Last updated: 13 July 2026
Sooma ("Sooma", "we", "us") helps you understand what is safe to spend before your next payday. This policy explains what personal data we collect, why, how we protect it, and the rights you have. We have written it in plain English on purpose.
Sooma is operated by Krystian Jureczko, an individual based in the United Kingdom, who acts as the "data controller" for the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018).
For any privacy question or request, contact: jurus92@icloud.com.
| Category | What it includes | Why |
|---|---|---|
| Account | Your name and email address, provided by Google when you sign in | To create and secure your account |
| Budget data | The income, bills, savings goals and spending you enter yourself | To calculate your Safe-to-Spend figure |
| Bank transaction data (Premium only) | Transactions and balances from bank accounts you choose to connect | To import spending automatically instead of manual entry |
| Subscription data | Your plan, status and billing dates (payments are processed by Stripe) | To manage your Premium subscription |
| Technical data | Basic request logs needed to run and secure the service | Security and reliability |
We do not collect your bank login details. When you connect a bank, you authenticate directly with your bank through our regulated open-banking provider (TrueLayer). Sooma only ever receives read-only transaction data — it can never move or spend your money.
We do not sell your data. We share the minimum necessary with the service providers ("processors") that make Sooma work:
| Provider | Purpose |
|---|---|
| Supabase | Secure database and sign-in |
| "Sign in with Google" authentication | |
| TrueLayer | Regulated open-banking connection (Premium bank sync) |
| Stripe | Subscription payments (Stripe handles card details; we never see your full card number) |
| Render | Application hosting |
We may also disclose data if required by law.
We keep your data while your account is active. If you disconnect a bank, we stop receiving new transactions from it. If you delete your account, we delete your personal data from our systems within 30 days, except where we must keep limited records (for example, for tax or fraud-prevention purposes).
Under UK data protection law you have the right to access, correct, delete, or export your data, to restrict or object to processing, and to withdraw consent. To exercise any of these, email jurus92@icloud.com. You also have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk.
Sooma is not intended for anyone under 18, and we do not knowingly collect data from children.
If we make material changes, we will update this page and the "last updated" date. Continued use of Sooma after a change means you accept the updated policy.
Questions or requests: jurus92@icloud.com.