MonBloom — Privacy Policy
Effective date: March 25, 2026
Last updated: March 26, 2026
The short version
MonBloom does not collect or share your personal or financial data with third parties. Your transactions, balances, and categories are stored on your device and, if you are signed into iCloud, automatically synced to your private iCloud account using Apple's CloudKit. This sync is encrypted and managed entirely by Apple — MonBloom has no access to your iCloud data. We use Firebase Analytics and Crashlytics to collect anonymous usage statistics and crash reports — with no user identifiers and no financial information.
Data Controller
MonBloom is developed and maintained by Gilmar Quinelato, an independent developer based in the United Kingdom. For any privacy-related inquiries, contact: gilmarsquinelato@gmail.com
Data We Do NOT Collect
MonBloom does not collect:
Personal information (name, email, phone number)
Financial data (transaction names, amounts, balances, categories)
Location data
Advertising IDs
User accounts or login credentials
Data We DO Collect
MonBloom uses Google Firebase Analytics and Firebase Crashlytics to collect limited, anonymous data that helps us improve the app:
Usage events: Which screens you visit, which features you use (e.g. "a transaction was created" or "a receipt was scanned"), and general interaction patterns. These events include metadata such as transaction type (income/expense), currency code, and recurrence type — but never transaction names, amounts, descriptions, or any content you enter.
Crash reports: Stack traces, device model, OS version, and app state at the time of a crash.
Standard Firebase metadata: App version, session duration, country (derived from IP, not stored), and device type.
No user identifiers are assigned. We do not use Firebase's user ID features, and we do not link analytics data to any individual user. No financial data — amounts, balances, merchant names, or category names — is ever transmitted.
Legal Basis for Processing
MonBloom processes your financial data exclusively on your device for the sole purpose of providing you with the app's functionality. Under UK GDPR (Article 6(1)(b)), this processing is necessary for the performance of the service you chose to use.
For anonymous analytics and crash reporting, the legal basis is legitimate interest (UK GDPR Article 6(1)(f)) — specifically, our interest in understanding app stability and feature usage to improve the product. Since no personal data or user identifiers are collected through analytics, the impact on your privacy is minimal.
On-Device Processing
All features — including AI-powered receipt scanning, voice parsing, and transaction categorization — run entirely on your device using Apple's built-in frameworks. No data is sent to third-party servers or APIs. If iCloud is enabled, your financial data is synced to your private iCloud account via Apple's CloudKit — this is an Apple first-party service governed by your Apple ID agreement and Apple's privacy policy.
Automated Decision-Making
MonBloom uses on-device AI to categorize transactions, parse receipts, and suggest classifications. This processing is fully automated but occurs entirely on your device — no data is shared externally. These automated features assist with data organization only and produce no legal or similarly significant effects on you. You can review, edit, or override any AI-generated suggestion before saving.
Camera & Photo Library
MonBloom may request access to your device's camera or photo library for receipt scanning. Images captured or selected are processed locally on your device and are never transmitted, uploaded, or stored outside the app's sandbox.
Data Storage
Your financial data is stored locally on your device using Apple's SwiftData framework. If you are signed into iCloud, your data is also automatically synced to your private iCloud account via Apple's CloudKit service. This sync keeps your data consistent across all your Apple devices signed into the same iCloud account. The sync is managed entirely by Apple — MonBloom does not operate any servers and has no ability to read, access, or process your iCloud data. Apple encrypts CloudKit data in transit and at rest according to Apple's iCloud security overview.
Data Retention & Deletion
Your data exists on your device for as long as you use the app. If iCloud sync is active, a copy also resides in your iCloud account. To delete all local data, delete MonBloom from your device. To also remove data stored in iCloud, go to Settings → [your name] → iCloud → Manage Storage on your device and delete MonBloom's iCloud data. You may also delete individual transactions, categories, or records within the app at any time — these deletions sync across devices automatically.
