Privacy policy
Effective date: 5/22/2026
Last updated: 5/22/2026
Operator: Vitalii Mashchenko, individual entrepreneur (ФОП) registered in Ukraine
Contact: privacy@kungfumoney.app
1. Who we are
KungFuMoney is a household personal-finance application operated by Vitalii Mashchenko, an individual entrepreneur (фізична особа-підприємець, "ФОП") registered in Ukraine. Throughout this policy, "we", "us", and "KungFuMoney" refer to this sole proprietorship.
Our principal place of business is Ukraine. Our application servers are hosted in Canada, our payment processing is operated by Paddle in the United Kingdom, and several of our service providers operate from the European Economic Area, the United Kingdom, and the United States. Locations and the lawful basis for each transfer are detailed in section 9.
This policy describes what personal data we collect, why we collect it, how long we keep it, who we share it with, and the rights you have over your data. It applies to everyone who creates an account or otherwise interacts with KungFuMoney.
We are the data controller for the personal data described in this policy. We decide what data is collected and for what purpose. Our service providers act as data processors on our behalf, under written data processing agreements.
2. The short version
We try to collect as little personal data as is consistent with running the service.
- We use Google or Apple Sign-In for authentication. We do not store passwords.
- We collect the financial data you choose to enter (accounts, transactions, goals) so that the app can show it back to you and to anyone you share a household book with.
- We do not sell your data. We do not run ad networks. We do not use your financial data to train models.
- You can export everything we hold about you, in CSV format, from inside the app at any time.
- You can delete your account from inside the app at any time. Deletion takes effect 7 days after you schedule it. Backup copies are purged within 6 months.
- We host primary data in Canada under an EU adequacy decision. Backups are encrypted and stored in the United States under Standard Contractual Clauses.
- If you live in Ukraine, the EU, or the United Kingdom, you have specific legal rights described in section 11.
The rest of this document is the long version.
3. What personal data we collect
We collect personal data in two ways: data you give us, and data that is generated automatically as a side effect of using the service.
3.1 Data you give us
Profile data. When you sign in for the first time, we receive your name and email address from Google or Apple, depending on which sign-in method you choose. We also store your default and preferred display currency, your current book reference, and a setup-completion flag. We do not store passwords — authentication is handled entirely by Google or Apple, and we receive only an opaque identifier from them.
Financial data. When you use KungFuMoney, you enter financial information: account names and balances, transactions, transaction categories and subcategories, transfers between accounts, financial goals. We treat this as the most sensitive category of data we hold, even though it is not classified as "special category data" under GDPR Article 9.
Household sharing data. When you join or create a shared book ("household book") with another user (a "bookmate"), the other bookmates of that book can see your name and the contents of the shared book — including accounts attached to the book, transactions in the book, and goals attached to the book. They cannot see your personal accounts, your transactions outside the shared book, your email, or any other profile data.
Support correspondence. When you email us, we receive whatever you write, including your email address.
3.2 Data we generate or capture automatically
IP addresses. Our web server (nginx) logs the IP address of every request, for security, abuse prevention, and debugging. IP addresses also incidentally appear in error reports and product analytics, where present.
Session data. When you sign in, we create a session record (valid for 72 hours of inactivity) and a session cookie in your browser. The session cookie is strictly necessary for the service to function — without it, you would be signed out on every page load. No other cookies are set by KungFuMoney.
Application and error logs. Our application produces log entries for diagnostic purposes. Error reports may also be sent to our error-tracking service (Sentry) when something breaks. We apply scrubbing rules to remove emails and tokens from error reports before they leave our servers.
Product analytics. When you are signed in, we collect anonymized usage events through PostHog (hosted in Frankfurt, Germany) to understand which features are used and where the product can be improved. You can opt out of product analytics in your settings; doing so disables PostHog for your account on every device.
Traffic analytics. We use Plausible to count visitors to our marketing site. Plausible is cookie-free and does not store IP addresses or personal identifiers; it produces aggregate counts only. Because no personal data is collected, no consent banner is required.
