Privacy Policy

Last updated: 22 April 2026

Theia is a local-first personal-finance app. It does not require an account, does not use analytics, and keeps your financial data on your device. This Privacy Policy describes the limited situations in which personal data is processed, by whom, and what rights you have.

1. Who we are

The Theia iOS application and the website gettheia.app are provided by Davide Gaglione, an individual developer based in Italy, acting as data controller within the meaning of Article 4(7) GDPR. Contact: info@davide.sh.

We are not required to appoint a Data Protection Officer under Article 37 GDPR, because our core activities do not involve large-scale systematic monitoring or large-scale processing of special categories of data. Privacy requests are handled directly by the data controller.

2. The local-first principle

Theia stores all of your financial information on your device only:

• Transactions, categories, and preferences are kept in a local database (SwiftData / SQLite) inside the application's sandbox.
• Sensitive tokens (for example Plaid access tokens, if you choose to connect a bank) are stored in the iOS Keychain, never in plaintext, and never synchronised off-device.
• We do not operate a server that stores a copy of your data. We do not use iCloud, CloudKit, or any cloud sync for your financial records.
• We do not create an account for you. You are not asked for an email, name, phone number, or any identifier in order to use the app.

Because we do not hold your financial data on our infrastructure, we cannot access it, export it, or share it with anyone. Uninstalling the app or using the in-app reset permanently removes it.

3. What actually leaves your device

A small number of features require the app to talk to external services. These are the only cases in which data leaves your device:

a. AI assistant (OpenRouter)

When you send a message to the in-app AI assistant, the app builds a prompt on your device and sends it to OpenRouter (openrouter.ai), which routes the request to an open-weight language model (currently Llama 3.3 70B Instruct) running on its inference partners (Cerebras as primary, Groq as fallback). Because answering your question requires context from your transactions, that context is included in the prompt. Specifically, each request contains:

• the text of your question;
• up to six previous messages from the current conversation (your questions and the assistant's replies), so the model can follow up;
• a computed summary of the data needed to answer — depending on the question this can include: merchant names in cleartext (e.g. "Starbucks", "Amazon"), transaction amounts and currency codes, dates, categories, recurring-payment patterns, and aggregate figures such as totals per category, daily averages, or savings rate;
• a short fixed system prompt in your app language, identifying the assistant as a financial helper for a privacy-first app. It does not contain anything about you.

We do not send your raw local database, your Plaid access token, your bank-account number, your name, your email, an installation identifier, or any advertising identifier. Standard HTTP headers travel with the request (User-Agent, which on iOS includes device model and OS version; an HTTP-Referer: https://gettheia.app; and an X-Title: Theia title). Merchant names are sent in cleartext without hashing or redaction — please keep this in mind when deciding which questions to ask. Responses are streamed back and stored locally in the chat history; clearing the conversation inside the app removes it from your device. We do not receive a copy; OpenRouter and its inference partners retain prompts and responses under their own privacy policies (openrouter.ai/privacy).

Legal basis: your consent, given by sending the message. You can avoid this processing entirely by not using the AI assistant.

b. Currency exchange rates (Frankfurter)

To convert amounts between currencies, the app fetches daily FX rates from the public Frankfurter API (frankfurter.app). These requests contain only a date parameter; no personal data is sent.

c. Bank connections via Plaid (optional, when enabled)

If and when you choose to connect a bank, the app uses Plaid Inc. (plaid.com) to retrieve account metadata (bank name, account type, masked account number), balances, and transactions on your behalf. Your online-banking credentials are entered inside Plaid's own interface and are never seen by the app. The access token returned by Plaid is stored in your device Keychain. From that token the app reads transactions directly into the local database on your device. Plaid acts as an independent data controller for the information it collects from your bank and its own End User Privacy Policy applies, available at plaid.com/legal. Legal basis: your consent and, to the extent required, performance of the contract you requested.

d. Subscription (Apple StoreKit)

Subscriptions are managed entirely by Apple's StoreKit framework. Apple handles the purchase and sends the app an anonymous entitlement confirming your subscription status. We do not receive your name, email, or payment details from Apple. Apple's own privacy practices apply, available at apple.com/legal/privacy.

