Privacy Policy

Last updated: 12 May 2026

This Privacy Policy describes how inputIn ("we", "us", "the app") collects, uses, stores, and shares your personal information when you use our progressive web app at inputin.app. We've written it in plain language and tried to avoid legalese where possible.

🔒 We are committed to protecting your data. Your financial information is yours. We don't sell it, share it with advertisers, or use it to train AI models. The transaction data you enter stays under your control — local-first, with optional encrypted cloud sync. Below are the details, in plain language. You always have the controls to opt out, export, or delete at any time.

TL;DR: Your transaction data lives on your device by default. If you sign in, an encrypted copy syncs to our Cloudflare backend so you can access it on multiple devices. We use third-party product analytics and AI parsing providers to make the app work — both are described below. We don't sell your data, ever. You can export or delete everything any time.

1. Who we are

inputIn is operated by Allesandro Yudo, an independent developer based in Indonesia. For privacy questions, data export requests, or account deletion, contact us at [email protected].

2. What data we collect

2.1 Data you provide directly

Account information (only if you sign in): your email address, optional display name. We use a magic-link login flow — no passwords are stored.
Transaction data: dates, amounts, categories, transaction names, account labels, and notes that you enter manually or via the AI Chat Bot. This is your data; it stays under your control.
Receipts and chat attachments: images, PDFs, or Word documents you upload via the Chat Bot for OCR / parsing. These are sent to our AI processor (see §4) and not retained on our servers after processing.
Settings and preferences: language, currency, theme, notification toggles.

2.2 Data we collect automatically

Product analytics events: page views, feature usage (chat sends, transaction saves, settings toggles), PWA install events, signup funnel steps. Captured via our third-party product analytics provider.
Session recordings (currently 100% sample rate, free tier): anonymized recordings of UI interactions to help us debug issues and improve UX. We never capture password fields, OTP entries, or payment information (when payment flows are added).
Device + browser metadata: browser type, operating system, screen size, approximate location (city level, derived from IP address).
Acquisition attribution: UTM parameters and referrer URL on first visit, used to understand how users find us.

3. Why we collect it

Purpose	Data used	Legal basis
Provide the core service (recording your transactions, syncing across devices)	Account info, transaction data, settings	Contract performance
AI parsing of chat input + receipt images	Chat text, attached files	Contract performance + your consent (when uploading)
Product improvement, debugging, fraud prevention	Analytics events, session recordings, device metadata	Legitimate interest (you can opt out — see §7)
Email magic-link delivery	Email address	Contract performance
Push notifications (daily / weekly summaries, budget alerts)	Push subscription endpoint, locale, timezone	Your consent (opt-in)

4. Third parties we share data with

We use a small number of service providers (called "data processors" in GDPR language) to operate the app. Each only receives the data they need for their function. The table below describes them by category; the current vendor list is available at the bottom of this page (see "Sub-processors (technical reference)" below) and will be updated whenever it changes.

Processor category	Purpose	Data shared	Region
Cloud hosting + sync infrastructure	Web hosting, backend API, encrypted cloud sync, DDoS protection, content delivery	All data stored server-side: account info, transactions, settings, push subscriptions	Global edge network; primary residency in nearest data center to the user
Product analytics partner	Aggregated event analytics, opt-in session recordings, funnel + retention analysis	Analytics events, device + browser metadata; user email + name only after sign-up	United States
AI / NLP processing partner	Natural-language parsing of chat messages and OCR on uploaded receipts	Chat text and uploaded images / PDFs you send to the Chat Bot	European Union
Transactional email service	Sending magic-link login emails	Email address, login link	United States

We do not sell your data, share it for advertising, or use it to train AI models. Our AI processing partner does not retain your input for model training under our commercial agreement.

Sub-processors may change as the service evolves. Material changes (a new processor handling user data, or a region change) will be notified in-app or by email at least 14 days before they take effect.

