language preferences, and theming data;
• widget-visible summary data shown on device surfaces such as supported home-screen widgets.

4. How We Collect Data

We collect personal data in the following ways:

• directly from you when you create an account, sign in, create wallets, record transactions, submit feedback, use chat, or upload receipt images;
• automatically from your device and app usage through analytics, diagnostics, notifications, and app infrastructure;
• from third-party providers that support Bucko, such as Clerk, RevenueCat, Apple, Google, OneSignal, PostHog, OpenAI, Google Gemini, Convex, and UploadThing;
• from other users only where wallet-sharing functionality causes shared wallet information to become visible to invited wallet participants.

5. Purposes of Processing

We process personal data to:

• create and manage your Bucko account;
• authenticate you and secure access to the app;
• store and sync your financial records and app settings;
• support manual, AI-assisted, and receipt-based transaction entry;
• provide wallet sharing and collaboration features;
• operate recurring transaction, category, tag, and budgeting features;
• provide finance chat and AI-assisted guidance inside the product;
• process temporary receipt images and create transaction suggestions;
• manage subscriptions and premium feature access;
• send push notifications and app-related messages;
• analyze product usage and improve app performance and reliability;
• detect abuse, secure the service, and troubleshoot issues;
• respond to support requests, feedback, and legal requests;
• comply with legal obligations and enforce our Terms and Conditions.

6. Legal Bases Under GDPR

If the GDPR or a similar data protection law applies, we generally rely on the following legal bases:

• Contract: where processing is necessary to provide Bucko and its requested features to you.
• Legitimate interests: where processing is reasonably necessary to operate, secure, improve, and support Bucko.
• Consent: where required by law, for example for certain notifications, device permissions, or website technologies.
• Legal obligation: where we must process or retain data to comply with applicable law.

Examples:

• account creation, authentication, storing transactions, shared wallets, and subscription access are generally processed on a contract basis;
• analytics, diagnostics, fraud prevention, and service improvement are generally processed under legitimate interests, subject to applicable law;
• camera and notification permissions depend on your device-level choices;
• legal-response and retention obligations may rely on legal obligation.

7. AI-Related Processing

Bucko includes AI-assisted features such as:

• natural-language transaction parsing;
• finance chat;
• AI-assisted categorization and transaction proposals; and
• receipt image interpretation.

To provide these features, Bucko may send relevant inputs and related context to third-party AI providers currently used by the product, including OpenAI and Google Gemini. That may include text you enter, receipt image data, wallet and category context needed for classification, and related prompts or outputs.

We use AI features to help interpret and organize information, not to provide regulated financial, tax, accounting, investment, or legal advice. AI outputs may be inaccurate, incomplete, or contextually wrong. You are responsible for reviewing AI-generated outputs before relying on them or accepting suggested actions.

8. Receipt and Photo Processing

If you use receipt scanning features, Bucko may:

• collect the image you upload;
• temporarily store the image through UploadThing or related infrastructure;
• analyze the image to extract merchant names, line items, dates, and amounts;
• generate a proposed transaction for your review.

Bucko is designed to use receipt images as temporary processing inputs rather than permanent storage. Based on the current implementation:

• confirmed scans trigger deletion of the uploaded image after the resulting transaction is created;
• cancelled scans trigger deletion of the uploaded image; and
• stale scan uploads are cleaned up on an approximate 24-hour cycle.

Bucko also displays a product-level privacy note indicating that budgeting-safe receipt fields are intended to be shown and that sensitive receipt details such as VAT numbers, card details, or bank details are not intended to be kept in Bucko as budgeting records.

9. Analytics, Diagnostics, and Notifications

Bucko uses PostHog for analytics and diagnostics. Based on the current implementation, PostHog may receive:

• product usage events;
• onboarding and feature interaction events;
• error and exception events;
• coarse user-profile attributes associated with app usage patterns.

Bucko currently has PostHog session replay disabled.

Bucko also uses OneSignal for push notifications. OneSignal may process device and notification identifiers and may associate your notification identity with your Bucko user ID in order to send relevant app notifications.

Bucko may request device permissions such as camera access for receipt scanning. The codebase also includes certain platform permissions, including Android advertising ID and audio-related permissions, but this policy does not represent that Bucko uses those permissions for advertising or microphone-based product features unless and until such uses are clearly enabled and disclosed.

Bucko does not use your location for app features. The iOS app configuration explicitly states that location is not collected or used for Bucko features.

10. Subscriptions and Payment Processing

Bucko uses RevenueCat to manage subscription status and premium access. Apple and Google, through their app store billing systems, may process subscription purchases and payment information under their own terms and privacy notices.

