Nexpense logo Nexpense Back to home

Nexpense

Privacy Policy

Last updated: April 30, 2026

1. Controller

This Privacy Policy describes how personal data is processed when using Nexpense.

Controller:
sassential OÜ
Sepapaja tn 6, Lasnamäe district
Tallinn city, Harju county 15551
Estonia

Contact: hello[at]nexpense.app

2. Overview

Nexpense is a local-first personal finance application. Most data is stored directly on the user’s device and may be synchronized via Apple iCloud.

Certain features require temporary server-side processing, particularly for AI-based functionality such as transaction parsing and financial queries.

3. Data Processing

3.1 Data Stored on Device

The following data is stored locally:

  • Financial transactions (expenses, income, recurring entries)
  • Categories and metadata
  • Financial analytics and derived metrics
  • Location data (if enabled)
  • App configuration

This data may be synchronized via iCloud, which is operated by Apple.

3.2 Data Processed by Nexpense Servers

Nexpense processes limited data strictly for functionality:

  • Internal user identifier (UUID)
  • Apple Sign-In identifier (token reference)
  • Text inputs for transaction parsing
  • Audio recordings (voice input)
  • Transcribed text
  • AI request payloads (including selected transaction context in “Ask” mode)
  • AI responses and processing results
  • Rate limiting and security data

3.3 Audio Data

Audio recordings are temporarily stored in cloud storage (DigitalOcean, Singapore region) solely for transcription and processing purposes.

4. Purpose of Processing

Data is processed to:

  • Provide core functionality of the application
  • Parse transactions from natural language input
  • Enable AI-based financial queries
  • Enforce rate limits and prevent abuse
  • Maintain system reliability and recover failed requests

5. Data Retention

  • Server-side requests (text, audio, responses): stored for up to 72 hours, then automatically deleted
  • Audio files: deleted together with associated requests (within 72 hours)
  • Operational data: retained only as necessary for security and stability
  • Local data: remains on the device until deleted by the user

6. AI Processing

Nexpense uses OpenAI for AI-based features.

Data shared:

  • User-provided text inputs
  • Selected financial context required for processing

Data not shared:

  • User identifiers
  • Account identifiers

Additional safeguards:

  • Data is not used to train AI models
  • Processing is configured to prevent provider-side training usage

7. Infrastructure

Nexpense uses:

  • Cloud infrastructure hosted in Singapore (DigitalOcean)
  • Managed databases
  • Temporary object storage for audio processing

8. Analytics and Quality Assurance

Nexpense may occasionally collect anonymized samples of requests for quality assurance and service improvement.

  • Samples are not linked to identifiable users
  • Used solely to improve system accuracy and reliability

Nexpense may use analytics tools (e.g. PostHog) to improve performance and usability. Data collection is minimized and, where possible, anonymized.

9. Authentication

Authentication is handled via Apple Sign-In.

Nexpense stores:

  • Apple identifier (token reference)
  • Internal user identifier

This data is used exclusively for authentication, abuse prevention, and rate limiting.

10. Payments

Payments are processed exclusively via Apple In-App Purchases.

Nexpense does not process or store payment information.

11. User Rights (GDPR)

Users have the right to:

  • Access personal data
  • Request deletion
  • Restrict or object to processing
  • Request data portability

Since most data is stored locally, deletion can be performed directly within the app.

Server-side data can be deleted by:

  • Using the in-app deletion functionality
  • Contacting: hello[at]nexpense.app

12. Data Deletion

Nexpense provides an in-app mechanism to delete the account and associated data.

Upon deletion:

  • All server-side data is permanently removed
  • Stored requests and files are deleted
  • Access to the service is terminated

13. Security

Nexpense implements appropriate technical and organizational measures, including:

  • Encrypted data transmission (HTTPS)
  • Access control systems
  • Limited data retention policies
  • Isolated processing systems

14. International Data Transfers

Data is processed in Singapore. By using Nexpense, the user acknowledges that data may be transferred outside the European Economic Area.

Appropriate safeguards are applied where required.

15. Changes

This Privacy Policy may be updated at any time. Continued use of Nexpense constitutes acceptance of the updated policy.