Groshi

Log in
Sign up

Privacy Policy

Effective Date: June 17, 2026

Last Updated: May 18, 2026

1. Who We Are

Groshi is operated by Avantis, s.r.o., a company registered in Slovakia.

Contact Information:

Company: Avantis, s.r.o.

Address: Pekna cesta 19, 83152 Bratislava, Slovakia

Email: [email protected]

Website: https://groshi.io

2. What This Policy Covers

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Groshi app and website. By using our services, you consent to the data practices described in this policy.

3. Information We Collect
3.1 Account Information

When you create a Groshi account, we collect:

  • Email address
  • Name (first and last)
  • Password (encrypted and stored securely)
  • Account creation date and method (direct registration, Google sign-in, or Apple sign-in)
3.2 Financial Data

Through our integration with Plaid, we collect:

Transaction data from your connected bank accounts, including:

  • Transaction amounts, dates, and descriptions
  • Merchant information
  • Transaction categories (assigned by your bank)

Account balances from connected accountsAccount information such as account type, account name, and financial institution

3.3 Technical Data

We automatically collect:

  • Device information (device type, operating system, browser type and version)
  • Location data (approximate location based on IP address)
  • Usage analytics through Google Analytics, including:
    • Pages visited and features used
    • Time spent in the app
    • Click patterns and user interactions
    • Marketing attribution data
3.4 Third-Party Authentication

If you sign in with Google or Apple, we receive:

  • Basic profile information (name, email address)
  • Authentication tokens (we do not receive your Google/Apple passwords)

3.5 Feedback and Communications Data

When you submit feedback through in-app surveys, sentiment prompts, or open-text feedback forms, we collect:

  • Your responses to multiple-choice questions (e.g., what tracking tool you used before Groshi, what triggered you to start tracking)
  • Sentiment selections (e.g., “Loving it” / “It’s okay” / “Not great”)
  • Free-text feedback you provide (up to 500 characters per submission)
  • Submission context (transaction count, time since install, app version, platform, locale)

When you contact us via email, or reply to emails from our team, we collect the content of those communications and the email address from which you reply.

All in-app feedback prompts are optional and skippable. We do not require feedback to use Groshi.

Please avoid including personal information of other people (their names, contact details, financial information) in free-text feedback. If we identify such information during review, we will redact or delete it where feasible.

3.6 Pseudonymous vs Anonymous Data

Most analytics events we collect (including survey responses, sentiment selections, and feedback text described in Section 3.5) are linked to a pseudonymous user identifier — a randomly generated ID associated with your account. This data is pseudonymous, not fully anonymous, because we can link the identifier back to your account email when needed (for example, to respond to a data subject access request under GDPR). We treat all such data as personal data.

We use truly anonymous data (with no link to individual users) only in aggregated reports, such as country-level install counts or weekly retention summaries.

4. How We Use Your Information
4.1 Primary Purposes

We use your personal information to:

  • Provide budgeting and financial tracking services
  • Categorize your transactions using AI-powered systems
  • Maintain and improve your account and user experience
  • Authenticate your identity and secure your account
4.2 Analytics and Improvement

We use aggregated, non-personally identifiable data to:

  • Analyze app usage patterns to improve our services
  • Conduct marketing attribution to understand how users find our app
  • Develop new features based on user behavior insights

Our legal basis for processing your personal information is your consent, which you provide when creating your account and accepting this Privacy Policy.

PurposeLegal Basis
Improving Groshi via aggregated and individual feedback analysisLegitimate interest (GDPR Art. 6(1)(f))
Responding to specific feedback or support requestsPerformance of contract / legitimate interest (Art. 6(1)(b) / (f))
Storing open-text feedback you submitted via in-app formsConsent (Art. 6(1)(a)), provided by your submission
Sending feedback responses via emailLegitimate interest (Art. 6(1)(f))

4.4 Communications with You

We may contact you via the email address you provided at signup for:

  • Service communications — account verification, password resets, security alerts, transactional notifications. These are required for the operation of Groshi and cannot be disabled without deleting your account.
  • Feedback responses — when you submit feedback through in-app forms, a member of our team may reply to your registered email address to ask follow-up questions, share updates, or thank you.
  • Marketing communications — only with your separate, explicit opt-in consent. You may withdraw consent at any time via the unsubscribe link in any marketing email or by emailing [email protected].

Feedback responses are sent from [email protected] via our email service provider (Resend). When you reply to such an email, your message is delivered to the Groshi team inbox. If you do not wish to receive feedback responses, reply “STOP” to any such email or contact [email protected].

5. Data Sharing and Third Parties
5.1 Service Providers

We share your data with the following trusted third parties:

Plaid Inc.

