This Privacy Policy ("Policy") describes how Oleh Herasymenko ("we", "us", or "our") collects, uses, and protects your personal information when you use the mobile application Quro (the "App").
This Policy complies with the General Data Protection Regulation (GDPR) (EU) and other applicable data protection laws.
Data Controller:
Oleh Herasymenko
Friedrichshafen, Germany
Email: thevaltorna@gmail.com
This Policy is publicly accessible within the App and on our support website. We may update this Policy from time to time.
We process personal data in accordance with the following principles:
We do not collect location data, advertising identifiers (IDFA), or any tracking data.
We do not collect special categories of personal data (health data, biometric data for identification, political opinions, etc.).
Our Service is not intended for children under 13 (or 16 in the EU), and we do not knowingly collect their data. If we learn that we have collected personal data from a child without verifiable parental consent, we will take steps to delete that information promptly.
We use your personal data for the following purposes:
We process your personal data based on the following legal grounds:
You may withdraw your consent at any time by contacting us at thevaltorna@gmail.com or by adjusting your in-App settings or iOS Settings. Withdrawing consent for AI features disables those features while all other App functionality remains available.
We share data with the following third-party service providers solely to operate the App:
| Service | Provider | Purpose | Data Shared |
|---|---|---|---|
| Firebase Auth | Google LLC | User authentication | User ID, email |
| Google Sign-In | Google LLC | OAuth authentication | OAuth token, basic profile |
| Cloud Firestore | Google LLC | Primary database | All user data (see Section 3) |
| Cloud Functions | Google LLC | Server-side logic | Processed per request |
| Firebase Crashlytics | Google LLC | Crash reporting | Device info, crash logs, app version, hashed user ID |
| Firebase Analytics | Google LLC | Usage analytics | App events, login method |
| Google Vertex AI | Google LLC | AI assistant, receipt & statement parsing | Financial data, chat messages, document images (see Section 6a) |
| RevenueCat | RevenueCat, Inc. | Subscription management | Purchase history, subscription status, user ID |
| Firebase Cloud Messaging | Google LLC | Push notifications | Device push token |
| Meta Pixel (website only, consent-gated) | Meta Platforms Ireland Ltd. | Marketing attribution on getquro.app | IP address, browser/device info, page-view event, Meta cookies (_fbp, fr) — only after you accept on the website cookie banner |
All Google services operate under Google's Privacy Policy and Google Cloud Data Processing Addendum (DPA).
All Firebase and Vertex AI services process data within the European Union (europe-west1, Belgium / eur3 Europe multi-region), ensuring GDPR compliance.
We do not sell your personal data to third parties.
To provide AI-powered features (financial chat assistant, receipt scanning, bank statement import), we send certain data to Google Vertex AI.
AI features are powered by Google Vertex AI (Gemini models). All AI processing occurs within the European Union (europe-west1 region). Google does not use your data to train or improve its models. Data is processed in accordance with Google Cloud's Data Processing Addendum and is not retained by Google after processing.
Consent: You consent to AI processing of your financial data when you tap Get Started on the Welcome screen. The legal notice immediately below the Get Started button references this Privacy Policy, which sets out exactly which data is sent to Google Vertex AI and for what purpose. This consent covers all AI features used during onboarding (initial category and budget personalisation) and all post-onboarding AI features (chat assistant, receipt scanning, bank statement import).
You may withdraw your consent at any time in Settings → AI Features. Withdrawing consent disables all AI features while all other App functionality remains available. If you withdraw consent and later attempt to use an AI feature, the App displays a re-consent prompt explaining what data will be processed before that feature is re-enabled.
For receipt and bank statement scanning:
For AI chat assistant (via tool calls based on your queries):
Privacy masking: In Family Space, other members' individual data is masked before being sent to AI.
AI features are optional. The free tier provides full access to manual transaction entry, budgets, accounts, scheduled payments, and Family Space without using AI. AI features (chat assistant, receipt scanning, bank statement import) require an active Quro Pro subscription. AI access is licensed per individual user — Pro is not extended to other Family Space members through the owner's subscription.
This section applies to our website at getquro.app. It does not describe data processed inside the iOS App.
The website uses one strictly necessary storage entry (quro_consent in localStorage) to remember your choice on the cookie banner. No tracking occurs from this entry. It is set under our legitimate interest in honoring your consent decision (Art. 6(1)(f) GDPR) and does not require consent under § 25(2) TTDSG.
Only if you click "Принять" / Accept on the cookie banner, we load the Meta Pixel (provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland). The Pixel is a JavaScript snippet from connect.facebook.net that fires a PageView event and sets Meta cookies (typically _fbp, fr) in your browser.
Purpose: measure the effectiveness of our Facebook / Instagram advertising, build conversion statistics, and (in aggregated form) optimize ad delivery to similar audiences. We do not use the Pixel for cross-site behavioral profiling beyond Meta's advertising ecosystem.
Data processed: IP address (truncated by Meta), user agent / browser and device information, referring URL, the fact that you visited getquro.app, page-view event, and Meta cookie identifiers. Meta may link this to your Facebook / Instagram account if you are logged into one.
Legal basis: your prior, freely given, specific, informed and unambiguous consent under Art. 6(1)(a) GDPR and § 25(1) TTDSG (Germany). Until you accept, no Pixel script is loaded and no Meta cookies are set.
Joint controllership: for the collection and transmission of Pixel data to Meta we act as joint controllers with Meta within the meaning of Art. 26 GDPR, under the Controller Addendum. Meta's subsequent processing is governed by Meta's own Privacy Policy.
