Privacy Policy

Updated – 1 January 2025

Before using the Hootz application ("Hootz"), please familiarize yourself with these Terms of Use ("Terms") and this Privacy Policy ("Policy"). This Policy governs how we collect, process, and use your personal data and forms an integral part of the Terms. All definitions used herein carry the same meaning as in the Terms. By using Hootz, you agree to provide only accurate, truthful, and current personal data and to keep it up to date.

1. Service Provision

You acknowledge that Seprum sp. z o.o., KRS: 0001159379, NIP: 5833532031, with its registered office at ul. Wały Piastowskie 1/813, Gdańsk, 80-855, Poland ("Provider"), acts as the data controller and may process your personal data as necessary to provide the Hootz service.

This includes but is not limited to:

  • Setting up and maintaining your account
  • Providing support and service features
  • AML (anti-money laundering) compliance
  • Processing financial data and insights
  • Personalizing your experience

Data collected may include:

  • Required data: first name, last name, e-mail address, login credentials, language, currency, and subscription details
  • AML-compliant data: full name, sex, birth number (or date of birth), place of birth, permanent address, citizenship (required under applicable AML laws, including but not limited to Polish legislation)
  • Optional data: profile photo, family status, housing situation, education, employment, income and property details, economic situation
  • Financial tracking: your manually entered income, expenses, budgets, and related metadata
  • Account synchronization: bank credentials (entered manually), account number, balance, type, currency, and transaction details (amount, description, date, etc.)
  • Social logins: identification details provided by Google or Apple sign-in

Profiling:

We may perform profiling to analyze or predict aspects of your behavior, financial habits, or personal situation to deliver personalized experiences and insights. This profiling does not include automated decision-making that produces legal or similarly significant effects.

Retention:

Your data is processed for the duration of your use of Hootz and deleted upon termination of your account, unless otherwise required (e.g. AML data is retained for 10 years).

2. Marketing Communications

We may use your email address to send you updates or promotional messages about Hootz based on our legitimate interest. You can unsubscribe at any time via the link in the email or via in-app settings.

3. Marketing with Consent

If you provide explicit consent, we may process your personal data to:

  • Create custom audiences
  • Personalize your advertising experience
  • Send promotional offers and updates
  • You can withdraw consent anytime via in-app settings.

Profiling may be used to personalize your ad experience, but again, no automated decisions with legal effects are made.

4. Service Improvement and Development

We process data under legitimate interest to improve and develop Hootz. Where possible, we use anonymized data for this purpose. This may include technical analysis, feature testing, and product development. Profiling may be applied for deeper insights but does not include automated decision-making with significant impact.

5. Recipients and Transfers to Third Countries

Your personal data may be processed by third-party service providers (data processors), solely for purposes described above, based on contracts and in accordance with applicable laws.

Current processors include:

  • Google Commerce Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland
  • Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
  • GoCardless Ltd, Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom
  • Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109, USA
  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
  • Plaid Inc., 1098 Harrison Street, San Francisco, CA 94103, USA

Data transfers to the USA are protected by Standard Contractual Clauses (SCCs) approved by the European Commission. Copies of safeguards can be requested via the contact below.

6. Your Rights

You have the following rights regarding your personal data:

  • Access – View the data we hold about you
  • Rectification – Correct inaccurate or incomplete data
  • Erasure – Request deletion of your data (where legally permissible)
  • Restriction – Temporarily halt processing under certain conditions
  • Objection – To processing based on legitimate interest or direct marketing
  • Data Portability – Export your data in machine-readable format

You can exercise most of these rights directly via the Hootz app. The export feature allows you to download your financial data at any time.

To lodge a complaint, please contact our Data Protection Officer (DPO) or your local data protection authority.

7. Payment and Banking Information

Hootz does not store your credit card data or payment credentials. These are handled directly by third-party processors such as GoCardless or Plaid.

When synchronizing payment accounts:

  • Your credentials are used only during manual entry unless you explicitly opt to save them via Plaid or GoCardless.
  • These credentials are never stored by Hootz without your explicit consent.

8. Location Data

Some features may request access to your device's GPS or similar location data. You may disable this in your device settings, though it might affect app functionality.

9. Google Login and Apple Sign-In

When signing in with Google, you authorize Hootz to access your basic profile information. When using Apple Sign-In with anonymization, connecting other services (e.g. bank account, Google account) later may result in previously anonymized data being linked to your identity.

10. Technical Data

We may collect anonymized technical data such as device type, OS version, IP address, and usage statistics to:

  • Ensure security and performance
  • Analyze app usage
  • Develop new features

This data is never used to identify you personally.

11. Cookies and App Tracking

Cookies are used to:

  • Store your app settings
  • Ensure security
  • Analyze usage
  • Support ad personalization

Blocking cookies may impair functionality. We do not use third-party advertising cookies without your consent.

12. Data Security

Your personal data is stored on secure servers located within the European Union (Germany). We use encrypted SSL connections, access control, and other industry-standard safeguards. While we and our processors (AWS, Plaid, GoCardless, etc.) follow best practices, no transmission or storage system is 100% secure.

13. Children's Data

Hootz is not intended for users under the age of 16. We do not knowingly collect data from minors. If we discover such data has been collected, it will be deleted immediately.

14. Contact Information

If you have questions about your data or this Policy, please contact our Data Protection Officer (DPO):