Privacy Policy

1. Who We Are

Duori ("Duori," "we," "us," or "our") is an AI-powered personal budgeting application developed and operated by Nathan Kim. The app is available on iOS and Android and is directed at users in Canada and the United States.

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use the Duori mobile application and any related services (collectively, the "Service").

By using Duori, you agree to the collection and use of your information as described in this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

• Account information: Your email address and display name when you create an account.
• Sign-in provider data: If you choose to sign in with Apple or Google, we receive basic profile information (such as your email address and name) from that provider in order to create and secure your account. We do not receive your provider password.
• Photos and images: If you use the "Can I Afford This?" visual affordability check feature, you may upload or capture a photo of an item. These images are transmitted to our AI processing service and are not permanently stored by Duori after the analysis is complete.
• Chat messages: Your conversations with Duo, our AI companion, are stored to provide continuity in the chat experience and to allow Duo to reference your financial context over time.

2.2 Financial Information (Manual Entry)

Duori does not link to your bank or import data automatically. All financial information in the app is entered by you, and may include:

• Account names, types (chequing, savings), currencies, and balances you input manually
• Transactions you add manually, including merchant or description names, amounts, dates, and categories
• Income amounts and budget limits you set within the app

This information is stored securely in our database and is used solely to power Duori's budgeting and AI features.

2.3 Information Collected Automatically

• Device information: Device type, operating system version, app version.
• Push notification tokens: An Expo push token used to deliver spending alerts and Duo messages to your device.
• Subscription status: Whether you have an active subscription, trial, or access grant, retrieved through our subscription provider (RevenueCat) using an app-specific account identifier.
• Crash reports: If the app crashes, diagnostic information may be automatically collected to help us fix bugs.

3. How We Use Your Information

4. AI Features and OpenAI

Duo, our AI companion, is powered by OpenAI's API. When you send a message to Duo or use the visual affordability check, a prompt containing relevant context is sent to OpenAI's servers for processing.

Specifically, when you use Duo's AI chat features and have provided consent, the following data is included in the request sent to OpenAI:

• Account names, types, and balances
• Transaction history (last 60 days): merchant or description names, amounts, dates, and categories
• Spending summaries and top merchants
• Your recent chat messages in the current conversation
• Photos you choose to share (for the visual affordability check)

We send only the minimum data necessary to answer your question and do not include your full transaction history in every request.

OpenAI's data practices are governed by their privacy policy at openai.com/privacy. We use the API under an agreement that restricts OpenAI from using your data to train their models.

Images submitted for the affordability check are transmitted to OpenAI for vision analysis and are not stored by Duori after the response is delivered.

4.1 Consent and Revocation

AI features are optional. You can choose not to enable OpenAI data sharing during onboarding. If you have enabled AI features, you can revoke this consent at any time by going to Settings → Revoke AI data consent. Revoking consent disables the Duo chat feature until you re-enable it. Revoking consent does not delete any previously generated chat history.

5. How We Share Information

We do not sell your personal information. We share your data only in the following limited circumstances:

5.1 AI Processing (OpenAI)

When you use Duo's AI chat features and have provided consent, we send certain financial data and chat messages to OpenAI for processing. OpenAI operates under a data processing agreement that prohibits using your data to train their models. See Section 4 for details on what data is sent and how to withdraw consent.

5.2 Service Providers

We share data with trusted third-party service providers who help us operate the Service. These providers are contractually bound to use your data only to provide services to us:

• Supabase — database hosting and authentication (servers located in the United States)
• OpenAI, L.L.C. — AI language and vision processing
• RevenueCat, Inc. — subscription management and purchase validation
• Apple App Store / Google Play — subscription billing and payment processing (we never receive your full payment card details)
• Apple (Sign in with Apple) & Google (Google Sign-In) — optional account authentication
• Expo / EAS — app build infrastructure and push notification delivery

5.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Duori, our users, or the public.

5.4 Business Transfers

If Duori is acquired, merged, or substantially all of its assets are transferred, your information may be transferred as part of that transaction. We will notify you via email or in-app notice prior to your information becoming subject to a different privacy policy.

