CoinChat Privacy Policy

Last Updated: November 21, 2025

Welcome to CoinChat! We value your personal information security and privacy protection. This privacy policy explains how we collect, use, store, share, and protect your information, as well as your rights regarding personal information. Please read this policy carefully before using our products or services.

1. How We Collect and Use Your Personal Information

We only collect necessary personal information for the purposes described in this policy and follow the principle of minimum collection.

1.1 Helping You Become Our User

To complete account creation and login verification, we collect your phone number and verify your identity through WhatsApp verification codes. Your phone number serves as the credential for logging in and using our services.

1.2 Providing Products or Services to You

a. Primarily Local Storage

To ensure offline use and faster response times, the following personal data is primarily stored in your device's local database:

• Transaction Records: Amount, category, description, merchant, date, currency, etc.
• Chat Messages: Your conversation history with the AI assistant (default saved on device).
• Budget Information: Your monthly and category budgets.
• Expense Categories: Your custom categories.
• Statistical Data: Aggregated data used to display financial overviews.

This local data will not be accessed or uploaded by us without your explicit consent.

b. Data Communicating with Servers

To provide core functions (such as AI parsing, account verification, etc.), some data will be sent to our servers or third-party AI services for processing when you explicitly trigger corresponding functions:

• User Authentication: Your phone number is used for WhatsApp verification code registration/login and for necessary verification related to that authentication process.
• AI Service Requests: When you use AI bookkeeping features, the text you input (such as transaction descriptions), images you upload (such as receipt images), and necessary context (such as language, currency, country/region, expense categories) will be sent for immediate processing and return of results.
• Advertising Identifiers: When permitted by your device/system settings we collect the device’s advertising ID (e.g., Google Advertising ID, Adjust ID). This identifier is only used for attribution analysis, campaign effectiveness tracking, fraud prevention, and compliance reporting, and is not combined with sensitive personal data without your consent.

Note: We minimize identifiable information; unless you explicitly agree, AI request data will not be permanently bound to your phone number or other identity information.

2. How We Protect Your Information Security

We adopt industry best practices to protect data security, including but not limited to:

• Transmission Encryption: All network transmissions between devices and servers are protected by industry-standard TLS/SSL encryption.
• Minimized Server Storage: Transaction records and chat history are saved on user devices by default; for data sent to servers for immediate processing, we only save it briefly when necessary, without long-term or permanent storage.
• Infrastructure Security: Our backend is deployed on cloud services with advanced security measures, employing access controls, log audits, and security hardening.

3. How We Obtain and Use Your Device Permissions

We only request necessary permissions when providing corresponding functions and suggest users revoke or close permissions when functions are no longer needed. Common permissions and uses are as follows:

• Camera Permission (CAMERA): Requested when you use the camera to take photos of receipts or invoices to obtain images for AI recognition.
• Location Permission (ACCESS_COARSE_LOCATION): Only with your authorization, we use approximate location information to determine your country/region, used to automatically fill international area codes for phone numbers and confirm whether the service is provided locally. We do not request precise location permissions (ACCESS_FINE_LOCATION), continuously collect or store location information, or use location information for advertising or marketing.
• Storage Access and File Selection: On Android 11 (API 30) and above, we use Scoped Storage and system file selectors (such as ACTION_OPEN_DOCUMENT) to let you explicitly select images or files to upload, avoiding direct requests for broad storage permissions. In older Android systems, READ/WRITE external storage permissions may be requested, with clear explanations of reasons and purposes.

You can manage or revoke these permissions at any time in your device system settings. Revoking certain permissions may cause some functions to not work properly.

4. How We Share, Transfer, or Publicly Disclose Your Personal Information

We will not sell your personal information to third parties. Except in the following circumstances, we will not share your personal information with third parties:

4.1 Sharing with Our Service Partners (Necessary Scope)

• AI Service Providers (Google Gemini): To implement real-time AI bookkeeping functionality, we securely transmit the text, images, and necessary context you provide for that request to our technology partners (using Google Gemini's paid API). This data is only used for processing this request and returning results. We will not use this data to train or improve third-party models (based on the service provider's public usage terms). We recommend that you also review the Google Gemini API Terms of Service and Google Privacy Policy for more information.

4.2 Other Circumstances

• With Your Explicit Consent: Only after obtaining your explicit consent will we share your personal information with other third parties.
• Legal Requirements: Under legal, regulatory, or judicial requirements, we may disclose your information.

We will not transfer your personal information to third parties unless we obtain your explicit consent or otherwise provided by law.

5. AI Data Processing and Anonymization Explanation

For data sent to third-party AI services (such as Google Gemini), we commit to:

• Only sending necessary content when you initiate a request to complete that processing;
• By default, not binding this processing data with your phone number or account long-term; if binding is needed (for feature enhancement), we will clearly inform and obtain your consent in the interface;
• When using third-party AI services, we strictly follow the service provider's public usage terms, including restrictions on data use and storage (please refer to the service provider's terms);
• For sensitive information, please consider carefully before submission; we will try to use desensitization or minimization upload strategies.

6. Your Data Protection Rights

Under applicable law, you may have the following rights. You can submit requests through the contact information at the end of this policy, and we will respond within legal or reasonable time:

• Access Right: Request a copy of the personal information we hold about you;
• Rectification Right: Request correction of inaccurate or incomplete information;
• Deletion Right: Request deletion of information under applicable conditions;
• Restriction Processing Right: Request restriction on processing of your information;
• Objection Right: Object to our processing practices under specific conditions;
• Data Portability Right: Request transfer of data in a usable format to other service providers or yourself under specific conditions;
• Withdrawal of Consent Right: Withdraw previously given consent (withdrawal does not affect the legality of processing based on consent before withdrawal).

Please note: Specific rights and exercise methods may vary by country/region, and we will process your requests in accordance with applicable law.

7. How This Policy is Updated and Notified

This privacy policy may be updated from time to time. For non-material modifications, we will update the revision date on this page and post change descriptions; for significant changes that may materially affect your rights, we will notify you through in-app pop-ups, push notifications, or email, and seek your consent when necessary.

8. How to Contact Us

If you have questions, comments about this privacy policy, or wish to exercise rights regarding personal information, please contact us through:

Email: coinchatai@outlook.com

We will endeavor to respond within a reasonable time after receiving your request. For higher priority processing, please indicate "Privacy Request - Urgent" in your email.