Payment-related data. When you start a subscription, your card and billing details are entered directly into a checkout window operated by Paddle, our Merchant of Record. We never see or store your card number. We retain only the parts of the transaction needed to keep our own accounting records (described in section 5 below).
Backups. A copy of the main database is taken daily and uploaded to encrypted backup storage. Backups exist solely for disaster recovery and are not browsed for any other purpose.
3.3 What we do not collect
We do not request, collect, or store:
- Bank credentials, account numbers, or sort codes
- Card numbers or CVVs (these go directly to Paddle)
- Date of birth, home address, phone number, or government identifiers
- Device GPS location or device fingerprints
- Social media profile contents
- Information about anyone who is not you
We do not run advertising and do not share your data with advertising networks.
4. Why we collect each type of data, and our lawful basis
GDPR requires us to identify a specific lawful basis under Article 6 for each processing activity. The table below maps the data we collect to its purpose and basis. UK GDPR uses an identical framework; references to "Article 6(1)(x)" apply to both EU GDPR and UK GDPR.
| Data | Purpose | Lawful basis |
|---|---|---|
| Profile, OAuth identity, sessions | Identifying you and keeping you signed in | Article 6(1)(b) — performance of the contract you entered into when you signed up |
| Books, accounts, subcategories, transactions, goals | Core service — recording, displaying, and computing your finances | Article 6(1)(b) — contract performance |
| Bookmate records and join codes | Enabling shared household books | Article 6(1)(b) — contract performance |
| Export and import job records, generated export files | Fulfilling your right of access and portability | Article 6(1)(b) and Article 6(1)(c) — contract performance and legal obligation (Articles 15 and 20 GDPR) |
| Subscription state | Granting access to paid features | Article 6(1)(b) — contract performance |
| Invoice and billing records | Tax reporting under Ukrainian ФОП law | Article 6(1)(c) — legal obligation (Ukrainian Tax Code Article 102, statute of limitations for tax claims) |
| Transactional emails (e.g. trial reminders, payment notifications) | Telling you about events that affect your account | Article 6(1)(b) — contract performance |
| IP addresses in server logs | Security, abuse prevention, debugging | Article 6(1)(f) — legitimate interest in protecting the service |
| Application and error logs (Laravel, Sentry) | Diagnosing bugs and incidents | Article 6(1)(f) — legitimate interest in maintaining the service |
| Product analytics (PostHog) | Understanding feature usage and improving the product | Article 6(1)(f) — legitimate interest in product improvement; you can opt out at any time |
| Traffic analytics (Plausible, anonymous) | Understanding where our website visitors come from | Article 6(1)(f) — legitimate interest; no personal data is retained, so no consent is required |
| Support correspondence | Responding to your messages | Article 6(1)(f) — legitimate interest in providing support |
| Backups | Disaster recovery | Article 6(1)(f) — legitimate interest in data integrity |
We do not currently rely on consent (Article 6(1)(a)) for any processing, except where the law specifically requires it (for example, processing data about users under 16 — see section 8). We do not run a marketing newsletter; if we ever do, it will be opt-in only and will rely on consent.
5. How long we keep each type of data
We retain personal data only for as long as we need it for the purposes described above. Specific retention periods are listed below.
