Data Retention & Deletion Policy
Last updated: 22 April 2026
Theia is a local-first app. Because we do not hold a server-side copy of your financial data, retention and deletion are controlled almost entirely by you, on your device. This policy explains how it works and what — if anything — is retained outside your device.
1. Data stored on your device
The following information is stored exclusively on your device, inside the application's sandbox:
| Data | Where | Retention |
|---|---|---|
| Transactions, categories, preferences | Local SwiftData database | Kept until you delete them or reset the app |
| AI assistant conversation history | Local SwiftData database | Kept until you clear the conversation or reset the app |
| Plaid access tokens (if you connect a bank) | iOS Keychain (encrypted by the system) | Deleted immediately when you disconnect the bank or reset the app |
| Cached currency exchange rates | Application support directory | Refreshed daily; cleared with the app |
We cannot access, export, or recover any of this data. It is under your sole control.
2. How to delete your data
In-app reset. Open Theia and go to Settings → Data → Delete All Data. This permanently deletes every local record — transactions, categories, AI conversations, Plaid tokens, cached rates.
Uninstall. Deleting the app from your iPhone removes all of its local data, including the Keychain entries scoped to the app. Note that some Keychain items may persist across reinstalls under iOS's default behaviour; the in-app reset is the most thorough way to clear them before uninstalling.
Disconnect a single bank. If you want to revoke Plaid access for a specific institution without deleting everything, use the corresponding option inside the app. This removes the access token and stops further data retrieval from that bank.
3. Data processed by third parties
When you use specific features, small amounts of data are transmitted to our processors. They retain that data under their own policies, which we summarise here for transparency:
- OpenRouter (and its inference partners Cerebras, Groq) — receives AI prompts containing your question, up to six previous messages of the current conversation, and a computed summary of the transactions relevant to the question (merchant names, amounts, dates, categories in cleartext). No account, user, or device identifier is sent; standard HTTP headers (User-Agent, Referer) travel with the request. Retention is governed by OpenRouter's privacy policy (openrouter.ai/privacy). Clearing the conversation inside the app deletes it from your device; it does not delete it from OpenRouter's logs.
- Plaid Inc. — when you connect a bank, Plaid retrieves data from your financial institution. Retention is governed by Plaid's End User Privacy Policy. You can revoke Plaid's access and request deletion of your Plaid records at my.plaid.com.
- Apple (StoreKit) — handles the subscription purchase and renewal. No financial data from the app is sent to Apple. Subscription and billing records are retained by Apple under its own policy and, where applicable, for Italian tax and accounting purposes (typically up to 10 years).
- Frankfurter API — receives only a date parameter to return public FX rates. No personal data is transmitted or retained on our behalf.
Requests concerning data held by these processors should be directed to them. If you need our assistance, write to info@davide.sh.
4. Why there is no "email us to delete" flow
Traditional retention policies include an email-based deletion request because the developer holds a copy of your account. Theia does not: there is no account and no server-side copy to delete. The deletion controls inside the app are the definitive mechanism. We keep the email address info@davide.sh available for privacy questions and for the rare cases in which our processors need to act on your behalf.
5. Legal and accounting exceptions
Where Italian or EU law requires us to retain limited records — for example invoices generated by the subscription purchase through Apple — those records are held by Apple and, where applicable, by us in summary form for up to 10 years (Article 2220 of the Italian Civil Code). These records do not include your transactions or any data from the app.
6. Review
This policy is reviewed at least annually and whenever the Service, its processors, or applicable law change materially. The "Last updated" date at the top of this page indicates the most recent review.
7. Contact
For any data-protection question, contact info@davide.sh.