Bucko may receive subscription-related information such as:

• whether you have an active subscription;
• entitlement status;
• app-user identifiers used to sync subscription access.

Bucko does not directly process or store full credit card or debit card details for in-app subscription purchases.

11. Sharing and Disclosure

We may share personal data with service providers and infrastructure partners that help us operate Bucko, including:

• Clerk for authentication and account identity services;
• Convex for backend infrastructure, database, and application logic;
• RevenueCat for subscription management;
• OneSignal for push notifications;
• PostHog for analytics and diagnostics;
• OpenAI and Google Gemini for AI-powered features;
• UploadThing for temporary file upload and receipt image handling;
• Apple and Google where app distribution, billing, or sign-in features require it.

We may also disclose personal data:

• to other users within the scope of shared wallet functionality;
• if required by law, regulation, court order, or lawful request;
• to protect the rights, safety, security, or integrity of Bucko, our users, or others;
• in connection with a sale, transfer, restructuring, or similar business event, subject to applicable law.

We do not state here that every provider acts exclusively as a processor in every context. Some third parties may act as independent controllers or under mixed roles depending on the service.

12. International Transfers

Some service providers used by Bucko may process data outside your home jurisdiction, including outside the EEA, UK, or Switzerland. Where required, we will rely on appropriate safeguards for such transfers, such as contractual safeguards or another lawful transfer mechanism recognized under applicable law.

Because Bucko uses third-party infrastructure providers, you should expect that some data may be processed internationally.

13. Data Retention

We retain personal data for as long as reasonably necessary for the purposes described in this policy, including to provide the service, maintain account functionality, resolve disputes, enforce agreements, and comply with legal obligations.

Retention examples based on current implementation:

• account, wallet, and transaction data may remain until deleted by you or removed through account deletion workflows;
• receipt images are intended to be temporary and are designed to be deleted after confirmation, cancellation, or stale cleanup;
• analytics, diagnostics, and provider-side records may be retained according to the relevant provider's retention settings or legal requirements;
• some records may persist longer if required for security, fraud prevention, abuse handling, backup integrity, or legal compliance.

14. Shared Wallet Visibility Model

Bucko allows users to share wallets with other users through invite-based membership features. If you share a wallet or join a shared wallet, other wallet participants may be able to see information associated with that wallet, including relevant transactions, balances, recurring items, and related wallet data.

You are responsible for deciding who you invite into a shared wallet and whether you join a wallet shared by someone else. Please do not place information in a shared wallet if you do not want other wallet participants to view it.

15. Your Rights Under GDPR, EEA, UK, and Similar Laws

Depending on your location and applicable law, you may have rights to:

• access personal data;
• request correction of inaccurate data;
• request deletion of personal data;
• request restriction of processing;
• object to certain processing;
• request data portability;
• withdraw consent where processing is based on consent;
• lodge a complaint with a supervisory authority.

These rights are not absolute and may be limited by law. To exercise privacy rights, contact us at szabogergo.ev@gmail.com.

16. Account Deletion and Data Requests

Bucko includes an internal deletion path intended to remove major categories of app data stored in Convex when account deletion is run. Based on the current implementation, that process is designed to delete items such as:

• owned wallets and associated transactions;
• recurring transactions and related skip records;
• wallet invite codes and membership records;
• tags and user-created categories;
• category goals;
• AI proposal records;
• temporary photo scan records;
• account settings.

Deletion of Bucko-held app data may not automatically delete data independently retained by third parties under their own systems, legal obligations, or roles, including app stores, authentication providers, analytics providers, notification providers, or subscription systems.

For more detail, see Bucko's data deletion page or contact szabogergo.ev@gmail.com.

17. Children's Privacy

Bucko is not intended for children below the minimum age required to use the service under applicable law. We do not knowingly design Bucko as a child-directed service. If you believe that a child has provided personal data in violation of applicable law, contact us so we can review and respond appropriately.

18. Security

We use reasonable technical and organizational measures intended to protect personal data. However, no method of transmission, storage, or processing is completely secure, and we cannot guarantee absolute security.

You are responsible for maintaining the confidentiality of your device access, account credentials, and any shared-wallet participation choices.

19. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify you through the app, website, or other reasonable means. The "Last updated" date above reflects the effective revision date of this version.

20. Contact Details

Privacy questions, rights requests, and support requests should be sent to:

• Support URL: https://buckobudget.com
• Support email: szabogergo.ev@gmail.com
• Privacy email: szabogergo.ev@gmail.com
• Postal address: Bucko does not currently publish a postal address for customer contact.

Bucko's Terms and Conditions, Data Deletion Policy, and AI Feature Disclaimer should be read together with this Privacy Policy.