Privacy Policy

1 Our Privacy Philosophy

• Single purpose: We collect your information solely so that the application can work for you. There is no other purpose.
• Your data is yours: We do not sell, rent, or share your information with third parties, advertisers, or data brokers. Ever.
• No advertising: Ventidue does not display ads or use your data for advertising profiling.

2 Information We Collect

To provide the service, we collect only what is necessary:

• Registration data: Name and email address, used to create and manage your account.
• Financial data: The information you voluntarily enter: transactions, balances, accounts, cards, budgets, subscriptions, brokers, and categories. We never access your actual bank accounts.
• Payment and subscription data: When you subscribe to a Premium plan, we collect the email you paid with (which may differ from your account email), the subscription identifier assigned by the processor, the payment status, and the next payment date. We do not store or access your credit or debit card data; these are processed directly by MercadoPago or dLocal Go under their own policies (see § 5).
• AI feature data (Magic Input): When you use Magic Input, we collect the text, voice transcription, and/or image you submit, together with the names and identifiers of your active accounts, cards, and categories, needed for the model to assign them to the transaction (see § 4).
• Quote data: Currency prices (ARS, USD, crypto) obtained from third-party public APIs (DolarAPI, Binance). This data is public and does not identify you.
• Technical data: IP address and device/browser type, collected automatically for the security and proper functioning of the service.

3 How We Use Your Information

• Service provision: We use your financial data to display charts, calculate totals, generate reports, and maintain your history within the app.
• Security and authentication: Your email is used to send you verification codes (OTP) and security alerts about your account.
• Subscription processing: When you subscribe to or manage a Premium plan, we use the data needed to set up the recurring charge, verify the payment status, and keep you informed about your subscription.
• AI processing: When you use Magic Input, we send the data described in § 2 to the external AI provider to interpret your input and return a transaction suggestion (see § 4).
• Service improvement: We may use aggregated and anonymous technical data to identify errors and improve the performance of the app.
• Never for advertising: We do not use your information to show you ads, for commercial profiling, or to share with third parties for marketing purposes.

4 Artificial Intelligence Processing

Ventidue offers the Magic Input feature, which uses artificial-intelligence models provided by Google (Gemini API) to interpret the transactions you enter via text, voice, or image.

• What is sent to the AI provider: The text, voice transcription, and/or image you submit; the names and identifiers of your active accounts, cards, and categories (without balances); and the current date.
• What is NOT sent: Balances, transaction history, contact data, payment data, or investment/portfolio information.
• Retention by Ventidue: We do not retain the inputs sent to the model beyond the time required to process the request and return the result.
• Retention by the provider: Google processes the data under its own terms for the Gemini API, which can be reviewed on its official website.
• Your control: If you do not wish to use the AI feature, simply do not activate it. The rest of the application works normally without sending data to AI providers.

5 Payment and Subscription Data

To process Premium plan subscriptions, Ventidue works with two external payment processors:

• MercadoPago: Processes payments in Argentine pesos for users in Argentina.
• dLocal Go: Processes international payments in U.S. dollars.
• What we share with the processor: Your email, the chosen plan and its amount, and an internal identifier of your Ventidue account to reconcile the payment.
• What we receive back: The subscription identifier, the payment status (authorized, pending, cancelled, failed), the email you paid with, and the estimated next billing date.
• What we do NOT store: Card number, expiration, security code, or any other sensitive payment data. These are processed and stored solely by the processor under its own privacy policy and PCI-DSS standards.
• Legal basis: We process this data based on contractual necessity (managing your subscription) and, where applicable, legal obligation (accounting records and fraud prevention). By subscribing to a paid plan, you expressly consent to the transfer of the necessary data to the chosen processor.

6 Storage, Security, and Infrastructure

We protect your information with industrial-grade security standards:

• Full isolation (RLS): We use Row Level Security in our database, which technically guarantees that no user can access another user's data.
• Encryption: All communication between your device and our servers is encrypted with SSL/TLS. Data at rest is also encrypted.
• Defense in depth: Database triggers prevent unauthorized modification of sensitive fields such as your subscription plan or payment status.

