Back to Nexmy home Language selector

Privacy Policy — Nexmy

Effective date: 27 April 2026

This Policy explains how Nexmy (the "App") processes data when you use the application.

Nexmy is designed as an offline-first personal finance app. Under normal use, your data stays on your device and is not sent to the Controller's servers. However, some optional features may rely on operating system services or third-party technical providers available on the device; in those cases, processing is also subject to that provider's own policies.

1) Data controller

2) Quick summary

• Nexmy does not require a user account.
• Financial data is normally stored locally on the device.
• Nexmy does not sell data, does not use advertising IDs and does not include the Controller's profiling analytics.
• Some permissions are optional and are used only for specific features such as card scanning, voice input, reminders, import/export and app lock.

3) What data the App may process

The App may process, mainly on the device, the following categories of data:

• financial data entered by the user, such as capital, income, expenses, recurring transactions, installment plans, budgets, goals, capital or savings accounts and related metadata;
• payment card or financial instrument data voluntarily entered by the user, including sensitive details stored locally only if the relevant feature is enabled;
• loyalty card data, such as store name, barcode/QR code, custom colour and notes;
• App preferences and settings, such as language, theme, currency, tutorial status, reminders, backup settings and display preferences;
• technical data needed for local operation, such as configuration keys, reminder state, onboarding flags and security-related metadata;
• files selected or generated by the user for import, export, backup, PDF/CSV reports or images used for scanning/OCR.

4) Permissions and optional features

Depending on the features you choose to use, Nexmy may request some device permissions:

• Camera: to take photos or scan loyalty card barcodes/QR codes and card images;
• Photos / device images: to select gallery images for scanning or as a profile image;
• Microphone: for voice input in Smarty AI;
• Notifications, alarms and device reboot events: for local reminders and Android reminder rescheduling;
• Files and sharing: to create backups, export PDF/CSV files and share files from the device;
• Biometrics or device unlock: for app lock, access to encrypted sensitive data and protection of local passphrases in the secure device keystore.

If you deny a permission, the App can still generally be used, but the related feature may be limited or unavailable.

5) How data is stored and for how long

• App data is stored locally using browser/WebView storage, local device databases and, when requested by the user, exported files saved on the device.
• Data remains available until it is deleted by the user, overwritten by an import/restore, removed when the App is uninstalled, or cleared from local storage.
• Exported backups and shared files remain in the path chosen by the user and are then managed by the operating system or the destination apps.

6) Backups, exports and local files

Nexmy may provide local backup, import and export features.

• Backups may be encrypted or protected by a passphrase when that option is enabled.
• Exported files may be saved in local device folders or passed to the native share sheet.
• Once a file is exported or shared, its handling depends on the device, the operating system and any apps chosen by the user.

7) Device services and third-party technical providers

Although Nexmy does not normally send data to the Controller's servers, some optional features may depend on services outside the Controller's direct control:

• Speech recognition: voice input may rely on speech services provided by the operating system, the browser or the relevant platform provider. Audio and transcripts may therefore be processed by that provider according to its own policies.
• Barcode scanning on Android: scanning may use on-device ML Kit components; the technical model required for scanning may be downloaded by the platform provider the first time it is needed.
• File sharing, cloud and system backups: if you choose to share a file, use phone cloud backups or browser/device sync, the related processing follows the external provider's policies.
• Service Worker / web cache: in the web version, technical components may be used to support offline operation and local caching.

For clarity: Nexmy does not currently use a Controller-managed backend to receive or automatically sync your financial data.

8) Data not intentionally processed by the Controller

• behavioural advertising;
• the Controller's profiling analytics;
• sale of personal data;
• continuous geolocation;
• access to device contacts or address book.

9) Legal bases

Where and to the extent required by applicable law, processing may rely on:

• performance of the requested service, to provide the App's features on the device;
• legitimate interests of the Controller in ensuring software security, technical integrity and reliability, limited to what is strictly necessary;
• consent / device-level authorization for optional permissions requested by the operating system, such as microphone, camera, notifications or biometrics.

10) Data sharing and international transfers

• Data is not normally communicated to the Controller's servers.
• Any transfers to third parties or outside the European Economic Area may depend only on the use of device services, speech providers, cloud services, share sheets or other platforms chosen or enabled by the user.
• Those processing activities are not directly controlled by the Controller and are governed by the relevant provider's own terms.

11) Your rights

Where applicable, you may exercise the rights provided by privacy law, including access, rectification, erasure, restriction, objection and portability.

Because most data stays local, many rights can be exercised directly by:

• editing or deleting data inside the App;
• deleting backups or exported files from the device;
• clearing the App storage or uninstalling the App.

For requests or questions: blacksharkdeveloper@gmail.com.

12) Security

Nexmy implements reasonable technical measures to reduce the risk of unauthorized access or accidental loss, for example local storage instead of remote sync in the current App features, validation on import/export and restore flows, local encryption of some sensitive data and backups, use of the secure device keystore when available, and optional app lock and privacy screen.

No security measure can guarantee absolute protection. You remain responsible for protecting your device, its unlock method, any exported files and any shared backups.

13) Changes to this Policy

This Policy may be updated to reflect technical, legal or functional changes to the App. The updated version will show a new effective date.