Groshi

Log in
Sign up

Privacy Policy

Effective Date: October 1, 2025

Last Updated: September 1, 2025

1. Who We Are

Groshi is operated by Avantis, s.r.o., a company registered in Slovakia.

Contact Information:

Company: Avantis, s.r.o.

Address: Pekna cesta 19, 83152 Bratislava, Slovakia

Email: [email protected]

Website: https://groshi.io

2. What This Policy Covers

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Groshi app and website. By using our services, you consent to the data practices described in this policy.

3. Information We Collect
3.1 Account Information

When you create a Groshi account, we collect:

  • Email address
  • Name (first and last)
  • Password (encrypted and stored securely)
  • Account creation date and method (direct registration, Google sign-in, or Apple sign-in)
3.2 Financial Data

Through our integration with Plaid, we collect:

Transaction data from your connected bank accounts, including:

  • Transaction amounts, dates, and descriptions
  • Merchant information
  • Transaction categories (assigned by your bank)

Account balances from connected accountsAccount information such as account type, account name, and financial institution

3.3 Technical Data

We automatically collect:

  • Device information (device type, operating system, browser type and version)
  • Location data (approximate location based on IP address)
  • Usage analytics through Google Analytics, including:
    • Pages visited and features used
    • Time spent in the app
    • Click patterns and user interactions
    • Marketing attribution data
3.4 Third-Party Authentication

If you sign in with Google or Apple, we receive:

  • Basic profile information (name, email address)
  • Authentication tokens (we do not receive your Google/Apple passwords)
4. How We Use Your Information
4.1 Primary Purposes

We use your personal information to:

  • Provide budgeting and financial tracking services
  • Categorize your transactions using AI-powered systems
  • Maintain and improve your account and user experience
  • Authenticate your identity and secure your account
4.2 Analytics and Improvement

We use aggregated, non-personally identifiable data to:

  • Analyze app usage patterns to improve our services
  • Conduct marketing attribution to understand how users find our app
  • Develop new features based on user behavior insights

Our legal basis for processing your personal information is your consent, which you provide when creating your account and accepting this Privacy Policy.

5. Data Sharing and Third Parties
5.1 Service Providers

We share your data with the following trusted third parties:

Plaid Inc.

  • Purpose: Secure connection to your bank accounts
  • Data Shared: transaction requests
  • Location: United States
  • Safeguards: Plaid is SOC 2 Type II certified and uses bank-level security

Google Cloud Platform

  • Purpose: Data hosting and storage
  • Data Shared: All application data (encrypted at rest and in transit)
  • Location: European Union data centers
  • Safeguards: Google Cloud complies with GDPR and ISO 27001

Google Analytics

  • Purpose: App analytics and marketing attribution
  • Data Shared: Usage patterns, demographic insights (anonymized)
  • Location: Global
  • Safeguards: Data is anonymized and aggregated
5.2 What We DON’T Do

We never:

  • Sell your personal information to third parties
  • Share your financial data with advertisers
  • Use your data for purposes other than providing our service
6. Data Security

We protect your information through:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Limited employee access on a need-to-know basis
  • Regular Security Audits: Ongoing monitoring and vulnerability assessments
  • Bank-Level Security: Partnership with Plaid provides institutional-grade protection
7. International Data Transfers

Your data may be transferred to and processed in countries outside your home country, including:

  • United States (Plaid processing)
  • European Union (Google Cloud hosting)

We ensure all international transfers comply with applicable data protection laws through:

  • Adequacy decisions where available
  • Standard Contractual Clauses (SCCs) with service providers
  • Appropriate technical and organizational safeguards
8. Your Privacy Rights
8.1 Rights for EU Residents (GDPR)

If you are located in the European Union, you have the right to:

  • Access your personal information
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing in certain circumstances
  • Data portability (receive your data in a structured format)
  • Object to processing based on legitimate interests
  • Withdraw consent at any time
8.2 Rights for California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it’s used
  • Delete personal information we have collected
  • Opt-out of the sale of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your privacy rights
8.3 Rights for Other Jurisdictions

Residents of other jurisdictions may have additional rights under local privacy laws. Contact us to learn more about your specific rights.

8.4 Exercising Your Rights

To exercise any of these rights:

  • Email us at: [email protected]
  • Include: Your full name, email address, and specific request
  • Response Time: We will respond within 72 hours
9. Data Retention
9.1 Active Accounts

We retain your personal information for as long as your account remains active and you continue using our services.

9.2 Account Deletion

When you delete your account:

  • Immediate deactivation: Your data is immediately deactivated in our systems
  • Complete deletion: All data is permanently deleted within 12 months
  • Legal obligations: Some data may be retained longer if required by law (e.g., anti-money laundering regulations)
9.3 Inactive Accounts

If your account remains inactive for an extended period, we will:

  • Send notification before any data deletion
  • Delete your data within 12 months of account inactivity
10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential functions: Authentication and security
  • Analytics: Google Analytics for usage insights
  • Performance: Optimizing app functionality

You can manage cookie preferences through your browser settings, though disabling certaincookies may limit app functionality.

11. Children’s Privacy

Groshi is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If you believe we have inadvertently collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make changes:

  • Notification: We will notify you via email or in-app notification
  • Effective Date: Changes take effect 30 days after notification
  • Continued Use: Your continued use constitutes acceptance of the updated policy
13. Data Breach Notification

In the unlikely event of a data breach:

  • Regulatory notification: We will notify relevant authorities within 72 hours
  • User notification: We will inform affected users without undue delay
  • Mitigation: We will take immediate steps to secure your data and prevent futher breaches
14. Contact Information

For privacy-related questions or requests:

Email: [email protected]

Address: Pekna cesta 19, 83152 Bratislava, Slovakia

15. Supervisory Authority

EU residents have the right to lodge complaints with their local data protection authority. You can find your local authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Company Information:

Avantis, s.r.o.
Pekna cesta 19
83152 Bratislava, Slovakia
Email: [email protected]
Website: https://groshi.io