Privacy Policy
The one-sentence version: In Thimp v1, your financial records stay on your device. We do not have a server that stores them, we do not collect them, and we cannot see them.
1. Scope
This policy covers the Thimp mobile app (iOS and Android) and the Thimp website (waitlist and informational pages). It is written for two phases:
- v1 (current): local-first, no backend. Nothing about your finances leaves your device.
- v2 (future, not yet active): optional cloud features. Sections marked [v2 — not active] describe data handling that only begins if and when you opt in. They have no effect today.
2. What Thimp is — and is not
Thimp is a manual records tool. You type in what you hold; Thimp adds it up. Thimp never asks for online banking credentials and never links to financial accounts. It holds no money and moves no money, and it does not use Plaid or any account-aggregation service.
3. What we collect
3.1 Financial records you enter (v1)
The asset entries you type — labels, amounts, asset types, and the prices you record — are stored only in the app's local database on your device. They are not transmitted to us or any third party, we have no copy, and we cannot read them. They are included in any device backup you choose to run, controlled by your own device settings.
3.2 Identity (v1)
Thimp v1 uses a local personal-key / family-key to organize your data on the device. It is not an account on our servers. We do not operate a login server.
3.3 What we do not collect in v1
We do not collect your name, location, contacts, photos, or tracking identifiers. Thimp v1 contains no analytics SDK and no third-party trackers inside the app.
4. Website / waitlist
If you join the waitlist or contact us through the website, we collect the email address (and anything else) you choose to provide, solely to send you updates you asked for and to respond to you. We do not sell this email or use it for advertising. You can unsubscribe at any time. Joining the waitlist does not create an app account.
5. How we use information
In v1, because your records never reach us, we do not use them at all. Website data is used only to send requested updates and reply to you. We do not use your data for advertising, profiling, or sale.
6. Legal bases (EU/EEA/UK)
- App (v1): we are not a controller of in-app records because we never receive them; they stay under your control.
- Waitlist email: processed on the basis of your consent, which you can withdraw any time.
- [v2 — not active] cloud features will rely on performance of a contract and/or consent, disclosed at launch.
7. Sharing and subprocessors
v1: we do not share in-app data with anyone, because we do not have it. Website/waitlist data is shared only with the providers that power the waitlist and site analytics, acting on our instructions.
[v2 — not active] If cloud features launch, we will name each subprocessor here before enabling it. Anticipated: a cloud-sync database host (synced records), a Cloudflare Worker price proxy (price queries only — no personal data or holdings sent to price providers), and an LLM provider for optional smart-parse (only the text snippet you submit, used for the parse only and not retained for model training).
8. Security
The local database is encrypted at rest (AES-256) and an optional biometric app-lock is available. In v1 no network calls carry your financial data; in v2, TLS is used everywhere once sync, the price proxy, or smart parse exist. No method of storage is perfectly secure — you are responsible for your device's security.
9. Data retention and deletion
9.1 v1 — instant and complete
Because v1 stores everything on your device and nothing on our servers, deleting your data is immediate and complete. Settings → "Delete all data & identity" wipes the local database and your personal/family key. We have no server copy to retain.
9.2 [v2 — not active] Once cloud sync exists
We will never claim instant global erasure once server backups exist. When you delete data in a v2 cloud configuration, it is removed from active systems immediately and purged from encrypted backups within 30 days, and we forward the deletion request to relevant subprocessors. The 30-day window is a technical bound (rolling encrypted backups), not a delay tactic.
10. Your rights
Depending on where you live (GDPR in the EU/EEA/UK, CCPA/CPRA in California, UU PDP 27/2022 in Indonesia, and others), you may have rights to access, correct, delete, port, or restrict your personal data. In v1 you exercise access and erasure directly and instantly in the app. For website/waitlist data or any future cloud data, contact us and we will respond within the period required by law. We do not "sell" or "share" personal information for cross-context behavioral advertising, and we do not discriminate against you for exercising any right.
11. Children
Thimp is not directed to, and not intended for, anyone under 18. We do not knowingly collect data from children.
12. Changes
We may update this policy as the product evolves. Material changes will be surfaced in-app and/or on the website with an updated effective date. Activation of any [v2 — not active] processing will be disclosed before it begins.
13. Contact
Questions or requests: hello@thimp.app. Thimp is operated by an individual developer; provider and contact details will be updated if a company is later formed.
← Back to Thimp