1. Who We Are
Nocito is a personal expense tracking mobile application developed and published by Nocito ("we", "us", "our"). The app is available on Android via Google Play.
You can contact us at: hello@nocito.app
2. What Data We Collect and How
Nocito is designed around a privacy-first architecture. The vast majority of data never leaves your device.
Data stored locally on your device only
| Data type | Where stored | Purpose |
|---|---|---|
| Expense records (amount, merchant, date, category, note) | Local SQLite | Core app functionality |
| Receipt images (photos, screenshots, PDFs) | Local storage | Reference and review |
| Audio recordings (voice dictation) | Local storage | Reference and playback |
| App settings and preferences | Local storage | App configuration |
| Onboarding consent timestamp | Local storage | Consent record |
Data sent to external services
| Data type | Service | Purpose | When |
|---|---|---|---|
| Sanitized OCR text (receipt text with personal info removed) | Google Gemini | AI expense categorisation | Every standard snap, import, or PDF scan |
| Audio recording | OpenAI Whisper | Voice-to-text transcription | Only when you use Dictate (v1.0). You are informed before first use. |
Important note about the privacy pre-filter: Before any text is sent to an AI service, Nocito automatically strips personal information from it — including names, addresses, Croatian OIB/JMBG numbers, phone numbers, and email addresses. Only amounts, dates, merchant names, and product names are sent. Your original receipt image is never transmitted.
Data we never collect
- We do not collect your name, email address, or any account information (there is no account in v1.0)
- We do not collect analytics, usage statistics, or crash reports
- We do not use advertising SDKs or tracking pixels
- We do not sync your data to any server (Free and Pro tiers, v1.0)
- We do not sell your data to anyone
3. Privacy Pre-Filter — Local Data Sanitisation
Every time Nocito sends text to an AI service, it first runs a local sanitisation process on your device. This process removes:
- Personal names (first and last name patterns)
- Physical addresses (street, house number, postal code, city)
- Croatian personal identification numbers (OIB) and JMBG numbers
- Phone numbers and email addresses
What it keeps: amounts, prices, dates, times, merchant and business names, product names, categories, and business VAT numbers.
This process runs entirely on your device before any network call is made.
4. Voice Dictation and Cloud Transcription
In v1.0, when you use the Dictate feature, your audio recording is sent to OpenAI's Whisper API for transcription. This is the only feature that sends audio data off-device.
We inform you of this clearly the first time you use Dictate, via an in-app disclosure modal. You can choose not to use Dictate and rely on Snap, Import, or Manual Entry instead — all of which are fully on-device.
After transcription, the resulting text is processed through the privacy pre-filter (section 3) before being sent to Gemini for expense extraction.
OpenAI's privacy policy applies to data processed by their Whisper service: openai.com/privacy
In v1.1, Nocito plans to introduce local on-device transcription, which will eliminate the need to send audio off-device for standard dictation.
5. Super Snap and Super Dictate (Pro — future)
Future Pro versions of Nocito will include Super Snap and Super Dictate — premium features that send full receipt images or audio directly to an AI Vision service for higher-accuracy extraction. These bypass the standard OCR and privacy pre-filter flow.
When using Super Snap or Super Dictate: your full image or audio recording is transmitted to an external AI service. You will always be asked to confirm before any such transmission occurs. Avoid using these features with documents containing sensitive personal information.
These features are not available in v1.0 and will be clearly disclosed when introduced.
6. Third-Party Services
| Service | Provider | Data sent | Their privacy policy |
|---|---|---|---|
| AI expense extraction | Google Gemini Flash | Sanitized OCR text only | policies.google.com/privacy |
| Voice transcription (Dictate, v1.0) | OpenAI Whisper API | Audio recording | openai.com/privacy |
No other third-party services receive your data in v1.0. There are no advertising networks, analytics platforms, or social media SDKs integrated into Nocito.
7. Image and Audio Storage
Receipt images and audio recordings are stored in your device's app-private directory — a location that other apps cannot access. They are not uploaded to any cloud service in Free or Pro tiers (v1.0).
You can control this behaviour:
- Save original images — ON by default. Can be disabled in Settings or Onboarding.
- Save original audio — ON by default. Can be disabled in Settings or Onboarding.
If you disable these settings, images and audio are deleted after processing and never stored on your device. If you uninstall the app, all locally stored data is permanently deleted.
8. Future Cloud Tiers (v1.1)
In v1.1, Nocito plans to introduce optional cloud sync tiers (Pro Online and Business Online). These tiers will store your data on servers provided by Supabase.
Cloud sync will be entirely opt-in. Free and local Pro users will not be affected. If and when you upgrade to a cloud tier, a separate disclosure and consent will be presented before any data is uploaded.
9. Legal Basis for Processing (GDPR)
For users in the European Union and European Economic Area, we process data under the following legal bases:
- Contract performance — processing your expense data to provide the core functionality you requested
- Legitimate interests — sending sanitised text to AI services to provide accurate expense categorisation
- Consent — sending audio to OpenAI Whisper for voice transcription (you are explicitly informed and can decline)
As the app operates primarily on-device with no account system in v1.0, the personal data we process is minimal. The primary controller of your personal data is you — it lives on your device.
10. Your Rights
Under GDPR and other applicable laws, you have the right to:
- Access — export your expenses as CSV from within the app (Pro feature)
- Deletion — delete individual expenses or all data from within the app, or uninstall the app to delete everything
- Portability — export your data as CSV at any time (Pro feature)
- Correction — edit any expense directly in the app
Since we do not maintain a server-side copy of your data in v1.0, most rights can be exercised directly within the app. For any questions or requests, contact us at hello@nocito.app.
11. Children's Privacy
Nocito is not directed at children under the age of 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us at hello@nocito.app.
12. Changes to This Policy
We may update this Privacy Policy as the app evolves — particularly when new features involving data transmission are introduced (such as cloud sync in v1.1 or Super Snap). When we make significant changes, we will notify you through the app's "What's New" popup and update the effective date above.
Continued use of Nocito after changes constitutes acceptance of the updated policy.
13. Contact
For privacy-related questions, data requests, or concerns:
- Email: hello@nocito.app
- Website: nocito.app