Product

OverviewHow It WorksFeaturesAI Money Agent

Features

Expense TrackingMonthly BudgetingSavings GoalsAI Money Agent

For

StudentsYoung ProfessionalsCouplesFamiliesFreelancersBeginner Investors
AboutFAQDownload App
Legal

Privacy Policy

This document explains how GALI collects, uses, and protects your personal data when you use our personal finance mobile application.

Last updated: March 2025Version 1.0 · Scope: Spain and international markets

Introduction

We recommend reading this policy carefully. GALI collects only the data necessary to provide its personal finance management service and applies principles of data minimization, transparency, and privacy by design.

Contents

1. Data controller2. Definitions3. Data we collect4. Purposes and legal basis5. How Artificial Intelligence works6. International data transfers7. Data retention8. Your rights9. Communications and notifications10. Data security11. Minors12. Cookies and similar technologies13. Changes to this policy14. Contact

1. Controller

Data controller

The controller of the personal data collected through the GALI application is:

FieldDetails
ApplicationGALI – Smart personal finance
Privacy contactgalifinancialapp@gmail.com
Privacy addressMadrid, Spain
Applicable legislationRegulation (EU) 2016/679 (GDPR) and LOPDGDD

2. Definitions

Key concepts

Personal data

Any information that identifies or can identify a natural person.

Processing

Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.

Data controller

The person or entity that determines the purposes and means of processing.

Data processor

A third party that processes data on behalf of the controller.

Consent

A freely given, specific, informed, and unambiguous indication by which the data subject agrees to the processing of their data.

GDPR

General Data Protection Regulation (EU) 2016/679.

LOPDGDD

Spanish Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights.

3. Data

Data we collect

3.1 Registration and account data

  • Email address.
  • User name or alias, if the user chooses to provide it.
  • Authentication data managed through Firebase Authentication (Google/Apple Sign-In or email).

3.2 Financial data entered by the user

GALI does not connect to any bank account and does not automatically obtain financial data from financial institutions. The financial data processed by GALI is exclusively the data that the user voluntarily enters or imports:

Manual entries

income, expenses, and transfers that the user records directly in the app.

Bank statements

files (PDF, CSV, or other formats) that the user voluntarily uploads to import transactions. These files are processed to extract entries and are not stored in their original format beyond what is necessary to complete the import.

iOS automation (Apple Pay / NFC)

iPhone users can configure an iOS Shortcuts automation to automatically record payments made with Apple Pay or NFC. This automation is optional, runs on the user’s device, and only sends GALI the transaction data (amount, merchant, date). GALI does not access bank account or card details.

3.3 Usage and analytics data

In order to understand how the app is used and improve the user experience, GALI collects usage data through PostHog analytics, including:

  • Screens and features visited.
  • Actions taken within the app, excluding the financial content of those actions.
  • Technical device information: model, operating system, app version, and language.
  • Anonymous session identifier.

3.4 Push notification data

If the user grants permission to receive push notifications, GALI stores the device notification token in order to send reminders and personalized financial alerts.

4. Purposes

Purposes and legal basis of processing

PurposeData usedLegal basis (GDPR)
Create and manage the user accountEmail, authentication dataPerformance of a contract (Art. 6.1.b)
Provide the personal finance management serviceEntries, statements, iOS automationPerformance of a contract (Art. 6.1.b)
Generate AI recommendations and analysisUser financial dataPerformance of a contract (Art. 6.1.b)
Usage analytics and product improvementAnonymized usage dataLegitimate interest (Art. 6.1.f)
Send push notificationsDevice tokenConsent (Art. 6.1.a)
Comply with legal obligationsThe data required in each caseLegal obligation (Art. 6.1.c)

5. AI

How Artificial Intelligence works

GALI includes an Artificial Intelligence (AI) agent that analyzes the user’s financial data in order to provide personalized recommendations, forecasts, and suggestions aimed at improving financial habits.

Individual-only use

The user’s financial data is used only to generate responses and recommendations for that same user. GALI does not use users’ financial data to train, fine-tune, or improve the underlying AI models.

No automated profiling with legal effects

AI recommendations are guidance only and do not constitute automated decisions with legal or similarly significant effects on the user within the meaning of Article 22 GDPR.

Privacy by design

The AI system is designed to work with the minimum amount of data needed to provide a useful service.

Transparency

The user may request information at any time about how the AI has processed their data by emailing galifinancialapp@gmail.com.