International Data Transfers
If iCloud sync is active, your financial data is stored in Apple's data centres. Apple may store iCloud data in facilities located outside your home country, subject to Apple's own data processing practices and applicable law. Apple encrypts this data and manages transfers under its own agreements — MonBloom has no control over or access to Apple's infrastructure. For details, see Apple's iCloud security overview.
Anonymous analytics and crash data collected by Firebase may be processed on Google's servers, which are located in the United States and other countries. Google operates under Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework for international transfers. Since this data contains no personal identifiers or financial information, the privacy risk is minimal.
Third-Party Services
MonBloom integrates the following third-party services:
Google Firebase Analytics: Collects anonymous usage events to help us understand which features are used and how the app is navigated. No personal or financial data is included. Google's Privacy Policy
Google Firebase Crashlytics: Collects crash reports including stack traces and device information to help us identify and fix bugs. Firebase Data Processing Terms
MonBloom does not integrate any advertising, ad tracking, or user profiling services.
Note: Apple may also collect crash logs or device diagnostics if you have opted into those features at the operating system level. This is governed by Apple's own privacy policy and is outside MonBloom's control.
Import, Export & Share Extension
When you import CSV files, all processing happens locally on your device. Files are not uploaded to any server. When you export data as CSV, the file leaves the app's sandbox and is saved to a location you choose. Once exported, you are responsible for the security of that file.
MonBloom includes a Share Extension that allows you to send data to the app from other apps on your device. Data received through the Share Extension is processed and stored locally — it is never transmitted externally.
Notifications
MonBloom may send local notifications for transaction reminders you configure. These are scheduled entirely on your device using Apple's local notification framework. MonBloom also uses Apple Push Notification service (APNs) to receive silent notifications that trigger iCloud data sync — these do not display visible alerts and are managed by Apple as part of the CloudKit sync process.
Siri & Shortcuts
When you use Siri to interact with MonBloom, voice processing is handled by Apple according to Apple's own privacy policies. MonBloom receives only the structured intent result — never raw audio.
Do Not Track
MonBloom does not track users across websites or apps, does not serve advertising, and does not build user profiles. Anonymous analytics data is collected solely for product improvement and cannot be linked to any individual. Do Not Track browser signals are not applicable as MonBloom is a native app.
Your Rights
Since MonBloom does not collect or store any personal data externally, most data protection rights are inherently fulfilled. For transparency:
Access & Portability: All your data is visible and accessible within the app. You can export it anytime via CSV.
Rectification: You can edit any transaction, category, or record directly in the app.
Erasure: Delete individual records in the app, or delete the app entirely to remove all data.
Objection & Restriction: Anonymous analytics are collected under legitimate interest. You may object by disabling analytics at the OS level or by contacting us.
Complaint: Under UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). Under EU GDPR, you may contact your local data protection supervisory authority.
For California residents (CCPA/CPRA): MonBloom does not sell or share personal information, does not use personal information for cross-context behavioral advertising, and does not collect sensitive personal information. Anonymous analytics data does not constitute "personal information" under CCPA as it cannot be linked to any individual consumer or household.
Data Breach Notification
MonBloom does not store personal data externally. The anonymous analytics and crash data processed by Firebase cannot be used to identify individuals. In the unlikely event that a vulnerability in the app or its third-party services is discovered that could affect user data, we will promptly disclose it through an app update and, where required by applicable law (UK GDPR Art. 33–34), notify the ICO.
Children's Privacy
MonBloom does not collect data from anyone. The app does not require age-gating because no personal data is collected, transmitted, or shared — regardless of the user's age. This applies equally under COPPA (United States) and UK/EU GDPR.
Governing Law
This policy is governed by the laws of England and Wales, without regard to conflict of law principles. For users in the European Economic Area, nothing in this policy affects your mandatory consumer protections or rights under EU GDPR. For users in California, nothing in this policy affects your rights under CCPA/CPRA.
Changes to This Policy
If this policy is updated, the new version will be published here with revised effective and update dates. Since MonBloom collects no data, meaningful changes are unlikely.