| Data | Retention |
|---|---|
| Profile data | Retained while you continue to use the service. Trial expiration without payment and lapse of a paid subscription do not trigger deletion — your data remains and you keep read-only access. See section 7 for the deletion mechanism. We commit to giving 30 days' notice via email before deleting any account for inactivity, and to a minimum dormancy threshold of 12 months before any such notice is sent. |
| OAuth identity records | Deleted at the same time as the profile |
| Sessions | 72 hours from your last authenticated request; revoked immediately on logout or profile deletion |
| Books, accounts, subcategories, transactions, goals | Until you delete them, or until your profile is deleted — except where another user's record references the same data (see section 7 on shared-interaction residue) |
| Export and import records | Deleted at the moment you download the file, or after 24 hours if the file is not downloaded |
| Generated export files (CSV/ZIP) | Deleted from disk at the moment of download, or after 24 hours |
| Uploaded import files | Deleted immediately after the import completes or fails |
| Subscription state | Until you delete your profile |
| Invoice and billing records | 5 years from the end of the accounting period, per Ukrainian Tax Code Article 102. This retention overrides your right to deletion for these specific records, as permitted by GDPR Article 17(3)(b). |
| IP addresses in nginx logs | Typically 7–14 days, capped by a 30 MB rolling log limit per container |
| Laravel application logs | 14 days, rotated daily |
| Sentry error logs | 90 days |
| PostHog product analytics events | 12 months |
| Plausible traffic analytics | Aggregated indefinitely; no personal data retained beyond the moment of collection |
| Support email correspondence | 2 years from last contact, then deleted |
| Database backups | Rolling retention: all backups 7 days, daily 16 days, weekly 4 weeks, monthly 6 months. After your profile is deleted, residual copies in backups are purged within a maximum of 6 months. |
6. Who we share data with
We do not sell personal data. We share personal data only with the service providers we depend on to run KungFuMoney, and only to the extent necessary for them to perform their service.
6.1 Subprocessors
| Subprocessor | Role | Location | Transfer basis |
|---|---|---|---|
| OVHcloud SAS | Application hosting and primary database storage | Beauharnois, Canada | EU Commission adequacy decision 2002/2/EC (Canada — commercial organizations subject to PIPEDA) |
| Paddle.com Market Ltd | Payment processing, Merchant of Record, tax collection and remittance | United Kingdom | EU adequacy decision for UK data transfers (2021); UK→Canada handled by Paddle's own DPA |
| Google LLC | Sign-In with Google authentication | Global | Standard Contractual Clauses (Google's standard DPA) |
| Apple Inc. | Sign in with Apple authentication | Global | Standard Contractual Clauses (Apple's standard DPA) |
| Backblaze, Inc. | Encrypted backup storage (B2) | United States | Standard Contractual Clauses (Backblaze DPA) |
| Functional Software, Inc. (Sentry) | Error and crash reporting | United States | Standard Contractual Clauses (Sentry DPA) |
| PostHog Inc. (PostHog EU) | Product analytics | Frankfurt, Germany (PostHog EU region) | No transfer outside the EEA — data remains in the EU |
| Plausible Insights OÜ | Anonymous traffic analytics for our marketing site | European Union | No transfer outside the EEA; no personal data processed |
| Resend, Inc. | Transactional email delivery (trial reminders, payment notifications, account events) | United States | Standard Contractual Clauses (Resend DPA) |
An up-to-date subprocessor list is also published at /legal/subprocessors. We will update that page when subprocessors change, and significant changes will also be reflected here.
6.2 Other recipients
We may also disclose personal data:
- To a competent court, tribunal, regulator, or law-enforcement agency, where we are required to do so by applicable law and a valid legal order
- To our accountant, for the limited purpose of producing the tax records required by Ukrainian ФОП law
- To a successor entity, if KungFuMoney is ever acquired or transferred — in which case we will notify you in advance and you will retain all the rights described in this policy
We do not share personal data with subsidiaries, parent companies, advertising partners, data brokers, or credit reporting agencies, because we have none of those relationships.
7. Deletion, shared books, and what survives
Because KungFuMoney supports shared household books, profile deletion is more nuanced than for a single-user service. We try to explain the actual behaviour rather than the legal-template version.
7.1 How to delete your account
There are two ways to delete your account:
- From inside the app. Go to Profile → Delete my profile, agree to the warning, and click Submit. You will be signed out immediately, and your account will be scheduled for permanent deletion 7 days from that moment. If you sign in again at any point during those 7 days, the scheduled deletion is automatically cancelled, and no further action is required. There is no separate "cancel deletion" button — signing in is the cancellation.
