AbaBack to getaba.app

Privacy Policy

Effective date: 07/02/2026 Last updated: 07/02/2026

This Privacy Policy explains how José Posada ("Aba", "we", "us", or "our") collects, uses, shares, and protects personal information when you use the Aba mobile application and website (together, the "Service").

Aba is a personal budgeting and money-organization tool. Aba does not connect to your bank, does not import bank or card statements, and does not process payments. All accounts, transactions, categories, and reminders in the app are created and typed in manually by you and represent your own notes — not live financial-account data.

We aim to comply with the EU/UK General Data Protection Regulation (GDPR/UK GDPR), the California Consumer Privacy Act as amended by the CPRA (CCPA/CPRA) and other U.S. state privacy laws, and Latin American data-protection laws including Colombia's Ley 1581 de 2012 (Habeas Data), Brazil's LGPD (Lei 13.709/2018), Mexico's LFPDPPP, and Argentina's Ley 25.326, as applicable to you.


1. Who is responsible for your data (Controller)

The controller responsible for your personal information is:


2. Information we collect

We collect only what we need to run the Service.

2.1 Information you provide

2.2 Information collected automatically

2.3 Subscription information

If you purchase Aba Pro, your purchase is processed by the Apple App Store or Google Play and managed through RevenueCat. We receive and store your subscription status and expiry, the store event type, and a subscription/transaction identifier. We do not receive or store your full payment-card number — that is handled by the app stores.

2.4 Information we do not collect

We do not collect bank/card account numbers, online-banking credentials, or biometric data. Biometric unlock (Face ID / Touch ID / fingerprint), if you enable it, is performed entirely on your device by the operating system; we never receive your biometric data.


3. How we use your information and our legal bases

Purpose Examples GDPR legal basis
Provide the Service Store and sync Your Content; authenticate you; show your calendar, reports, and reminders Performance of a contract (Art. 6(1)(b))
Transactional communications Sign-in codes, email-change confirmations, daily reminders, and weekly reports you opt into Contract (Art. 6(1)(b)); consent where required (Art. 6(1)(a))
Subscriptions Unlock Pro features; maintain entitlement status Contract (Art. 6(1)(b))
Advertising (free tier) Show non-personalized ads and measure their delivery Consent (Art. 6(1)(a)) where required; otherwise legitimate interests (Art. 6(1)(f))
Security & fraud prevention Detect abuse, protect accounts, keep the Service reliable Legitimate interests (Art. 6(1)(f)); legal obligation (Art. 6(1)(c))
Support Respond to your Help & Support requests Contract / legitimate interests
Legal compliance Meet accounting, tax, and legal obligations Legal obligation (Art. 6(1)(c))

We do not use Your Content (your transactions, categories, reminders) to train advertising profiles, and we do not sell it.


4. Who we share information with

We do not sell your personal information. We share it only with service providers ("processors") who help us run the Service, and only as needed:

Provider Purpose Notes
Convex Backend hosting, database, and file storage Stores your account data and Your Content
Resend Sending transactional and reminder emails Receives your email address and email content
RevenueCat Subscription management Receives subscription/purchase identifiers and status
Google AdMob Advertising in the free tier See Section 6
Apple / Google Sign-in (OAuth), app distribution, and in-app purchase billing Governed by their own privacy policies

We may also disclose information (a) to comply with law, legal process, or lawful government requests; (b) to enforce our Terms or protect the rights, safety, and security of users, the public, or Aba; and (c) in connection with a merger, acquisition, financing, or sale of assets, in which case we will notify you of any change in control or use of your personal information.


5. International data transfers

We and our providers may process your information in countries other than your own, including the United States. Where we transfer personal data out of the EEA, UK, or a Latin American country with cross-border transfer rules, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or an adequacy/authorized-transfer mechanism recognized under the applicable local law. You may request more information using the contact details in Section 12.


6. Advertising and tracking

The free version of Aba shows ads served by Google AdMob. Aba requests non-personalized ads only: ads are contextual, and we do not ask AdMob to use your advertising identifier to build a cross-app advertising profile from Aba. AdMob may still process limited device data (such as IP address, device type, and coarse, IP-derived location) to serve ads, cap how often they appear, measure delivery, and prevent fraud.

U.S. state privacy note: because Aba requests only non-personalized ads, we do not "sell" personal information and do not "share" it for cross-context behavioral advertising as defined by the CPRA and similar U.S. state laws. If this ever changes, we will update this Policy and provide the required opt-outs before doing so.

Aba does not use analytics or crash-reporting SDKs.


7. Data retention

We keep your personal information for as long as your account is active and as needed to provide the Service. After you delete your account, we delete or anonymize your personal information within 30 days, except where we must retain certain records to comply with legal obligations, resolve disputes, or enforce our agreements. Support-request images are retained only as long as needed to handle your request and are then deleted.


8. Your rights and choices

Depending on where you live, you have some or all of the following rights. We honor these rights for all users where practicable, regardless of location.

8.1 Everyone

8.2 EU / EEA / UK (GDPR)

You have the right to access, rectify, erase, restrict, or object to processing; to data portability; and to withdraw consent at any time (without affecting prior processing). You also have the right to lodge a complaint with your local supervisory authority (e.g. your national Data Protection Authority; in the UK, the ICO).

8.3 United States (California/CPRA and other states)

You have the right to know/access, delete, and correct your personal information; to opt out of "sale" or "sharing" of personal information and of targeted advertising; to limit use of sensitive personal information; and to not be discriminated against for exercising these rights. We do not sell personal information, and because Aba requests only non-personalized ads, we do not "share" it for cross-context behavioral advertising (Section 6). For questions or requests, contact us.

8.4 Latin America

To exercise any right, contact us at privacy@getaba.app. We will verify your identity and respond within the timeframe required by applicable law. You may use an authorized agent where the law allows.


9. Security

We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls, and storing only a hashed form of one-time email-change codes (never the raw code). No method of transmission or storage is 100% secure, so we cannot guarantee absolute security.


10. Children's privacy

Aba is intended for users who are at least 18 years old (or the age of majority in their jurisdiction) and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.


11. Changes to this Policy

We may update this Policy from time to time. If we make material changes, we will update the "Last updated" date and, where required, notify you in the app or by email. Your continued use of the Service after changes take effect means you accept the updated Policy.


12. Contact us

Questions or requests about this Policy or your personal information:


Appendix A — CCPA/CPRA categories of personal information

Statutory category Collected? Examples in Aba
Identifiers Yes Email, name, phone, device/advertising identifiers, IP address
Customer records Yes Name, phone (if provided)
Commercial information Yes Subscription status; budgeting entries you create
Internet/network activity Yes App interactions, ad measurement (free tier)
Geolocation (coarse) Limited Time zone; IP-derived approximate location
Inferences No We do not build advertising profiles from Your Content
Sensitive personal information No We do not collect government IDs, bank/card numbers, or biometrics

Sold: No. Shared for cross-context behavioral advertising: No — Aba requests non-personalized ads only (Section 6).