  • Purpose: Secure connection to your bank accounts
  • Data Shared: transaction requests
  • Location: United States
  • Safeguards: Plaid is SOC 2 Type II certified and uses bank-level security

Google Cloud Platform

  • Purpose: Data hosting and storage
  • Data Shared: All application data (encrypted at rest and in transit)
  • Location: European Union data centers
  • Safeguards: Google Cloud complies with GDPR and ISO 27001

Google Analytics

  • Purpose: App analytics and marketing attribution
  • Data Shared: Usage patterns, demographic insights (anonymized)
  • Location: Global
  • Safeguards: Data is anonymized and aggregated

PostHog Inc. (United States; with subsidiaries Hiberly Ltd in the United Kingdom and PostHog GmbH in Germany) — product analytics, feature flags, and feedback storage. Receives a pseudonymous user identifier, event data, survey responses, and free-text feedback. Operates under a Data Processing Agreement. Privacy policy: https://posthog.com/privacy

Adapty Tech Inc. (Delaware, United States) — subscription management and paywall analytics. Receives a pseudonymous user identifier, subscription events, and purchase data. Operates under a Data Processing Agreement incorporated into Adapty’s Terms of Service. Privacy policy: https://adapty.io/privacy

Plus Five Five, Inc., doing business as Resend (United States) — transactional email delivery for team-to-user communications (feedback responses, support replies). Receives the recipient email address and message content. Operates under a Data Processing Agreement. Privacy policy: https://resend.com/legal/privacy-policy

CORDNET OÜ, doing business as Featurebase (Estonia) — linked feature request and roadmap board hosted at https://groshi.featurebase.app. If you choose to visit the board and post feature requests there, your submissions are governed by Featurebase’s own privacy policy. We do not automatically transfer feedback collected within the Groshi app to Featurebase. Privacy policy: https://help.featurebase.app/articles/4744036-privacy-policy

5.2 What We DON’T Do

We never:

  • Sell your personal information to third parties
  • Share your financial data with advertisers
  • Use your data for purposes other than providing our service
6. Data Security

We protect your information through:

  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Limited employee access on a need-to-know basis
  • Regular Security Audits: Ongoing monitoring and vulnerability assessments
  • Bank-Level Security: Partnership with Plaid provides institutional-grade protection
7. International Data Transfers

Your data may be transferred to and processed in countries outside your home country, including:

  • United States (Plaid processing)
  • European Union (Google Cloud hosting)

We ensure all international transfers comply with applicable data protection laws through:

  • Adequacy decisions where available
  • Standard Contractual Clauses (SCCs) with service providers
  • Appropriate technical and organizational safeguards
8. Your Privacy Rights
8.1 Rights for EU Residents (GDPR)

If you are located in the European Union, you have the right to:

  • Access your personal information
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing in certain circumstances
  • Data portability (receive your data in a structured format)
  • Object to processing based on legitimate interests
  • Withdraw consent at any time
8.2 Rights for California Residents (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it’s used
  • Delete personal information we have collected
  • Opt-out of the sale of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your privacy rights
8.3 Rights for Other Jurisdictions

Residents of other jurisdictions may have additional rights under local privacy laws. Contact us to learn more about your specific rights.

8.4 Exercising Your Rights

To exercise any of these rights:

  • Email us at: [email protected]
  • Include: Your full name, email address, and specific request
  • Response Time: We will respond within 72 hours

You can find more information about account deletion here.

9. Data Retention
9.1 Active Accounts

We retain your personal information for as long as your account remains active and you continue using our services.

9.2 Account Deletion

When you delete your account:

  • Immediate deactivation: Your data is immediately deactivated in our systems
  • Complete deletion: All data is permanently deleted within 12 months
  • Legal obligations: Some data may be retained longer if required by law (e.g., anti-money laundering regulations)
9.3 Inactive Accounts

If your account remains inactive for an extended period, we will:

  • Send notification before any data deletion
  • Delete your data within 12 months of account inactivity

9.4 Feedback Data Retention

  • Categorical survey responses and sentiment selections: retained for as long as your account is active; deleted within 12 months of account deletion (per Section 9.2).
  • Open-text feedback submissions: retained in our analytics platform (PostHog) for up to 12 months from the date of submission, then deleted or anonymized.
  • Email correspondence between you and our team: retained in our email service provider (Resend) for up to 30 days; retained in the Groshi team inbox per general email retention practices, but no longer than necessary for the purpose of responding.
10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential functions: Authentication and security
  • Analytics: Google Analytics for usage insights
  • Performance: Optimizing app functionality

You can manage cookie preferences through your browser settings, though disabling certaincookies may limit app functionality.

11. Children’s Privacy

Groshi is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If you believe we have inadvertently collected such information, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. When we make changes:

  • Notification: We will notify you via email or in-app notification
  • Effective Date: Changes take effect 30 days after notification
  • Continued Use: Your continued use constitutes acceptance of the updated policy

Material changes in the May 18, 2026 update: We have added disclosure of in-app feedback collection (surveys, sentiment prompts, open-text forms), team-to-user email communications, and additional third-party processors (PostHog, Adapty, Resend, Featurebase). Existing users will be notified by email at least 30 days before the new policy takes effect.

13. Data Breach Notification

In the unlikely event of a data breach:

  • Regulatory notification: We will notify relevant authorities within 72 hours
  • User notification: We will inform affected users without undue delay
  • Mitigation: We will take immediate steps to secure your data and prevent futher breaches
14. Contact Information

For privacy-related questions or requests:

Email: [email protected]

Address: Pekna cesta 19, 83152 Bratislava, Slovakia

15. Supervisory Authority

EU residents have the right to lodge complaints with their local data protection authority. You can find your local authority at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Company Information:

Avantis, s.r.o.
Pekna cesta 19
83152 Bratislava, Slovakia
Email: [email protected]
Website: https://groshi.io