Finance Secretary Privacy Policy

Effective date: 2026-05-13
Last reviewed: 2026-05-13
Controller: AI Secretary Limited (trading as AISec Technology), a company registered in England and Wales (company number 17245992, registered office: 115 Bransford Road, Worcester, WR2 4ET), contact: [email protected]

Plain English summary. Finance Secretary reads financial documents you upload, helps you organise them, and gives you tools to understand your money. Most of your data stays on your device. The documents you upload go briefly to our private AI service for classification, and never to any other company.

1. What this app is

Finance Secretary is a personal-finance app for UK users. You upload financial documents (bank statements, payslips, credit-card statements, investment summaries, receipts, invoices) and the app helps you turn them into a picture of your net worth, income, expenses, and balance sheet.

2. Data we collect

Three kinds of data, each handled differently:

2.1 Account information (held server-side)

Email address — collected at sign-up. Used once to deliver your account API key by email, and as the identifier you log in with afterwards.
API key — a randomly-generated identifier we create for you at sign-up and use to authenticate your AI classification requests.

Both are stored on our own server infrastructure in the United Kingdom. We do not share them with any third party.

2.2 Financial data (held on your device)

Documents you upload (PDF, CSV, image).
Transactions, balances, assets, and liabilities parsed from those documents.
Manual entries you make for property, vehicles, salary, etc.
Your name, date of birth, and security-question answer (used for password reset).
A bcrypt-hashed copy of your password.

All of the above lives in a local SQLite database on your device, inside the app's sandboxed storage area. The data does not leave the device, except in the limited case described in section 2.3 below.

2.3 What goes to our AI classification service

When you upload a PDF or image document, the app reads the text out of it using Apple's Vision framework on your device. The resulting text (not the document file itself) is sent over HTTPS to our AI service at api.aisectech.uk for classification. The AI returns a suggested category and extracted fields, which the app shows you on a review screen so you can confirm or correct before saving.

The AI service runs on hardware we own, in our own location. It is not a third-party cloud service. The text we receive for classification is kept in our wrapper's job queue for up to 24 hours to support retries and diagnostic recovery, then automatically purged. The text is not logged, not used to train any model, and not shared with anyone outside our own infrastructure.

What we never send:

The document file itself (only the OCR'd text).
Your name, email, password, security question, or any account identifier other than the API key used for authentication.
The contents of your local transaction or asset database.

2.4 Feedback + automatic error reports

Two situations send a report to our private wrapper API on api.aisectech.uk, where it's stored on our UK-based server for up to 30 days before automatic deletion. They are read by a human (the developer) using a private dashboard:

"Report an issue" from the Account screen. When you tap this and submit the form, the subject + description you typed are stored on our server, optionally with diagnostic info (your app version, device model, account ID — never your transactions, balances, or any uploaded documents). The toggle on the form controls whether diagnostics are included; with it off, only your free text is stored.
Automatic crash reports (development + TestFlight builds only). If you're testing a pre-release build, the app sends details of any uncaught error to the same private storage. This includes the error type, stack trace, current screen, app version, device model, and your local account ID — but never your password, API key, or financial data; we strip those patterns out before transmit. Production App Store builds do not send automatic crash reports at all. The reporter code is compiled in only when the build is configured for pre-release testing.

Both report types are stored in our wrapper's database on UK infrastructure, not shared with any third party, not used for advertising, and not used to train any model. Automatic cleanup deletes each row 30 days after it was created. You can also request deletion of a specific report sooner by emailing [email protected].

3. What we don't do

We do not use analytics. The app has no Google Analytics, no Mixpanel, no Sentry, no Crashlytics, no anything.
We do not show advertising.
We do not sell or share your data with third parties.
We do not use your data to train AI models.
We do not track you across other apps or websites.
We do not use cookies or third-party identifiers.

4. Where your data lives

On your device. SQLite database inside the app sandbox. Encrypted at rest by iOS' Data Protection (Class C — "Available when unlocked"). If you have iCloud Backup enabled on your device, the database is included in your iCloud backup — that backup is end-to-end encrypted by Apple when you turn on Advanced Data Protection in iCloud Settings, otherwise it's encrypted at rest under Apple's standard keys.
Your API key on your device is held in iOS Keychain, which is hardware-encrypted on every modern iPhone.
Your account email and API key live on our server (a server we own, in the UK), with the API key encrypted at rest using Fernet symmetric encryption.
The documents you upload for AI classification are kept in server memory only for the duration of the classification job (typically under a minute) and are not written to disk.

5. International data transfers

Our origin server (where your account information sits at rest) is physically located in the United Kingdom. Your data may briefly transit non-UK servers in two situations:

Cloudflare sits in front of our API (api.aisectech.uk) as a reverse proxy and DDoS filter. Requests may route through whichever Cloudflare edge node is geographically closest to you — usually London or Amsterdam for UK users, occasionally Frankfurt or Paris. Cloudflare's Data Processing Addendum (with the UK Addendum to the EU Standard Contractual Clauses) covers any non-UK transit.
Apple operates the App Store, the device-side iCloud backup (if you have iCloud Backup enabled), and the delivery of any push notifications (currently none). Apple's infrastructure is global; their published Data Protection Addendum covers the transfers.

No other third party is in the data path.

6. Your rights (UK GDPR)

You have the right to:

Access. Use the Export feature in the Account screen to download every transaction and asset we hold for you as a JSON file.
Correction. Every screen that displays a value has an edit affordance; correct anything that's wrong.
Deletion. Open the Account screen, scroll to Danger Zone, tap "Delete Account". This removes your user record, every transaction and asset on your device, and signs you out. The server-side copy of your API key is orphaned and naturally expires.
Portability. The JSON export from "Access" above is a portable format.
Objection. Stop using the app. There is no server-side processing that continues once you stop opening the app.
Complaint. You can complain to the UK Information Commissioner's Office ( ico.org.uk).

7. Children

Finance Secretary is intended for users aged 13 and over (the minimum digital-consent age in the UK under UK GDPR Article 8). We do not knowingly collect data from anyone under 13. The signup screen validates date of birth against this minimum. If you are a parent who believes your child has signed up despite this, contact us and we will delete the account.

8. Security

We follow standard security practices for a finance app:

Passwords are bcrypt-hashed (cost factor 10) — we never see your plaintext password.
All app↔server traffic is HTTPS (TLS 1.3 via Cloudflare in front of our origin).
Auth tokens expire after 24 hours and require re-login.
The app supports Face ID / Touch ID for app-unlock when you enable it in Account settings.
The full security review for this release is published at the project's SECURITY.md for transparency.

9. Changes to this policy

If we change this policy in a way that materially affects how we handle your data, we will email the address you signed up with at least 14 days before the change takes effect. The "Last reviewed" date at the top of this page also moves forward.

10. Contact

For any privacy question, including data access / deletion requests:

Email: [email protected]
Post: AI Secretary Limited, 115 Bransford Road, Worcester, WR2 4ET, United Kingdom

This policy is published by AI Secretary Limited, trading as AISec Technology. View the support page or return to product home.