5.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

• Account and profile data: Retained until you delete your account.
• Transaction data: Retained for up to 24 months from the transaction date, or until account deletion, whichever comes first.
• Chat messages: Retained until you delete your account or manually clear your chat history in Settings.
• Spending alerts: Retained for 90 days after delivery.
• Images (affordability check): Not stored after the AI response is delivered. Ephemeral.

When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal or compliance purposes.

7. Security

We take the security of your financial data seriously and implement industry-standard measures including:

• All data transmission encrypted in transit using TLS 1.2 or higher
• Row-level security on our database so users can only access their own data
• Authentication tokens stored in iOS Secure Enclave / Android Keystore
• Backend services accessed only via authenticated API calls with service-role keys never exposed to the client

Despite these measures, no system is 100% secure. We cannot guarantee absolute security of your information. In the event of a data breach that affects your rights and freedoms, we will notify affected users and relevant authorities as required by applicable law.

8. Your Rights and Choices

Regardless of where you are located, you have the following rights with respect to your personal information:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request that we correct inaccurate or incomplete information.
• Deletion: Request deletion of your account and associated personal data. You can do this in the app under Settings → Account → Delete Account, or by emailing us.
• Portability: Request an export of your data in a machine-readable format.
• Withdraw AI consent: You can revoke your consent for sending financial data to OpenAI at any time via Settings → Revoke AI data consent in the app. This will immediately disable the Duo chat feature. You can re-enable it at any time from the same Settings menu.
• Object to processing: Object to certain processing activities.
• Opt out of notifications: Disable push notifications at any time in your device's notification settings or in the Duori app under Settings → Notifications.

To exercise any of these rights, contact us at nathan.arasuo@gmail.com. We will respond within 30 days (or the timeframe required by applicable law).

9. Canadian Users (PIPEDA & Quebec Law 25)

Duori operates in Canada and complies with the Personal Information Protection and Electronic Documents Act (PIPEDA) and, for users in Quebec, An Act respecting the protection of personal information in the private sector (Law 25 / Bill 64).

9.1 Consent

We collect your personal information with your knowledge and consent. By creating an account, you are providing informed consent to the collection and use of your information as described in this policy. You may withdraw consent at any time by deleting your account, subject to legal and contractual restrictions.

9.2 Purpose Limitation

We collect only the information necessary for the purposes identified in this policy. We do not use your information for purposes other than those for which it was collected, except with your consent or as required by law.

9.3 Cross-Border Transfers

Your information is processed and stored on servers located in the United States (Supabase, OpenAI, RevenueCat) and may be processed by the app store (Apple or Google) that handles your subscription. By using Duori, you acknowledge that your data will be transferred to and processed in the United States, which may have different privacy laws than your province or territory. We ensure such transfers are protected by appropriate contractual safeguards.

9.4 Quebec-Specific Rights (Law 25)

If you are a resident of Quebec, you have the following additional rights:

• The right to be informed of any automated decision-making that significantly affects you
• The right to request that automated decisions be reviewed by a person
• The right to request data portability in a technological profile format
• The right to lodge a complaint with the Commission d'accès à l'information (CAI) at cai.gouv.qc.ca

9.5 Privacy Officer

Our designated Privacy Officer can be reached at nathan.arasuo@gmail.com. You have the right to challenge our compliance with PIPEDA by contacting the Office of the Privacy Commissioner of Canada at priv.gc.ca or 1-800-282-1376.

10. United States Users (CCPA/CPRA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising. You do not need to opt out.
• Right to Limit Use of Sensitive Personal Information: We use sensitive personal information (financial data) only for the core purpose of providing the Service.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, submit a verifiable consumer request to nathan.arasuo@gmail.com. We will respond within 45 days.

Categories of personal information collected in the past 12 months: Identifiers (email), financial information (transaction data, account balances), and inferences drawn from financial data (spending categories, budget summaries).

We do not sell personal information. We do not share personal information with third parties for cross-context behavioral advertising.

11. Children and Minors

Duori is not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have collected personal information from a minor, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at nathan.arasuo@gmail.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Send a push notification or in-app message informing you of the change
• For significant changes, send an email to the address associated with your account

Your continued use of Duori after changes become effective constitutes your acceptance of the updated policy. If you do not agree to the updated policy, you must stop using the Service and delete your account.

13. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy, please contact us:

• Email: nathan.arasuo@gmail.com

We are committed to working with you to resolve any concerns about your privacy.