6. Transfers

International data transfers

To provide the service, GALI uses technology providers that may process data in countries outside the European Economic Area (EEA). The main ones are listed below:

ProviderFunctionCountrySafeguard
Firebase (Google LLC)Authentication and storageU.S.Standard Contractual Clauses (SCCs) adopted by the European Commission
MongoDB AtlasPrimary databaseU.S. / EUStandard Contractual Clauses (SCCs)
PostHogUsage analyticsU.S. / EUStandard Contractual Clauses (SCCs) / self-hosted EU instance
AI model providerRecommendation generationU.S.Standard Contractual Clauses (SCCs)

You can obtain more information about the safeguards in place by contacting us at galifinancialapp@gmail.com.

7. Retention

Data retention

Data categoryRetention period
Account data (email, authentication)While the account remains active + 30 days after deletion
Financial data (entries, statements)While the account remains active; deleted when the account is deleted
Usage data (analytics)12 months in individualized form; anonymized afterwards
Push notification tokenWhile permission remains active; deleted when revoked or when the account is deleted

8. Rights

Your rights

Under the GDPR and the LOPDGDD, you have the following rights regarding your personal data:

Access

Know what data we process about you, for what purpose, and for how long.

Rectification

Correct inaccurate or incomplete data.

Erasure ("right to be forgotten")

Request deletion of your data when, among other cases, it is no longer necessary for the purposes for which it was collected.

Restriction of processing

Request that we suspend the processing of your data in certain circumstances.

Portability

Receive your data in a structured, commonly used, machine-readable format and transfer it to another controller.

Objection

Object to processing based on legitimate interest, including profiling based on that ground.

Withdrawal of consent

Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal.

Not to be subject to automated decisions

Not be subject to decisions based solely on automated processing that produce significant legal effects.

To exercise any of these rights, send an email to galifinancialapp@gmail.com stating the right you wish to exercise and attaching a copy of your identity document, or any other means that allows us to verify your identity. We will respond within a maximum period of 30 days.

If you believe that the processing of your data violates applicable law, you may also lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

9. Communications

Communications and notifications

GALI communicates with the user exclusively through push notifications within the app. These notifications include:

  • Reminders to log financial entries.
  • Alerts about budget status, such as nearing the limit of a category.
  • Personalized suggestions and nudges from the AI agent.
  • Service notices, including important updates and app changes.

Push notifications require the user’s explicit consent, which is requested at installation or first use. The user may revoke this permission at any time from their device settings. GALI does not send marketing communications by email or SMS.

10. Security

Data security

GALI applies appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, or alteration. These measures include:

  • Encryption in transit using HTTPS/TLS for all communication between the app and servers.
  • Secure authentication managed by Firebase Authentication, including Google and Apple sign-in support.
  • Data storage in MongoDB Atlas with role-based access controls and encryption at rest.
  • Restricted access to production data under the principle of least privilege.
  • Periodic security reviews of dependencies and code.

In the event of a security breach that may pose a risk to the rights and freedoms of users, GALI will notify the competent supervisory authority within a maximum of 72 hours and, where appropriate, the affected users without undue delay.

11. Minors

Minors

GALI is intended for people over 16 years of age. We do not knowingly collect data from children under 16. In Spain, Article 7 of the LOPDGDD sets 14 as the minimum age for consent to data processing; GALI has adopted a more conservative threshold of 16 in line with recommendations from the European Data Protection Board.

If you become aware that a child under 16 has provided us with personal data, please notify us at galifinancialapp@gmail.com so that we can proceed with its immediate deletion.

12. Technologies

Cookies and similar technologies

GALI is a native mobile application and does not use cookies in the traditional sense. However, it uses equivalent technologies for the operation of the app:

Local device storage

to securely store user preferences and session tokens.

Session identifiers

to authenticate communications between the app and the server.

Analytics SDKs (PostHog)

to collect usage data in anonymized or pseudonymized form.

If GALI launches a website with cookies in the future, a specific cookie policy will be published there.

13. Changes

Changes to this policy

GALI may update this Privacy Policy at any time to reflect changes in the service, applicable law, or our data processing practices. When we make material changes, we will notify you through a push notification in the app or through a prominent notice when opening the application before the changes take effect. The date of the latest update will always be shown at the beginning of this document.

Continued use of the app after publication of the changes implies acceptance of the new version of the policy.

14. Contact

Contact

If you have any question, concern, or request related to this Privacy Policy or the processing of your personal data, you can contact us through:

FieldDetails
Emailgalifinancialapp@gmail.com
Suggested subject"Privacy – [your request]"
Response timeMaximum 30 calendar days from receipt of your request

GALI · Privacy Policy v1.0 · Madrid, Spain · March 2025 · galifinancialapp@gmail.com