This Privacy Policy explains how Crumina (the “Service”, “we”, “us”, “our”) collects, uses, stores, and protects your information when you use the Crumina personal‑finance application at crumina.tirtawijata.com. We are committed to data minimisation: Crumina is designed so that your financial information stays under your control and is not retained on our servers.
Crumina is operated by its developer (the “Operator”). For any privacy question, request, or complaint, contact us at privacy@tirtawijata.com. If you are in a jurisdiction that requires a designated controller or representative, the Operator acts as the data controller for the purposes of this Policy.
When you sign in with Google we receive, via OpenID Connect, your basic profile: your email address, name, and profile picture. This is used to create your session and personalise the app.
gmail.readonly)With your explicit consent, Crumina is granted read‑only access to your Gmail. Crumina queries your mailbox only for messages from financial institutions (bank and card transaction alerts and e‑statements) in order to extract the data the app displays — account balances, transactions, and the merchant/amount/date of each item. Crumina never sends, composes, modifies, deletes, or labels your email, and does not read messages outside this financial purpose.
Accounts, holdings, budgets, savings goals, statement passwords, and preferences you add manually.
Standard request metadata (e.g., IP address) used transiently for security and rate‑limiting, and data your browser stores locally (see Section 5).
We do not use your Google user data for advertising, and we do not use it to train generalised artificial‑intelligence or machine‑learning models.
Crumina’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Consistent with that policy, data obtained through Google APIs is used solely to provide and improve the user‑facing features described above; is not transferred to third parties except as necessary to provide or improve those features, to comply with applicable law, or as part of a merger/acquisition with your consent; is not used for advertising; and is not read by humans unless we have your affirmative consent, it is necessary for security/abuse investigations or to comply with law, or the data has been aggregated and anonymised.
We do not sell, rent, or trade your personal information, and we do not share it for advertising. We rely on a limited set of service providers strictly to operate Crumina:
We may disclose information if required by law, or to protect the rights, safety, and security of our users and the Service.
We apply industry‑standard safeguards, including TLS encryption in transit, AES‑256‑GCM encryption of tokens and statement passwords at rest, HMAC‑signed sessions, a strict Content‑Security‑Policy, HSTS, output encoding to mitigate cross‑site scripting, CSRF protection on the OAuth flow, and rate‑limiting. No method of transmission or storage is perfectly secure, but we work to protect your information and to limit what we hold in the first place.
Our providers (e.g., Google and the hosting provider) may process data in countries other than your own. Where required, such transfers are made under appropriate safeguards (e.g., standard contractual clauses or an adequacy mechanism).
Crumina is not directed to, and is not intended for use by, individuals under the age of 18 (or the age of majority in their jurisdiction). We do not knowingly collect data from children.
We may update this Policy from time to time. Material changes will be reflected by an updated “Last updated” date and, where appropriate, additional notice. Continued use after changes constitutes acceptance.
Questions or requests: privacy@tirtawijata.com.
← Back to Crumina