- By emailing us. Send a request to privacy@kungfumoney.app. We will verify your identity (typically by replying to your registered email address) and then schedule deletion, exactly the same way. We respond to deletion requests within 30 days, and usually within a few business days.
After the 7-day grace period ends, the cascade deletes your profile, authentication record, sessions, your books that have no other bookmates and no shared transactions, your accounts, your transactions, your goals, and your subscription state. Residual copies in encrypted backups are purged within a maximum of 6 months, as backups roll over.
Invoice and billing records are not deleted in the cascade — they are retained for 5 years under Ukrainian tax law, as described in sections 4 and 5.
7.2 What survives deletion: shared-interaction residue
If you participated in shared household books with other users — for example, you transferred money to an account that belongs to a bookmate, or you created a shared transaction visible to other bookmates — records of those shared interactions may continue to appear in those other users' financial history after your account is deleted.
We do this because another user's records are that user's data, and that user has an independent legitimate interest under GDPR Article 6(1)(f) in the integrity of their own financial history. Real-world precedent supports this: when you close a bank account, your former bank does not retroactively redact references to you from other customers' statements.
Concretely:
- Your own primary data — profile, authentication, your private accounts and transactions, your private goals — is deleted permanently in the cascade
- Accounts of yours that are referenced by another bookmate's transactions are retained as records with their owner reference set to null. The account label remains so that the other user's transaction history continues to make sense (e.g. "Transfer from Alice's Monobank" rather than "Transfer from [deleted account]"). Once no transaction references such an account, it is also deleted.
- Transactions you authored in a shared book remain visible to the other bookmates, with your owner reference set to null and locked against further editing
Your right of erasure under GDPR Article 17 reaches your own primary records. It does not extend to redacting your participation from another user's records, because those records are not your data.
7.3 If your trial ends or your subscription lapses
Your data is not deleted if your free trial expires without payment or if your subscription lapses. You retain read-only access to all your books, accounts, transactions, and goals indefinitely. You can also still export your data at any time. To restore write access, you may re-subscribe yourself, or you may continue to enjoy write access to any book where another bookmate has an active subscription.
This means we may continue to store your data even when you are not actively paying. If you want your data deleted, follow the steps in section 7.1.
8. Children
KungFuMoney is not directed at children. We do not knowingly collect personal data from anyone under the age of 16. If we become aware that we have collected personal data from someone under 16 without verifiable parental consent, we will delete that data promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at privacy@kungfumoney.app.
This 16-year threshold reflects the default age of digital consent under GDPR Article 8 and aligns with Ukrainian and UK practice. Some EU member states have set a lower threshold (down to 13); in those member states, the local threshold applies. We do not market to anyone under 18 in any case.
9. International data transfers
KungFuMoney is operated from Ukraine. Personal data is primarily stored in Canada, with additional processing carried out in the European Economic Area, the United Kingdom, and the United States.
| Transfer | Legal basis |
|---|---|
| Ukraine → Canada (primary storage with OVHcloud) | EU Commission adequacy decision 2002/2/EC. UK ICO adequacy regulations also recognise PIPEDA-covered Canadian organisations. |
| EU/UK users → Canada (primary storage) | Same EU and UK adequacy decisions as above |
| Ukraine → United Kingdom (Paddle payment processing) | EU Commission adequacy decision for UK data transfers (June 2021) |
| Ukraine → Germany (PostHog EU, product analytics) | No special safeguards required — EU is regarded as adequate under Ukrainian data protection practice |
| Ukraine/EU/UK → United States (Backblaze backups, Sentry, Resend) | Standard Contractual Clauses (Modules 2 and 3) included in each subprocessor's Data Processing Agreement, supplemented by encryption in transit and at rest |
Where Standard Contractual Clauses apply, we rely on those clauses together with the subprocessor's technical and organisational measures. We are happy to provide a copy of the relevant DPA on request to privacy@kungfumoney.app.
