Kibo
Kibo Privacy Policy
Last updated · May 2026

Privacy, in plain words.

We collect as little as possible, we don't sell what we have, and we can't read your receipts. Here's the long version, with no asterisks.

TL;DR
Your data stays yours. We use it to run Kibo for you, nothing more.

1. What we collect

We collect the minimum needed to run Kibo. That breaks down into three buckets:

Account data

  • Your email address (for sign-in and password recovery).
  • An anonymous device identifier (so sync works across your devices).
  • Language and currency preferences.

Your financial data

  • Transactions you log, categorize, or import.
  • Receipt images you scan with the camera.
  • Subscriptions and recurring charges you track.

Anonymous usage

  • Crash reports (no personal data attached).
  • Aggregate counters: number of receipts scanned, OCR success rate. Used to improve the product.

We do not collect: your contacts, your location, your browsing history, or anything from other apps on your phone.

2. How we use it

Three things, in order of effort:

  • To run the app. Sync your data across devices, render your dashboards, and send reminders you've opted into.
  • To improve OCR and categorization. When you correct a category, that signal is used to fine-tune the model, but only on your account. Your data does not train a global model that another user can see.
  • To send transactional emails. Sign-in confirmations, security alerts, and (if you opt in) occasional product updates. You can unsubscribe from the marketing list with one click.

3. Who we share with

The shortest section, on purpose. We share data with three categories of processors only:

  • Cloud infrastructure. To host the encrypted database and run the OCR pipeline.
  • Email delivery. To send sign-in links and security alerts.
  • Crash reporting. To diagnose technical errors. No personal data is attached.

We do not sell, rent, or trade your data. We have never been asked by a law-enforcement body for user data; if we were, we would publish the request in a transparency report and contest anything overbroad.

4. Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Receipt images are stored on private object storage that's not publicly indexable. Internal access is restricted to a single operator, who can read aggregate metrics but cannot decrypt individual receipts without a per-user key that we don't store centrally.

No system is perfect. If we ever experience a breach affecting your account, we will tell you within 72 hours, in plain language.

5. Your rights

You can, at any time:

  • Export everything Kibo knows about you, as a single zip file.
  • Correct anything that's wrong.
  • Delete your account and all associated data. See the delete account page.
  • Opt out of marketing emails (you can keep the security ones, we recommend it).

If you're in the EU, UK, or California, the GDPR and CCPA give you these rights by law. We extend them to everyone, because it's the right thing.

6. Children

Kibo is not directed at anyone under 13. If you believe a child has signed up, write to us and we'll remove the account.

7. Changes

If we change this policy, we'll bump the date at the top and email everyone if the changes are material. We will not quietly change the bits that matter.

8. Contact

For any privacy-related question, write to privacy@ki-bo.com. You'll hear back from a human within a few days, usually faster.

Want to delete your account?
You can do it in two taps from inside the app, or from our deletion page.