5. Where your data lives

On your device: a local copy of your transactions, settings, and chat history is kept in your browser's localStorage. This works offline. If you don't sign in, this is the only copy.
On Cloudflare KV (only if you sign in): an encrypted blob of your full state. Sync runs automatically when you make changes; you can manually pull the cloud copy from Settings → Account.
In your browser cookies + localStorage: an anonymous identifier (`distinct_id`) used by our analytics provider to recognize you across sessions, plus your session token if signed in.

6. How long we keep it

Transaction data: retained as long as your account is active. When you delete your account (Settings → Account → Sign out + Delete data), we wipe the cloud copy within 30 days.
Analytics events: retained by our analytics provider for up to 1 year, then aggregated/anonymized.
Session recordings: retained for 30 days, then auto-deleted.
Magic-link emails: our email delivery provider keeps email send logs for 30 days for delivery debugging.
Worker request logs: Cloudflare keeps abridged HTTP logs (no body content) for ~7 days for abuse / debugging purposes.

7. Your rights and choices

You have direct controls below to manage your tracking preferences and exercise your data rights. Changes take effect on your next visit to the app.

🛠️ Manage your data here

Tracking preferences

Product analytics

Events that help us improve the app (page views, button clicks, transaction saves). Doesn't include the contents of your transactions.

Session recordings

UI-interaction recordings (mouse moves, clicks) for debugging hard-to-reproduce bugs. Off by default — opt in only if you'd like to help us improve. Never captures passwords or OTP. Retained 30 days.

Your data rights

Export all your data

Download every transaction, account, budget, and goal as a JSON file. The same data the app stores in your browser.

Delete account + all data

Wipe local data, opt out of all tracking, and open an email to request the deletion of any cloud-synced copy. Permanent. Cannot be undone.

Other rights

Depending on your jurisdiction (GDPR, CCPA, Indonesian UU PDP), you may have rights to:

Access the personal data we hold about you
Correct inaccurate data
Request restriction or objection to certain processing
Data portability (we provide JSON export for this)
Lodge a complaint with your local data protection authority

To exercise any of these rights, email [email protected].

8. Security

We take reasonable measures to protect your data:

HTTPS everywhere (TLS 1.2+, HSTS-enforced).
Cloudflare's edge protection (DDoS mitigation, bot blocking).
Magic-link authentication (no password to leak).
Cloud-stored data is encrypted in transit and at rest by Cloudflare.
Rate limits on auth endpoints to prevent abuse.
Content Security Policy + standard security headers.

No system is perfectly secure. If you discover a vulnerability, please report it to [email protected] — we appreciate responsible disclosure and will credit you (with permission) once the fix ships.

9. Children

inputIn is not intended for users under 13 years old. If you believe a child has provided personal data to us, please contact us and we will delete the account.

10. International transfers

Some of our processors operate in jurisdictions outside Indonesia (US, EU). Where data is transferred internationally, we rely on each processor's standard contractual clauses or equivalent transfer mechanisms.

11. Changes to this policy

We may update this Privacy Policy as the app evolves (new features, new processors). The "Last updated" date at the top reflects the most recent change. Material changes (e.g., a new third-party processor handling your data) will be notified in-app or by email at least 14 days before they take effect.

12. Governing law

This policy is governed by the laws of the Republic of Indonesia, without prejudice to any mandatory user-protection laws applicable in your jurisdiction (such as GDPR for EU users, CCPA for California users).

Sub-processors (technical reference)

For users who want to know specifically which vendors operate each processor category above. We may swap providers within a category over time; this list is the current snapshot.

Category	Current vendor	Vendor's privacy policy
Cloud hosting + sync infrastructure	Cloudflare, Inc.	cloudflare.com/privacypolicy
Product analytics partner	PostHog, Inc.	posthog.com/privacy
AI / NLP processing partner	Mistral AI SAS	mistral.ai/terms#privacy-policy
Transactional email service	Resend, Inc.	resend.com/legal/privacy-policy

If we swap a vendor within a category and the new vendor materially changes how your data is handled (different region, different retention, etc.), we'll notify you at least 14 days before the change takes effect.