International transfers: Meta may transfer data to the United States. Transfers are based on the EU-US Data Privacy Framework (Meta Platforms, Inc. is certified) and, where applicable, the EU Standard Contractual Clauses.
Retention: Meta cookies expire up to 90 days after they are set or refreshed. Server-side data is retained by Meta per its own retention schedule.
You can withdraw your consent at any time, with effect for the future:
localStorage for getquro.app and the _fbp / fr cookies via your browser settings.If you decline or have not yet accepted, the Pixel script is never loaded and no marketing cookies are set. Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.
Quro is a personal finance tracking tool for informational purposes only.
The App and its AI assistant do not provide financial advice, investment recommendations, tax advice, or any regulated financial services. All AI-generated analysis, categorizations, and suggestions are produced automatically based solely on data you provide and are intended for informational purposes only.
You should not make financial decisions based solely on AI-generated content. Always consult a qualified financial professional for financial, investment, or tax advice.
We are not a financial institution, bank, licensed financial advisor, or regulated financial service provider.
All user data is stored in Google Cloud Firestore within the European Union (eur3 multi-region Europe / europe-west1, Belgium).
Receipt and bank statement images and documents are not stored on our servers. They are processed in memory during Cloud Function execution and immediately discarded. Only the structured result (parsed transactions) is saved to Firestore.
Retention period: Your data is retained for as long as your account is active. Upon account deletion, all personal data is permanently and irreversibly deleted immediately — there is no grace period or recovery option (see Section 11).
Anonymized data: Anonymized crash reports and aggregated analytics data collected by third-party services (Firebase Crashlytics, Firebase Analytics) may be retained after account deletion, as they cannot be linked back to you personally.
Third-party retention: Crash reports are retained for 90 days. Analytics data is retained according to Firebase Analytics default retention settings.
All users of the App have the following rights regarding their personal data:
To exercise any of these rights, contact us at thevaltorna@gmail.com. We will respond within 30 days.
We implement appropriate technical and organizational measures to protect your personal data:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users without undue delay and, where required, within 72 hours of becoming aware of the breach. Notification will be provided via the email address associated with your account or via a prominent notice within the App.
You may delete your account at any time from Settings → Account → Delete account. Deletion requires re-authentication for security.
Upon account deletion, the following is permanently and irreversibly deleted:
Deletion is immediate. There is no grace period or recovery option.
Active subscriptions managed by Apple are not automatically cancelled upon account deletion. You must cancel your subscription separately via iOS Settings → Subscriptions.
If you are a member (not owner) of a Family Space: your membership is removed automatically upon account deletion. Shared data you contributed (transactions, bills) remains in the Family Space as it belongs to the shared account, not to you individually.
If you are the owner of a Family Space: you must delete the Family Space before deleting your account (see Section 12).
After deleting your account, you may create a new account and restore your active subscription via Restore Purchases in the App. Previously entered personal data cannot be recovered.
If you participate in a Family Space, certain data — including transactions, budgets, and account balances — is shared with all members of that Family Space. You must only join or invite others to a Family Space with their explicit consent.
Family Space deletion: The owner may delete the Family Space at any time. Upon deletion, all shared financial data (transactions, bills, categories, budgets, receipts, AI chat history) is permanently deleted and all members immediately lose access. The owner's subscription is not affected and may be applied to a new Family Space.
Member removal: The owner may remove any member at any time. The removed member loses access to the shared account immediately. Data contributed by the removed member remains in the shared account. The removed member's personal account and data are not affected.
The App uses AI for automated processing such as transaction categorization, receipt parsing, and financial analysis. These features assist you in organizing your financial data.
No decisions with legal or similarly significant effects are made solely by automated means. All AI-generated categorizations and suggestions can be reviewed, edited, or rejected by you before saving.
During onboarding, the App generates an initial set of categories and budget suggestions automatically using AI. These suggestions are presented to you for review on the Plan Preview screen before any data is committed to your account, and you may edit, replace, or delete them at any point afterwards. No suggestions are applied to your account without your explicit acceptance via the «Looks Good» action on the Plan Preview screen.
All primary data storage and processing occurs within the European Union (Google Cloud, eur3 / europe-west1).
RevenueCat, Inc. is based in the United States. Where subscription data is transferred to the US, it is protected by Standard Contractual Clauses (SCCs) approved by the European Commission.
We may update this Policy from time to time. We will notify you of any material changes by posting the new Policy within the App and on our support website. The Effective Date at the top of this document will be updated accordingly. If you do not agree with the changes, you may delete your account. Continued use of the App after 30 days constitutes acceptance of the updated Policy.
For material changes that affect the legal basis of data processing or introduce new categories of data collection, we will provide in-App notification with the option to review the changes before they take effect. If you do not accept such changes, you may delete your account.
For questions about this Policy or to exercise your rights, contact us:
Oleh Herasymenko
Friedrichshafen, Germany
Email: thevaltorna@gmail.com
Support Website: https://getquro.app
Version 1.2 (2026-05-15) — Added Section 6c describing website cookies and Meta Pixel on getquro.app: consent-gated loading, joint controllership with Meta (Art. 26 GDPR), legal basis Art. 6(1)(a) GDPR / § 25(1) TTDSG, EU-US Data Privacy Framework transfers, and withdrawal options. Added Meta Pixel row to the Third-Party Services table. Clarified consent reference in Section 5.
Version 1.1 (2026-05-12) — Removed legacy Basic and Family subscription tiers (only unified Pro plan remains). Family Space is now available to all users at no cost. AI features access is per-individual-user (not per-family). AI consent is now given via Welcome screen acceptance, not via a separate first-use prompt. Added documentation of temporary anonymous Firebase authentication during onboarding.
Version 1.0 (2026-03-31) — Initial release.