Contact
Questions about this policy? Reach us at gilmarsquinelato@gmail.com
MonBloom — Privacy Policy
Effective date: March 25, 2026
Last updated: March 26, 2026
The short version
MonBloom does not collect or share your personal or financial data with third parties. Your transactions, balances, and categories are stored on your device and, if you are signed into iCloud, automatically synced to your private iCloud account using Apple's CloudKit. This sync is encrypted and managed entirely by Apple — MonBloom has no access to your iCloud data. We use Firebase Analytics and Crashlytics to collect anonymous usage statistics and crash reports — with no user identifiers and no financial information.
Data Controller
MonBloom is developed and maintained by Gilmar Quinelato, an independent developer based in the United Kingdom. For any privacy-related inquiries, contact: gilmarsquinelato@gmail.com
Data We Do NOT Collect
MonBloom does not collect:
Personal information (name, email, phone number)
Financial data (transaction names, amounts, balances, categories)
Location data
Advertising IDs
User accounts or login credentials
Data We DO Collect
MonBloom uses Google Firebase Analytics and Firebase Crashlytics to collect limited, anonymous data that helps us improve the app:
Usage events: Which screens you visit, which features you use (e.g. "a transaction was created" or "a receipt was scanned"), and general interaction patterns. These events include metadata such as transaction type (income/expense), currency code, and recurrence type — but never transaction names, amounts, descriptions, or any content you enter.
Crash reports: Stack traces, device model, OS version, and app state at the time of a crash.
Standard Firebase metadata: App version, session duration, country (derived from IP, not stored), and device type.
No user identifiers are assigned. We do not use Firebase's user ID features, and we do not link analytics data to any individual user. No financial data — amounts, balances, merchant names, or category names — is ever transmitted.
Legal Basis for Processing
MonBloom processes your financial data exclusively on your device for the sole purpose of providing you with the app's functionality. Under UK GDPR (Article 6(1)(b)), this processing is necessary for the performance of the service you chose to use.
For anonymous analytics and crash reporting, the legal basis is legitimate interest (UK GDPR Article 6(1)(f)) — specifically, our interest in understanding app stability and feature usage to improve the product. Since no personal data or user identifiers are collected through analytics, the impact on your privacy is minimal.
On-Device Processing
All features — including AI-powered receipt scanning, voice parsing, and transaction categorization — run entirely on your device using Apple's built-in frameworks. No data is sent to third-party servers or APIs. If iCloud is enabled, your financial data is synced to your private iCloud account via Apple's CloudKit — this is an Apple first-party service governed by your Apple ID agreement and Apple's privacy policy.
Automated Decision-Making
MonBloom uses on-device AI to categorize transactions, parse receipts, and suggest classifications. This processing is fully automated but occurs entirely on your device — no data is shared externally. These automated features assist with data organization only and produce no legal or similarly significant effects on you. You can review, edit, or override any AI-generated suggestion before saving.
Camera & Photo Library
MonBloom may request access to your device's camera or photo library for receipt scanning. Images captured or selected are processed locally on your device and are never transmitted, uploaded, or stored outside the app's sandbox.
Data Storage
Your financial data is stored locally on your device using Apple's SwiftData framework. If you are signed into iCloud, your data is also automatically synced to your private iCloud account via Apple's CloudKit service. This sync keeps your data consistent across all your Apple devices signed into the same iCloud account. The sync is managed entirely by Apple — MonBloom does not operate any servers and has no ability to read, access, or process your iCloud data. Apple encrypts CloudKit data in transit and at rest according to Apple's iCloud security overview.
Data Retention & Deletion
Your data exists on your device for as long as you use the app. If iCloud sync is active, a copy also resides in your iCloud account. To delete all local data, delete MonBloom from your device. To also remove data stored in iCloud, go to Settings → [your name] → iCloud → Manage Storage on your device and delete MonBloom's iCloud data. You may also delete individual transactions, categories, or records within the app at any time — these deletions sync across devices automatically.
