Sooma ← Back

Privacy Policy

Last updated: 13 July 2026

Sooma ("Sooma", "we", "us") helps you understand what is safe to spend before your next payday. This policy explains what personal data we collect, why, how we protect it, and the rights you have. We have written it in plain English on purpose.

The short version: We only collect what the app needs to work. We never sell your data or share it with advertisers. Your bank login credentials are never seen or stored by Sooma. You can disconnect your bank or delete your account at any time.

1. Who is responsible for your data

Sooma is operated by Krystian Jureczko, an individual based in the United Kingdom, who acts as the "data controller" for the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018).

For any privacy question or request, contact: jurus92@icloud.com.

2. What data we collect

CategoryWhat it includesWhy
AccountYour name and email address, provided by Google when you sign inTo create and secure your account
Budget dataThe income, bills, savings goals and spending you enter yourselfTo calculate your Safe-to-Spend figure
Bank transaction data (Premium only)Transactions and balances from bank accounts you choose to connectTo import spending automatically instead of manual entry
Subscription dataYour plan, status and billing dates (payments are processed by Stripe)To manage your Premium subscription
Technical dataBasic request logs needed to run and secure the serviceSecurity and reliability

We do not collect your bank login details. When you connect a bank, you authenticate directly with your bank through our regulated open-banking provider (TrueLayer). Sooma only ever receives read-only transaction data — it can never move or spend your money.

3. How your data is stored

4. Who we share data with

We do not sell your data. We share the minimum necessary with the service providers ("processors") that make Sooma work:

ProviderPurpose
SupabaseSecure database and sign-in
Google"Sign in with Google" authentication
TrueLayerRegulated open-banking connection (Premium bank sync)
StripeSubscription payments (Stripe handles card details; we never see your full card number)
RenderApplication hosting

We may also disclose data if required by law.

5. Legal bases for processing

6. How long we keep it

We keep your data while your account is active. If you disconnect a bank, we stop receiving new transactions from it. If you delete your account, we delete your personal data from our systems within 30 days, except where we must keep limited records (for example, for tax or fraud-prevention purposes).

7. Your rights

Under UK data protection law you have the right to access, correct, delete, or export your data, to restrict or object to processing, and to withdraw consent. To exercise any of these, email jurus92@icloud.com. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.

8. Children

Sooma is not intended for anyone under 18, and we do not knowingly collect data from children.

9. Changes to this policy

If we make material changes, we will update this page and the "last updated" date. Continued use of Sooma after a change means you accept the updated policy.

10. Contact

Questions or requests: jurus92@icloud.com.