Privacy Policy
Last updated: June 19, 2026. Oiko (“we,” “our”) is provided by the developer of the Oiko mobile application.
This policy describes how we collect, use, and share information when you use the Oiko app and related services. We aim to be clear about what happens to your household and financial data. By using Oiko, you agree to this policy.
Our privacy approach
Oiko is built for households that want useful grocery and budget tools without giving up control. In practice that means:
- You choose what to save. Receipts and other content are added when you scan, import, or enter them.
- You choose who to share with. Household members you invite can see data shared in that household workspace.
- We use access controls. Your account data is protected by authentication and database access rules so other users cannot browse your personal records.
- We encrypt data in transit. Communication between the app and our services uses HTTPS/TLS.
- We do not sell your personal information. We use your data to operate and improve Oiko, not to sell it to data brokers.
Oiko is not end-to-end encrypted. We and our infrastructure providers process and store your data so features like sync, search, household sharing, and receipt scanning can work. Optional features (such as AI receipt parsing) send relevant content to service providers for processing, as described below.
Information we collect
- Account and profile data. Information you provide when creating or managing an account (for example, email address, display name, and household-related details you choose to save).
- Content you provide. Data you add in the app, such as receipts, shopping lists, budgets, bank statement imports, and other household finance information you store or sync.
- Camera and photos. If you use receipt scanning or document capture, the app may access your device camera or photo library only as needed for those features.
- Location. If you grant permission, the app may access approximate or precise device location to support features that rely on location. You can change or revoke location permission in your device settings.
- Biometric app lock. If you enable app lock, your device’s biometric or device PIN system is used locally to unlock the app. We do not receive your biometric data.
- Technical and usage data. Diagnostic, performance, subscription, or usage information may be collected by our service providers (for example, Firebase and RevenueCat) to operate, secure, bill, and improve the app.
- Push notifications. If you enable notifications, we may use a push token and related metadata to deliver messages through Firebase Cloud Messaging.
- Advertising. On supported plans or screens, the app may show ads served through Google Mobile Ads. Ad partners may collect device and usage information under their own policies.
How we use information
We use the information above to provide and improve Oiko, authenticate users, sync data across devices, power household collaboration, send notifications you opt into, process subscriptions, show ads where applicable, prevent abuse, and comply with law where required.
Household sharing
When you join or create a household, data you save in that household context (such as shared receipts, lists, and budgets) is visible to other members of that household according to the product’s sharing rules. Only invite people you trust. Personal workspace data is kept separate from shared household data unless you move or share it.
AI and automated processing
Some features use automated processing to save you time. For example, when you scan a receipt or import invoice content, images or text may be sent to AI services (such as Google Gemini via Firebase) to extract line items, categories, and totals. That processing is used to deliver the feature you requested. Do not scan documents you are not comfortable having processed by these providers.
Optional connected services
If you turn on optional integrations, additional data may be processed as follows:
- Gmail sync (if enabled): reads email content you authorize to find and import invoices or receipts.
- Google Drive backup (if enabled): stores receipt image backups in your Google Drive account.
- Google or Apple sign-in: uses your identity provider to authenticate you; we receive basic profile information from that provider.
You can avoid these features by not enabling them.
Third-party services
Oiko relies on service providers that process data on our behalf. These may include:
- Supabase for authentication, database, file storage, and realtime sync.
- Google Firebase (including Cloud Messaging, AI/receipt analysis, and related infrastructure).
- Apple and Google for app distribution, sign-in, and subscription billing.
- RevenueCat for subscription and entitlement management.
- Google Mobile Ads for advertising where shown in the app.
Those providers have their own privacy policies governing their processing. We encourage you to review them.
Data retention and security
We retain information as long as needed to provide the service and for legitimate business or legal purposes. We use reasonable technical and organizational safeguards โ including encrypted connections, access controls, and provider security features โ designed to protect your information. No method of transmission or storage is completely secure.
Your choices
- Access, correct, or delete certain information through the app where available.
- Delete your account from Settings → Profile → Danger Zone. See our Account Deletion page for details.
- Disable camera, location, notifications, Gmail, Drive backup, or other optional features in the app or device settings; some features will not work without the permissions they need.
- Leave a household or stop sharing by managing household membership in the app.
Children
Oiko is not directed at children under 13 (or the minimum age required in your region). We do not knowingly collect personal information from children.
South Africa (POPIA)
If you are in South Africa, you may have rights under the Protection of Personal Information Act (POPIA), including the right to access or correct personal information and to object to certain processing where applicable. Contact us to exercise these rights.
Changes
We may update this policy from time to time. We will post the updated version on this page and revise the “Last updated” date.
Contact
For privacy questions, contact the developer at kyle.fishhoek@gmail.com.