Privacy Policy
Effective date: 07/02/2026
Last updated: 07/02/2026
This Privacy Policy explains how José Posada ("Aba", "we", "us",
or "our") collects, uses, shares, and protects personal information when you use
the Aba mobile application and website (together, the "Service").
Aba is a personal budgeting and money-organization tool. Aba does not connect to your bank, does not import bank or card statements, and does not process payments. All accounts, transactions, categories, and reminders in the app are created and typed in manually by you and represent your own notes — not live financial-account data.
We aim to comply with the EU/UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA) and other U.S. state privacy laws, and Latin American data-protection laws including Colombia's Ley 1581 de 2012 (Habeas Data), Brazil's LGPD (Lei 13.709/2018), Mexico's LFPDPPP, and Argentina's Ley 25.326, as applicable to you.
1. Who is responsible for your data (Controller)
The controller responsible for your personal information is:
José Posada,Cra 70 # 3-19 Medellín,Colombia- Privacy contact:
privacy@getaba.app
2. Information we collect
We collect only what we need to run the Service.
2.1 Information you provide
- Account & identity: your email address (used for passwordless sign-in). If you sign in with Google or Apple, we receive your email and, where available, your name and profile image from that provider.
- Profile (optional): display name and phone number, if you choose to add them.
- Preferences: language, base currency, first day of the week, and display order of your accounts and categories.
- Content you enter ("Your Content"): the accounts, transactions (amount, type, category, description, date), scheduled/recurring entries, categories, and reminders you create. This is personal budgeting information you type in yourself; it does not include bank account numbers, card numbers, or credentials.
- Support requests: the message you send us and any images you choose to attach through the in-app Help & Support form.
2.2 Information collected automatically
- Device time zone (IANA identifier, e.g.
America/Bogota), used to deliver reminders and reports at the correct local time and to compute your "today". - Basic technical data needed to operate and secure the Service (e.g. app version, device/OS type, IP address at the time of a request, and error/diagnostic events).
- Advertising identifiers and related data collected by our advertising provider in the free version of the app — see Section 6.
2.3 Subscription information
If you purchase Aba Pro, your purchase is processed by the Apple App Store or Google Play and managed through RevenueCat. We receive and store your subscription status and expiry, the store event type, and a subscription/transaction identifier. We do not receive or store your full payment-card number — that is handled by the app stores.
2.4 Information we do not collect
We do not collect bank/card account numbers, online-banking credentials, or biometric data. Biometric unlock (Face ID / Touch ID / fingerprint), if you enable it, is performed entirely on your device by the operating system; we never receive your biometric data.
3. How we use your information and our legal bases
| Purpose | Examples | GDPR legal basis |
|---|---|---|
| Provide the Service | Store and sync Your Content; authenticate you; show your calendar, reports, and reminders | Performance of a contract (Art. 6(1)(b)) |
| Transactional communications | Sign-in codes, email-change confirmations, daily reminders, and weekly reports you opt into | Contract (Art. 6(1)(b)); consent where required (Art. 6(1)(a)) |
| Subscriptions | Unlock Pro features; maintain entitlement status | Contract (Art. 6(1)(b)) |
| Advertising (free tier) | Show non-personalized ads and measure their delivery | Consent (Art. 6(1)(a)) where required; otherwise legitimate interests (Art. 6(1)(f)) |
| Security & fraud prevention | Detect abuse, protect accounts, keep the Service reliable | Legitimate interests (Art. 6(1)(f)); legal obligation (Art. 6(1)(c)) |
| Support | Respond to your Help & Support requests | Contract / legitimate interests |
| Legal compliance | Meet accounting, tax, and legal obligations | Legal obligation (Art. 6(1)(c)) |
We do not use Your Content (your transactions, categories, reminders) to train advertising profiles, and we do not sell it.
4. Who we share information with
We do not sell your personal information. We share it only with service providers ("processors") who help us run the Service, and only as needed:
| Provider | Purpose | Notes |
|---|---|---|
| Convex | Backend hosting, database, and file storage | Stores your account data and Your Content |
| Resend | Sending transactional and reminder emails | Receives your email address and email content |
| RevenueCat | Subscription management | Receives subscription/purchase identifiers and status |
| Google AdMob | Advertising in the free tier | See Section 6 |
| Apple / Google | Sign-in (OAuth), app distribution, and in-app purchase billing | Governed by their own privacy policies |
We may also disclose information (a) to comply with law, legal process, or lawful government requests; (b) to enforce our Terms or protect the rights, safety, and security of users, the public, or Aba; and (c) in connection with a merger, acquisition, financing, or sale of assets, in which case we will notify you of any change in control or use of your personal information.
5. International data transfers
We and our providers may process your information in countries other than your own, including the United States. Where we transfer personal data out of the EEA, UK, or a Latin American country with cross-border transfer rules, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or an adequacy/authorized-transfer mechanism recognized under the applicable local law. You may request more information using the contact details in Section 12.
