1. Who We Are
Nocito™ is a personal expense tracking mobile application developed and published by Nocito™ ("we", "us", "our"). The app is available on Android via Google Play.
You can contact us at: nocito.support@gmail.com
2. What Data We Collect and How
Nocito™ is designed around a privacy-first architecture. The vast majority of data never leaves your device.
Data stored locally on your device only
| Data type | Where stored | Purpose |
|---|---|---|
| Expense records (amount, merchant, date, category, note) | Local SQLite | Core app functionality |
| Receipt images (photos, screenshots) | Local storage | Reference and review |
| Audio recordings (voice dictation) | Local storage | Reference and playback |
| App settings and preferences | Local storage | App configuration |
| Onboarding consent timestamp | Local storage | Consent record |
Data sent to external services
| Data type | Service | Purpose | When |
|---|---|---|---|
| Sanitised OCR text (receipt text with personal info removed) | Cloud AI service | AI expense categorisation | Every snap and photo import when Cloud AI Processing is enabled (default: ON) |
| Locally extracted OCR text from PDF | Cloud AI service | AI parsing of PDF receipts | PDF import when Cloud PDF Extraction is disabled (default: OFF — local only) |
| Full PDF document | Cloud AI service | Higher-accuracy PDF parsing | Only when Cloud PDF Extraction toggle is enabled in Settings (opt-in) |
| Audio recording | Cloud AI service | Voice-to-text transcription | Default for voice dictation. Can be replaced with local on-device transcription by enabling the Local Transcription toggle in Settings and downloading a local model. |
| Locally transcribed text | Cloud AI service | Expense parsing from voice input | When Local Transcription is active and Cloud AI Processing is enabled. Disable Cloud AI Processing to keep all processing fully on-device. |
| Anonymous crash data (stack traces, device info, app version) | Sentry | Crash reporting and stability monitoring | Automatically on app crash — no personal data included |
Privacy pre-filter note: Before any OCR text is sent to a cloud AI service, your phone automatically strips personal information — names, addresses, national ID numbers, phone numbers, and email addresses. Only amounts, dates, merchant names, and product names are sent. Note that Cloud PDF Extraction (opt-in) sends the full PDF without pre-filtering, and Cloud Transcription (default) sends raw audio without pre-filtering — the pre-filter only applies to the transcribed text before it reaches the AI parsing step. The only 100% guaranteed private option is enabling Local AI Processing, Local Transcription, and keeping Cloud PDF Extraction off — in this configuration no data of any kind is sent to external services.
Data we never collect
- We do not collect your name, email address, or any account information (there is no account)
- We do not collect analytics or usage statistics
- We do not use advertising SDKs or tracking pixels
- We do not sync your expense data to any server
- We do not sell your data to anyone
3. Privacy Pre-Filter — Local Data Sanitisation
For snaps and photo imports, Nocito™ runs a local sanitisation process on your device before sending any text to AI. This process removes:
- Personal names (first and last name patterns)
- Physical addresses (street, house number, postal code, city)
- National ID numbers (e.g. tax identification numbers, personal identification numbers)
- Phone numbers and email addresses
What it keeps: amounts, prices, dates, times, merchant and business names, product names, categories, and business VAT numbers.
This process runs entirely on your device before any network call is made. Note that the pre-filter applies to OCR text from snaps and photo imports. It does not apply when Cloud PDF Extraction is enabled (full PDF sent to cloud) or to raw audio during Cloud Transcription (audio sent to cloud before any text extraction).
4. Voice Dictation
Nocito™ supports two modes of voice dictation. Cloud transcription is active by default on a fresh install. Local transcription is available as an opt-in that requires a one-time model download.
Cloud transcription (default)
On a fresh install, tapping the Dictate button records audio and sends it to a cloud AI service for transcription. The transcribed text is then processed through the privacy pre-filter (section 3) and sent to a cloud AI service for expense parsing.
Local transcription (opt-in)
You can switch to fully on-device transcription in Settings by enabling the Local Transcription toggle and downloading one of the two available local Whisper models. The download button is available directly in the Dictate screen as well as in Settings. Once set up:
- Tap to record — uses local on-device transcription. No audio leaves your phone.
- Hold 1 second to record — activates Super Dictate (cloud transcription) for higher accuracy when needed.
With local transcription active, the transcribed text is still sent to a cloud AI service for expense parsing by default — unless you also enable Local AI Processing (see section 4c).
100% private dictation: to ensure no voice or text data leaves your device, enable both Local Transcription and Local AI Processing in Settings. Both require a one-time model download. This is recommended for users for whom privacy is more important than maximum accuracy, and who have a sufficiently fast device.
4b. PDF Import
Nocito™ processes PDF receipts locally by default. The app uses on-device OCR (ML Kit) to extract text from the PDF, applies the privacy pre-filter, and sends only the sanitised text to a cloud AI service for expense parsing.
An optional Cloud PDF Extraction toggle is available in Settings. When enabled, the full PDF document is sent directly to a cloud AI service for higher-accuracy parsing. This is opt-in and off by default.
To keep PDF processing 100% on-device, keep Cloud PDF Extraction off and enable Local AI Processing in Settings (requires model download).
When Cloud PDF Extraction is enabled: the full PDF document is sent to an external service without local pre-filtering. We recommend keeping this disabled unless you need higher accuracy on complex PDFs, and avoid using it with PDFs containing sensitive personal information.
