Privacy Policy for Stashly
Last Updated: March 2026
1. Introduction
Stashly is a privacy-first personal finance tracker. Our core philosophy is that your financial data belongs to you and only you. The app is designed to operate without any cloud dependency, ensuring sensitive information remains under your direct control.
2. Data Collection and Usage
Stashly follows a Zero Data Collection policy:
- Personal Information: No account registration or login is required. We do not collect names, emails, or any identifying information.
- Financial Data: All financial records (providers, accounts, transactions, and balances) are entered manually and stored exclusively on your device.
- Third-Party Access: We do not use third-party analytics, telemetry, or advertising SDKs with access to your data.
3. Data Storage and Security
We employ industry-standard security measures:
- Local Storage: All data is persisted locally using encrypted storage via LocalForage.
- Encryption at Rest: Data is encrypted using AES-256-GCM. The encryption key is generated on your device and stored securely in the native iOS Keychain or Android Keystore. This key never leaves the device.
- Biometric Authentication: If enabled, the app uses native APIs (Face ID, Fingerprint) for access control. No biometric data is ever read or stored by the app.
4. Backup and Portability
- User-Initiated Backups: You may explicitly export your data as an encrypted snapshot.
- Encryption: Backups are protected with a password of your choice using PBKDF2 (100,000 iterations) and AES-256-GCM encryption.
- Cloud Services: If you upload your encrypted backup to a third-party service (e.g., iCloud, Google Drive), it remains encrypted and inaccessible without your specific password.