4. What we do not do

• We do not use Google Analytics, Firebase, Mixpanel, or any other analytics SDK.
• We do not use Sentry, Crashlytics, or any third-party crash reporter.
• We do not use advertising identifiers or ad SDKs.
• We do not track you across apps or websites owned by other companies (see also Apple App Tracking Transparency).
• We do not sell your data, and we do not use your financial data to train AI models.
• We do not use your transaction data for automated decision-making producing legal or similarly significant effects (Article 22 GDPR).

5. Source of third-party data

When you use the Plaid feature, the transaction and balance data described in Section 3c is not collected directly from you — it is obtained from your bank through Plaid on your instruction. We disclose this in accordance with Article 14 GDPR.

6. International transfers

OpenRouter and Plaid are established in the United States. When data is transferred outside the European Economic Area we rely on appropriate safeguards, in particular the European Commission's Standard Contractual Clauses and, where available, the EU–US Data Privacy Framework.

7. Retention

Financial data stored on your device is kept for as long as you keep the app installed and does not choose to reset it. You can delete everything at any time from Settings → Data → Delete All Data inside the app, or by uninstalling the app. Disconnecting a bank removes the associated Plaid access token immediately. Message threads with the AI assistant are stored locally and can be cleared from within the app at any time. We do not hold server-side copies and therefore do not apply a separate retention period. See the Data Retention & Deletion Policy for full details.

8. Security

We apply industry-standard safeguards appropriate to a local-first app: TLS 1.2+ for all outbound network traffic, AES-256 encryption at rest for the iOS Keychain entries (managed by the operating system), code signing, and the principle of least privilege. Because your financial data is not stored on a server we control, the attack surface is limited to your own device. If we become aware of an incident that does affect personal data we process (for example a compromise of a third-party processor), we will notify the Italian Garante within 72 hours and, where the risk is high, inform you without undue delay, in accordance with Articles 33 and 34 GDPR.

9. Your rights (GDPR)

Because Theia does not hold a server-side copy of your data, most of your GDPR rights are fulfilled directly inside the app:

• Access and portability (Articles 15 and 20): your transactions are fully accessible inside the app, and you can generate a PDF report of them from Settings → Export report. If you need a machine-readable export (e.g. CSV or JSON), write to info@davide.sh and we will help.
• Rectification (Article 16): edit any record directly in the app.
• Erasure (Article 17): use Settings → Data → Delete All Data, or uninstall the app.
• Restriction and objection (Articles 18 and 21): stop using the AI assistant or disconnect your bank at any time.
• Withdraw consent: consent given for the AI assistant or for Plaid can be withdrawn at any time, without affecting the lawfulness of processing carried out before the withdrawal.

For the limited data handled by our processors (OpenRouter, Plaid, Apple, Frankfurter) you can also address those services directly under their own policies, or contact us at info@davide.sh and we will assist. You have the right to lodge a complaint with the Italian Garante per la protezione dei dati personali (garanteprivacy.it).

10. Interaction with AI (EU AI Act)

Pursuant to Article 50 of Regulation (EU) 2024/1689, we inform you that the in-app assistant is an artificial-intelligence system. Its responses are generated by third-party language models and may be inaccurate, incomplete, or misleading. They must not be relied upon for financial, legal, or tax decisions.

11. Children

Theia is not intended for children under 16. If you believe a child has used the app and you wish to have the corresponding device data deleted, the parent or guardian can do so immediately via Settings → Data → Delete All Data or by uninstalling the app.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified in-app before taking effect. The "Last updated" date at the top reflects the most recent revision.

13. Contact

Data controller: Davide Gaglione, Italy.
Email: info@davide.sh