Privacy Policy

At WeTwo ("we," "our," or "us"), we are committed to protecting your privacy and ensuring the security of your financial data. This Privacy Policy explains how we collect, use, and protect your information when you use the WeTwo mobile application ("App").

1. Information We Collect

We collect several categories of information to provide our services:

• Account Information: Name, email, phone number, date of birth, gender, and profile picture (collected during registration via Email/OTP, Google, or Apple).
• Financial Data: Transactions, budgets, goals, savings entries, bills, investments, and payment methods you manually enter or import.
• SMS Data (Android only): With your explicit permission, we read SMS messages from recognized financial institutions to detect transactions. We do not store the full content of your SMS messages beyond the duration required for extraction.
• Uploaded Documents: Bank statements (PDF/CSV) you upload for AI-powered processing. Bank statements you upload are processed by Google Gemini AI for data extraction and are permanently deleted within 24 hours.
• Biometric Data: If enabled, Face ID/Touch ID is handled entirely by your device hardware. We never access, store, or transmit your biometric data.
• Usage Data: Device type, operating system version, and anonymous app usage patterns (via Airbridge) to improve the Service. Usage data collected via Airbridge may include device identifiers and session information for analytics and attribution purposes.
• Tracking Disclosure: We do not use cookies. Our analytics partner Airbridge may use device-level identifiers (IDFA/GAID) for attribution, which you can opt out of via your device settings.

2. How We Use Your Information

We use your data strictly for:

• Providing and maintaining the WeTwo services.
• Generating financial insights, budgets, and automated reports.
• Facilitating "Couples Mode" sharing based on your permission settings.
• Improving App performance and AI extraction accuracy.
• Sending transaction alerts and bill reminders (which you can opt-out of).

3. Data Storage and Retention

Your privacy is protected by the following retention policies:

• Financial Records: Retained for as long as your account is active. Deleted within 30 days of account closure.
• Uploaded Documents: Bank statements are stored in an encrypted temporary bucket for processing and are permanently deleted within 24 hours after data extraction.
• SMS Cache: Temporary data required for transaction detection is stored locally on your device and is not transmitted to our servers.
• Cloud Hosting: We use Supabase (AWS/Google infrastructure) for secure storage. All data is protected using Row-Level Security (RLS) to ensure only authorized users (you and your linked partner) can access specific fields.

4. Data Sharing and Transfers

No Sale of Data: We do not sell your personal or financial data to third parties.

• Linked Partner: Data is shared with your partner only to the extent you have granted permission in the app settings. When shared mode is active, each and every transaction falling under shared categories will be visible to your linked partner to facilitate joint financial tracking. Data sharing remains subject to the specific permission settings and link status you control within the app.
• Service Providers: We share necessary data with providers like Supabase (hosting) and Google Gemini (AI processing) to deliver our services.
• International Transfers: Your data may be stored and processed on servers located outside your home country (including the US and India) to utilize global cloud infrastructure.

5. Your Rights and Controls

Depending on your jurisdiction (e.g., GDPR, CCPA, Digital Personal Data Protection Act, 2023 (India)), you may have the following rights:

• Access and Portability: You can request a summary of the data we hold.
• Correction: You can update your profile and financial records at any time via App settings.
• Deletion: You can delete your account at any time. All personal data will be purged within 30 days.
• Consent Withdrawal: You can revoke SMS permissions or dissolve a Partner link at any time through your device or App settings.

6. Security

We employ industry-standard encryption for data in transit (TLS) and at rest (AES-256). We use secure authentication protocols (OAuth) for Google and Apple sign-ins. In the event of a data breach that affects your personal information, we will notify affected users within a reasonable timeframe as required by applicable law.

7. Children's Privacy

WeTwo is intended strictly for users 18 years and older. We do not permit children to sign into the app, and we do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected information from a minor, we will delete it immediately.

8. Changes to This Policy

We may update this policy from time to time. We will notify you of any material changes by posting the new policy in the App and updating the "Last Updated" date.

9. Contact Us

For questions regarding this Privacy Policy or to exercise your data rights, please contact:

Email: team@wetwo.tech