International Data Transfers
If iCloud sync is active, your financial data is stored in Apple's data centres. Apple may store iCloud data in facilities located outside your home country, subject to Apple's own data processing practices and applicable law. Apple encrypts this data and manages transfers under its own agreements — MonBloom has no control over or access to Apple's infrastructure. For details, see Apple's iCloud security overview.
Anonymous analytics and crash data collected by Firebase may be processed on Google's servers, which are located in the United States and other countries. Google operates under Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework for international transfers. Since this data contains no personal identifiers or financial information, the privacy risk is minimal.
Third-Party Services
MonBloom integrates the following third-party services:
Google Firebase Analytics: Collects anonymous usage events to help us understand which features are used and how the app is navigated. No personal or financial data is included. Google's Privacy Policy
Google Firebase Crashlytics: Collects crash reports including stack traces and device information to help us identify and fix bugs. Firebase Data Processing Terms
MonBloom does not integrate any advertising, ad tracking, or user profiling services.
Note: Apple may also collect crash logs or device diagnostics if you have opted into those features at the operating system level. This is governed by Apple's own privacy policy and is outside MonBloom's control.
Import, Export & Share Extension
When you import CSV files, all processing happens locally on your device. Files are not uploaded to any server. When you export data as CSV, the file leaves the app's sandbox and is saved to a location you choose. Once exported, you are responsible for the security of that file.
MonBloom includes a Share Extension that allows you to send data to the app from other apps on your device. Data received through the Share Extension is processed and stored locally — it is never transmitted externally.
Notifications
MonBloom may send local notifications for transaction reminders you configure. These are scheduled entirely on your device using Apple's local notification framework. MonBloom also uses Apple Push Notification service (APNs) to receive silent notifications that trigger iCloud data sync — these do not display visible alerts and are managed by Apple as part of the CloudKit sync process.
Siri & Shortcuts
When you use Siri to interact with MonBloom, voice processing is handled by Apple according to Apple's own privacy policies. MonBloom receives only the structured intent result — never raw audio.
Do Not Track
MonBloom does not track users across websites or apps, does not serve advertising, and does not build user profiles. Anonymous analytics data is collected solely for product improvement and cannot be linked to any individual. Do Not Track browser signals are not applicable as MonBloom is a native app.
Your Rights
Since MonBloom does not collect or store any personal data externally, most data protection rights are inherently fulfilled. For transparency:
Access & Portability: All your data is visible and accessible within the app. You can export it anytime via CSV.
Rectification: You can edit any transaction, category, or record directly in the app.
Erasure: Delete individual records in the app, or delete the app entirely to remove all data.
Objection & Restriction: Anonymous analytics are collected under legitimate interest. You may object by disabling analytics at the OS level or by contacting us.
Complaint: Under UK GDPR, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). Under EU GDPR, you may contact your local data protection supervisory authority.
For California residents (CCPA/CPRA): MonBloom does not sell or share personal information, does not use personal information for cross-context behavioral advertising, and does not collect sensitive personal information. Anonymous analytics data does not constitute "personal information" under CCPA as it cannot be linked to any individual consumer or household.
Data Breach Notification
MonBloom does not store personal data externally. The anonymous analytics and crash data processed by Firebase cannot be used to identify individuals. In the unlikely event that a vulnerability in the app or its third-party services is discovered that could affect user data, we will promptly disclose it through an app update and, where required by applicable law (UK GDPR Art. 33–34), notify the ICO.
Children's Privacy
MonBloom does not collect data from anyone. The app does not require age-gating because no personal data is collected, transmitted, or shared — regardless of the user's age. This applies equally under COPPA (United States) and UK/EU GDPR.
Governing Law
This policy is governed by the laws of England and Wales, without regard to conflict of law principles. For users in the European Economic Area, nothing in this policy affects your mandatory consumer protections or rights under EU GDPR. For users in California, nothing in this policy affects your rights under CCPA/CPRA.
Changes to This Policy
If this policy is updated, the new version will be published here with revised effective and update dates. Since MonBloom collects no data, meaningful changes are unlikely.
Contact
Questions about this policy? Reach us at gilmarsquinelato@gmail.com