Your information is hosted and processed with the following providers:

• Supabase (on AWS): Database, authentication, and serverless functions.
• Vercel: Web application hosting.
• Cloudflare: CDN, protection, and hosting of the public site.
• MercadoPago: Payment processing in Argentine pesos.
• dLocal Go: International payment processing.
• Resend: Transactional email delivery (OTP codes, Premium welcome, cancellation confirmation).
• Google (Gemini API): Processing of the Magic Input feature.
• DolarAPI / Binance: Public quotes (no user personal data is sent).

International transfer: By using Ventidue, you consent to the international transfer of your data to these providers, in compliance with article 12 of Argentina's Personal Data Protection Law 25.326. Such providers offer adequate levels of protection in accordance with their jurisdiction.

7 Local Storage (Offline Mode)

So that Ventidue works quickly and even without internet, we store part of your information on your own device:

• Technology: We use IndexedDB, a local browser/app storage, to securely save your data on your device.
• Sync queue: Changes made offline are stored locally and automatically synchronized with the cloud when you regain internet access.
• Your responsibility: It is the user's responsibility to protect physical access to their device. Do not manually clear your browser data if you have operations pending synchronization.

8 Communications

• Security emails: You will receive automatic security emails, such as OTP codes to verify your identity at sign-in.
• Transactional subscription emails: When you subscribe, renew, or cancel a paid plan, you will receive automatic emails confirming the operation. These emails are essential and cannot be disabled while you maintain an active subscription.
• News and tips: Occasionally we may send you information about new features or financial organization tips.
• Your control: You can disable news emails at any time from Profile Settings within the app. Security and subscription transactional emails cannot be disabled, as they are essential to protect your account and keep you informed about your plan.

9 Your Rights (Law 25.326)

In compliance with Argentina's Personal Data Protection Law 25.326, you have the following rights over your data:

• Access: You may request at any time what personal data we hold about you.
• Rectification: You may correct incorrect data directly from the app or by requesting it via email.
• Cancellation: You may request the deletion of your account and all your data from Settings > Delete Account, or by writing to soporte@ventidue.app.
• Opposition: You may object to the processing of your data for purposes other than the provision of the service.
• Response time: We will address your request within a maximum of 30 business days from receipt.

The NATIONAL DIRECTORATE OF PERSONAL DATA PROTECTION (Supervisory Authority) has the power to handle complaints and claims filed in connection with non-compliance with personal data protection regulations.

10 Deletion and Right to Be Forgotten

• Deactivation: When you request the deletion of your account, it enters a 30-day deactivation period. During that time you can reactivate it if you change your mind.
• Permanent deletion: After day 30, the system performs a physical and irreversible deletion of all your personal and financial information from our database.
• Cancellation of associated subscription: If you have an active Premium subscription when deleting your account, you must cancel it beforehand from the "Subscription" section of your profile to avoid future charges. Deleting your Ventidue account does not automatically cancel the subscription at MercadoPago or dLocal Go.
• Minimum retention: We do not retain data beyond the time necessary to provide the service, except for minimum payment records that may be retained for the period required by applicable tax regulations.

11 Minors

• Minimum age: Ventidue is intended for people over 13 years of age. We do not intentionally collect data from minors under that age.
• If you are a parent or guardian: If you detect that a minor has created an account, you can request its immediate deletion by writing to soporte@ventidue.app.

12 Changes to this Policy

We may update this Privacy Policy occasionally. We will notify you of any significant changes through a notice within the app or by email. Continued use of Ventidue after such changes implies your acceptance of the updated policy.

13 Governing Law

This Policy is governed by Argentina's Personal Data Protection Law 25.326 and its regulatory rules, without prejudice to the rights that may apply to you under the legislation of your country of residence.

14 Contact

If you have questions about this policy, want to exercise your rights, or need to report a problem related to your data, contact us at:

Email: soporte@ventidue.app