Skip to content
Bluenex
Back to Bluenex
WalletWise

WalletWise Privacy Policy

Last updated: 10 May 2026

This page explains what WalletWise does with your information. We've kept it short and plain, because most privacy policies are neither. If anything below isn't clear, write to us at support@bluenex.org and we'll explain.

This policy covers the WalletWise mobile app, distributed on the Google Play Store under the package name io.walletwise.app. WalletWise is operated by Bluenex, a sole proprietorship registered with the Philippine Department of Trade and Industry (DTI).

The short version

  • WalletWise is a personal-finance tracker. The data you put into it (transactions, budgets, goals, debts, receipts) is yours.
  • An account is required to use the app. We sign you in through Supabase, our backend host. Your data is stored in your account.
  • Your app-lock PIN is hashed on your device. We never receive it.
  • Receipt photos are read by an offline text-recognition library on your phone (Google ML Kit). The OCR step never leaves your device. The compressed photo and the parsed details are then uploaded to your account so your receipts follow you between devices.
  • We don't sell your financial data. We don't share it with advertisers.
  • Free-tier users see ads supplied by Google AdMob. AdMob may collect advertising identifiers and similar data per Google's own policies.
  • Subscriptions are handled by Google Play Billing. We never see your card details.
  • You can export your data and delete your account at any time from inside the app. See our account-deletion page for the step-by-step.
  • We do not currently use any third-party analytics or crash-reporting service.

What we collect

We collect what you give us, plus the small amount of information that's required to run the app safely.

Information you give us

  • Account email and password. Required to sign in. Your password is stored as a hash by our authentication provider (Supabase Auth, also known as GoTrue). We never see the password itself.
  • Profile details. Optional fields you may fill in: full name, monthly income, income frequency, your preferred currency (one of 17 supported codes), and an avatar image link.
  • Financial records. Transactions you record, budget categories and limits, savings goals, recurring transactions, debts and debt payments, bonuses and how you allocate them, reminders you schedule, and merchant-to-category preferences the app learns from your edits.
  • Receipts. When you scan a receipt, we save a compressed photo (max 1200×1200 pixels, JPEG quality 75), the parsed merchant name, total, tax, line items, transaction date, and currency.
  • Subscription state. When you buy a premium subscription, Google Play sends a purchase token to the app. The app forwards it to a server-side function which validates it with Google and records your entitlement on your account.

Information collected automatically

  • Authentication metadata. Sign-in timestamps, refresh tokens, and the IP address of the device making each authentication request. This is standard for Supabase Auth and is used to keep your session valid and to protect your account from unauthorised access.
  • Device identifiers (when ads are shown). The Google Mobile Ads SDK and Google's User Messaging Platform (UMP) receive your device's advertising ID and similar signals when ads load. Premium subscribers have the SDK initialised in the background but never see banners. See Google's privacy policy for the details of what Google collects.
  • App diagnostics (in memory only). The app keeps a small in-memory log of premium-funnel events (e.g. "upgrade prompt shown") so it can decide what to show next on the same screen. The buffer is capped at 100 events and is cleared when you close the app. We do not transmit it. We may add anonymous, opt-in crash reporting in a future release; if and when we do, this policy and the app will be updated to say so clearly.

Information we do not collect

  • We do not request access to your contacts, SMS, call log, or precise location.
  • We do not connect to your bank or any financial institution.
  • We do not collect biometric data. The fingerprint or face unlock used by the app's "Unlock with biometrics" option is verified by your operating system; the result we receive is just yes or no.

What stays on your device

Some things never leave your phone:

  • App-lock PIN. When you set a PIN, we hash it on the device with PBKDF2 (a slow, salted hash) and store only the hash in your phone's secure storage. We never send the PIN, or its hash, to our servers.
  • Receipt OCR processing. The text-recognition step (turning a photo of a receipt into letters and numbers) runs entirely on your device using Google ML Kit. No image data leaves the phone for the OCR step itself.
  • App preferences. Theme choice, intro-completed flag, install date, launch counter, and short-lived cached image links — all kept in the device's preferences store.
  • Temporary files. Compressed copies of receipt photos created during scanning are written to the app's temporary directory and may persist there until the operating system cleans them up.

What we store on our servers

When you're signed in, the records described under "Information you give us" are saved to your account on Supabase, our backend host. Data is held in their Singapore region (ap-southeast-1), wherever you live.

  • Each row is tagged with your account ID. Database row-level security rules enforce that only your signed-in session can read or change your rows. You cannot see other users' data, and other users cannot see yours.
  • Receipt photos are stored in a Supabase Storage bucket called receipts, in a folder named with your account ID. They are served back to you through short-lived signed URLs (one-hour expiry) when you view them in the app — the photos are never publicly readable.
  • Connections to Supabase use HTTPS (TLS). Data at rest in Supabase is encrypted by their infrastructure.
  • We do not use end-to-end encryption. That means: in principle, our backend administrators have the technical ability to read data stored in your account. We do not access individual users' records except when investigating a support request you've raised, debugging a reported bug, or complying with a lawful request.

Receipts: a closer look

Because receipts are a confusing area, here it is in detail:

  1. You take or pick a photo. The app crops and compresses it.
  2. The compressed photo is passed to Google ML Kit's on-device text recognizer. Google states this runs offline; no image data leaves the device for OCR.
  3. The text is parsed locally to pull out the merchant, total, tax, currency, and line items.
  4. The compressed photo is uploaded to your receipts bucket on Supabase.
  5. The parsed details and a reference to the photo are saved as a row in your receipts table.
  6. When you delete a receipt, both the row and the photo are removed.