6. Advertising and tracking
The free version of Aba shows ads served by Google AdMob. Aba requests non-personalized ads only: ads are contextual, and we do not ask AdMob to use your advertising identifier to build a cross-app advertising profile from Aba. AdMob may still process limited device data (such as IP address, device type, and coarse, IP-derived location) to serve ads, cap how often they appear, measure delivery, and prevent fraud.
- EEA / UK / Switzerland: where consent is required, we ask for it through a Google-certified consent message before ads are shown. You can review or change your choice at any time via Privacy choices in the app's Settings.
- iOS: because Aba does not track you across other companies' apps and websites, we do not currently show Apple's App Tracking Transparency (ATT) prompt. If we ever introduce personalized ads, we will request permission through ATT first.
- Android: you can additionally reset or delete your advertising ID in your device settings.
- You can review Google's practices and controls at https://policies.google.com/technologies/ads.
U.S. state privacy note: because Aba requests only non-personalized ads, we do not "sell" personal information and do not "share" it for cross-context behavioral advertising as defined by the CPRA and similar U.S. state laws. If this ever changes, we will update this Policy and provide the required opt-outs before doing so.
Aba does not use analytics or crash-reporting SDKs.
7. Data retention
We keep your personal information for as long as your account is active and as needed
to provide the Service. After you delete your account, we delete or anonymize your
personal information within 30 days,
except where we must retain certain records to comply with legal obligations, resolve
disputes, or enforce our agreements. Support-request images are retained only as long
as needed to handle your request and are then deleted.
8. Your rights and choices
Depending on where you live, you have some or all of the following rights. We honor these rights for all users where practicable, regardless of location.
8.1 Everyone
- Access / update: view and edit your profile and Your Content directly in the app.
- Delete: delete individual items, or delete your account to remove your data (see Section 7).
- Email preferences: turn reminder/report emails on or off, and manage device-level notification settings.
- Ad choices: ads in Aba are non-personalized; you can manage your ad consent via Privacy choices in Settings (where shown) and your device's ad settings (Section 6).
8.2 EU / EEA / UK (GDPR)
You have the right to access, rectify, erase, restrict, or object to processing; to data portability; and to withdraw consent at any time (without affecting prior processing). You also have the right to lodge a complaint with your local supervisory authority (e.g. your national Data Protection Authority; in the UK, the ICO).
8.3 United States (California/CPRA and other states)
You have the right to know/access, delete, and correct your personal information; to opt out of "sale" or "sharing" of personal information and of targeted advertising; to limit use of sensitive personal information; and to not be discriminated against for exercising these rights. We do not sell personal information, and because Aba requests only non-personalized ads, we do not "share" it for cross-context behavioral advertising (Section 6). For questions or requests, contact us.
8.4 Latin America
- Colombia (Ley 1581 / Habeas Data): you may know, update, rectify, and delete your data and revoke authorization, and you may complain to the Superintendencia de Industria y Comercio (SIC).
- Brazil (LGPD): you have rights of confirmation, access, correction, anonymization, portability, deletion, and information about sharing, and may contact the ANPD.
- Mexico (LFPDPPP): you have ARCO rights (Access, Rectification, Cancellation, Opposition) and may contact the INAI.
- Argentina (Ley 25.326): you have equivalent access, rectification, and deletion rights and may contact the Agencia de Acceso a la Información Pública (AAIP). In other countries, equivalent rights apply under local law.
To exercise any right, contact us at privacy@getaba.app. We will verify your
identity and respond within the timeframe required by applicable law. You may use an
authorized agent where the law allows.
9. Security
We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and storing only a hashed form of one-time email-change codes (never the raw code). No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.
10. Children's privacy
Aba is intended for users who are at least 18 years old (or the age of majority in their jurisdiction) and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.
11. Changes to this Policy
We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date and, where required, notify you in the app or by email. Your continued use of the Service after changes take effect means you accept the updated Policy.
12. Contact us
Questions or requests about this Policy or your personal information:
José Posada- Email:
privacy@getaba.app - Address:
Cra 70 # 3-19 Medellín,Colombia
Appendix A — CCPA/CPRA categories of personal information
| Statutory category | Collected? | Examples in Aba |
|---|---|---|
| Identifiers | Yes | Email, name, phone, device/advertising identifiers, IP address |
| Customer records | Yes | Name, phone (if provided) |
| Commercial information | Yes | Subscription status; budgeting entries you create |
| Internet/network activity | Yes | App interactions, ad measurement (free tier) |
| Geolocation (coarse) | Limited | Time zone; IP-derived approximate location |
| Inferences | No | We do not build advertising profiles from Your Content |
| Sensitive personal information | No | We do not collect government IDs, bank/card numbers, or biometrics |
Sold: No. Shared for cross-context behavioral advertising: No — Aba requests non-personalized ads only (Section 6).