4c. Privacy Level Settings
Nocito™ gives you direct control over which processing happens locally and which uses cloud services. These settings are available in the app's Settings screen:
| Toggle in app | Default | What it controls |
|---|---|---|
| Cloud AI Processing | ON | When ON, sanitised OCR text is sent to a cloud AI service for expense categorisation (default). Switch OFF and download a local AI model to process all expense extraction fully on-device. Download available in Settings. |
| Cloud Transcription | ON | When ON, voice dictation sends audio to a cloud AI service for transcription (default). Switch OFF and download a local Whisper model to transcribe audio entirely on-device. Download available in the Dictate screen and in Settings. Once local model is downloaded and toggle is OFF, tap = local transcription, hold 1s = cloud (Super Dictate). |
| Cloud PDF Extraction | OFF | When OFF, PDF text is extracted locally via OCR and only the sanitised result is sent to AI (default). Switch ON to send the full PDF document to a cloud service for higher-accuracy parsing. |
Changing these settings takes effect immediately. Your existing expenses are not affected.
5. Super Snap (future) and Super Dictate (Pro)
Future Pro versions of Nocito™ will include Super Snap — a premium feature that sends full receipt images directly to an AI Vision service for higher-accuracy extraction, bypassing the standard OCR and privacy pre-filter flow.
Super Dictate, which sends audio to OpenAI Whisper API for higher-accuracy transcription, is available in the current version as an option within the Pro tier.
When using Super Snap or Super Dictate: your full image or audio recording is transmitted to an external AI service. You will always be asked to confirm before any such transmission occurs. Avoid using these features with documents containing sensitive personal information.
6. Third-Party Services
| Service | Provider | Data sent |
|---|---|---|
| AI expense extraction and categorisation | Cloud AI service | Sanitised OCR text only (personal info pre-filtered locally) |
| PDF parsing (when Cloud PDF Extraction is enabled) | Cloud AI service | Full PDF document (opt-in only) |
| Voice transcription (when Cloud Transcription is enabled) | Cloud AI service | Audio recording (opt-in only) |
| Crash reporting | Sentry (sentry.io) | Anonymous crash data: stack traces, device model, OS version, app version. No personal data, no expense data. |
The specific cloud AI services used for expense extraction and transcription may change as better or more privacy-preserving options become available. Any material change to the types of data transmitted will be reflected in an updated Privacy Policy.
There are no advertising networks, analytics platforms, or social media SDKs integrated into Nocito™.
Sentry's privacy policy: sentry.io/privacy
7. Image and Audio Storage
Receipt images and audio recordings are stored in your device's app-private directory — a location that other apps cannot access. They are not uploaded to any cloud service.
You can control this behaviour:
- Save original images — ON by default. Can be disabled in Settings or Onboarding.
- Save original audio — ON by default. Can be disabled in Settings or Onboarding.
Local backup: Nocito™ provides a local ZIP backup feature that exports a JSON file containing all your expense records along with any original images, PDFs, and audio recordings attached to those expenses. You can restore from this backup at any time. You are responsible for keeping your own backup copies — Nocito™ does not maintain any server-side copy of your data. If you uninstall the app without backing up, all data is permanently deleted.
8. Future Cloud Storage
Nocito™ may introduce optional cloud sync features in future versions. Any such feature would store your data on external servers and would be entirely opt-in. Free and local Pro users would not be affected. A separate disclosure and consent would be presented before any data is uploaded to external servers.
No cloud sync is available in the current version.
9. Legal Basis for Processing (GDPR)
For users in the European Union and European Economic Area, we process data under the following legal bases:
- Contract performance — processing your expense data to provide the core functionality you requested
- Legitimate interests — sending sanitised OCR text to cloud AI services to provide accurate expense categorisation
- Legitimate interests — anonymous crash reporting via Sentry to maintain app stability
- Consent — sending audio to a cloud transcription service (only when Cloud Transcription is enabled in Settings)
- Consent — sending full PDF documents to a cloud AI service (only when Cloud PDF Extraction is enabled in Settings)
As the app operates primarily on-device with no account system, the personal data we process is minimal. The primary controller of your personal data is you — it lives on your device.
10. Your Rights
Under GDPR and other applicable laws, you have the right to:
- Access — export your expenses as CSV from within the app (Pro feature)
- Backup and restore — export all your data as a JSON backup and restore it on any device (available to all users)
- Deletion — delete individual expenses or all data from within the app, or uninstall the app to delete everything
- Portability — export your data as CSV or JSON at any time
- Correction — edit any expense directly in the app
Since we do not maintain a server-side copy of your data, most rights can be exercised directly within the app. For any questions: nocito.support@gmail.com
10b. Crash Reporting
Nocito™ uses Sentry (sentry.io) for crash reporting. When the app crashes or encounters an unexpected error, Sentry automatically sends an anonymous report containing:
- Stack trace (technical description of where the error occurred in the code)
- Device model and manufacturer
- Android OS version
- App version
Crash reports do not contain your expense data, receipt images, audio recordings, or any personally identifiable information. They are used solely to identify and fix bugs.
11. Children's Privacy
Nocito™ is not directed at children under the age of 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us at nocito.support@gmail.com.
12. Changes to This Policy
We may update this Privacy Policy as the app evolves — particularly when new features involving data transmission are introduced (such as Super Snap in a future version, or changes to how PDF and Dictate are handled). When we make significant changes, we will notify you through the app's "What's New" popup and update the effective date above.
Continued use of Nocito™ after changes constitutes acceptance of the updated policy.
13. Contact
For privacy-related questions, data requests, or concerns:
- Email: nocito.support@gmail.com
- Website: nocito.app