If you'd rather not store receipt photos on our servers, simply don't use the receipt-scan feature. The rest of the app works fine without it.

Subscriptions and payments

Premium subscriptions (around $2.99 / month and $19.99 / year, or local-currency equivalents shown by Google Play) are processed entirely by Google Play Billing.

  • We do not receive your credit card, debit card, or other payment details. Google does.
  • After a purchase, Google sends a purchase token to the app. The app forwards the token to a server-side function which asks Google whether the purchase is valid. If it is, your account's plan is set to premium.
  • Real-time developer notifications from Google Play (renewals, cancellations, refunds) are received by the same server-side function and used to keep your entitlement up to date.
  • If you want to cancel, request a refund, or change your payment method, you do so through Google Play's subscriptions screen — those controls live on Google's side, not ours.

Ads

For users on the free tier, WalletWise displays banner ads supplied by Google AdMob.

  • AdMob and Google's User Messaging Platform (UMP) collect data per Google's own privacy policies. This typically includes your advertising identifier and similar signals. See Google's privacy policy and how Google uses information from sites or apps that use Google services.
  • If you are in the European Economic Area, the United Kingdom, or any region where Google's UMP determines that consent is required, the app shows a consent form provided by Google before any personalised ad is requested. You can change your consent later from the app's Manage privacy options control (visible in Settings only when UMP says a decision is required).
  • Premium subscribers do not see banners. The Mobile Ads SDK is initialised in the background so that downgrading from premium back to free works without restarting the app, but no banner is constructed or rendered while a premium entitlement is active.
  • You can also opt out of personalised ads at the operating-system level. On Android: Settings → Privacy → Ads → Delete advertising ID (or Opt out of Ads Personalisation on older devices).

Third-party services we use

Service What we use it for Their policy
Supabase Account auth, database, file storage https://supabase.com/privacy
Google Play Billing Subscription payments https://policies.google.com/privacy
Google AdMob + UMP Ads to free-tier users; consent flow https://policies.google.com/technologies/ads
Google ML Kit (on-device) Receipt text recognition (runs offline) https://developers.google.com/ml-kit/terms
Google Fonts Loads the Inter typeface from Google's font CDN on first launch, then caches it https://developers.google.com/fonts/faq#privacy

We do not currently use any third-party analytics, crash-reporting, attribution, or tracking service. If we add one, we'll list it here and call it out in the app.

Your rights and choices

You can:

  • Export your data. Settings → Export. Generates CSV and PDF files of your transactions, budgets, goals, debts, recurring transactions, bonuses, and receipts. Saved to your device or shared via the system share sheet.
  • Edit or delete individual records. From the relevant screen in the app.
  • Change your currency. Settings → Currency. Supports 17 currencies; affects how amounts are displayed and exported.
  • Re-open the ads consent form. Settings → Manage privacy options (visible only when UMP determines a consent decision is required).
  • Delete your account. Settings → Delete account. Walks you through re-authentication and then calls a server-side function which removes your auth record and cascades the deletion through every table that holds your data — receipts, transactions, budgets, goals, debts, recurring transactions, bonuses, reminders, merchant preferences, and your stored receipt photos. The full step-by-step lives at our account-deletion page.
  • Uninstall. Removes all on-device data immediately. Server-side data is unaffected by uninstalling — use Delete account first if you want it gone.

We do not ask you to verify your identity beyond signing in. If you can't sign in to delete your account (for example, you've lost access to your email), write to support@bluenex.org with enough detail to confirm you are the account holder, and we'll help.

Children

WalletWise is not directed at children under 13, or under the equivalent minimum age in your country. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we'll remove it.

Security: what we do, and what we don't claim

We take reasonable steps to protect your data:

  • All connections to our backend use HTTPS (TLS).
  • Data at rest in Supabase is encrypted by their infrastructure.
  • App-lock PINs are hashed with PBKDF2 on your device before being stored. We never receive the PIN or its hash.
  • Database row-level security ensures other users cannot read or modify your rows.

We do not claim:

  • End-to-end encryption. Our administrators have the technical ability to read data stored in your account; we choose not to except for the support, debugging, and lawful-request reasons listed earlier.
  • Perfect security. No system is unbreakable. If we ever discover a breach affecting your data, we will notify affected users at the email on file as quickly as we can establish what happened.

International users and where data lives

WalletWise is available globally. Wherever you are, your data is stored in Supabase's Singapore region (ap-southeast-1). Sending your data to that region is a necessary part of using the app, and by signing up you agree to that transfer.

We do not currently make formal claims about compliance with any specific privacy regulation (such as the EU's GDPR or California's CCPA / CPRA). The rights and choices described above are available to all users regardless of location.

Changes to this policy

When we update this policy, we will:

  • Change the "Last updated" date at the top.
  • For material changes, surface a notice in the app the next time you open it.

If you continue to use WalletWise after a change, you accept the updated policy. If you don't agree to a change, you can delete your account from inside the app.

Who we are, and how to reach us

WalletWise is built and operated by:

Bluenex A sole proprietorship registered with the Philippine Department of Trade and Industry (DTI). Email: support@bluenex.org

We answer privacy questions at the same address.

All Bluenex policies →