10. How we protect your data
Some of the technical and organisational measures we take:
- All traffic encrypted in transit using TLS 1.2 or higher
- Database backups encrypted at rest in Backblaze B2
- No passwords stored — authentication is delegated to Google and Apple
- Sessions invalidated immediately when you log out or schedule deletion
- PII scrubbing rules applied to error reports before they leave our infrastructure
- Application logs rotated with a 14-day window; container logs capped to a small rolling buffer
- Access to the production environment is limited to the founder; we do not have employees with access to user data
- Subprocessor DPAs in place with all parties listed in section 6
No security regime is unbreakable. If we discover a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours as required by GDPR Article 33, and notify affected users without undue delay where the breach is likely to result in a high risk under Article 34.
11. Your rights
You have a number of rights over the personal data we hold about you. The exact set of rights depends on the law that applies to you.
11.1 Rights available to everyone (regardless of jurisdiction)
You can:
- Access your data — see what we hold. Use Profile → Export all my data in the app for a complete export. You can also email privacy@kungfumoney.app for a copy.
- Correct your data — most fields can be edited directly in the app. For anything you cannot edit yourself, email us.
- Delete your data — use Profile → Delete my profile in the app, or email us. See section 7 for what happens.
- Withdraw consent, where any processing relies on your consent — currently this applies only to the product analytics opt-out in your settings
- Export your data in a portable format — the in-app export produces UTF-8 CSV files in a standard ZIP archive
11.2 Additional rights under EU and UK GDPR
If you are in the EU, EEA, or United Kingdom, you also have the right to:
- Restrict processing — ask us to limit how we use your data, for example while a correction is being investigated
- Object to processing based on our legitimate interests — including a right to object to product analytics processing (which you can also do via the in-app opt-out)
- Lodge a complaint with a data protection authority — see section 12
11.3 Rights under Ukrainian data protection law
If you are in Ukraine, you have rights substantially similar to the GDPR rights above under the Ukrainian Law on Personal Data Protection (No. 2297-VI), including the right to access, correct, and delete your personal data. You also have the right to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights (see section 12).
11.4 How to exercise your rights
For most rights, the fastest path is in the app itself. Where you need to contact us:
- Email: privacy@kungfumoney.app
- Response time: within 30 days, usually within a few business days
- Identity verification: for most requests we reply from your registered email address, which is sufficient. For high-risk requests (e.g. an exported copy of all your data sent to a different address), we may ask additional questions to verify your identity.
We will not charge you for exercising these rights, except in the rare case where a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse the request, as permitted by GDPR Article 12(5).
12. Supervisory authorities
You have the right to lodge a complaint with a data protection authority if you believe we have processed your data unlawfully. We would appreciate the chance to address your concern first via privacy@kungfumoney.app, but you do not have to contact us first.
- In Ukraine: Ukrainian Parliament Commissioner for Human Rights (Уповноважений Верховної Ради України з прав людини) — www.ombudsman.gov.ua
- In the United Kingdom: Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF — www.ico.org.uk — Tel: 0303 123 1113
- In the European Union: Your national data protection authority. A directory is maintained by the European Data Protection Board at www.edpb.europa.eu/about-edpb/about-edpb/members_en
13. Changes to this policy
We may update this policy from time to time to reflect changes in our services, our service providers, or applicable law. When we make a material change, we will:
- Update the Last updated date at the top of this page
- For significant changes affecting how we process your data, notify you via email at least 30 days before the change takes effect
The current version of this policy is always available at the URL where you are now reading it. Prior versions are available on request.
14. Contacting us
For anything related to privacy, data protection, or this policy:
Vitalii Mashchenko
Individual entrepreneur (ФОП) registered in Ukraine
Email: privacy@kungfumoney.app
For general support questions not related to privacy, please use the regular support contact channels available inside the app.