Bolso
Privacy · v1No trackers · No analytics

Bolso Privacy Policy

Last updated: May 19, 2026 Version: 1.0

Three-line summary

  1. Bolso is a personal-finance app that runs on your iPhone. We have no server. Your data lives on your device and, if you turn iCloud on, in your own iCloud account.
  2. No tracking, no analytics, no data sale. No financial information, attachment or preference is ever sent to us or to any third party.
  3. You are in full control. Export, delete, disable sync or leave a family share at any time — without contacting us.

1. Who we are

Bolso is an iOS app maintained by the team behind Bolso, in Portugal.

For privacy-related questions please reach out at privacy@getbolso.com (public email).

2. What data the app processes

The app processes only data you enter or generate yourself. We never collect anything about you that you do not explicitly type, photograph or authorise.

2.1 Financial data you enter

  • Records (expenses, income and account-to-account transfers)
  • Scheduled payments and recurrences
  • Accounts (name, bank, balance, currency, icon)
  • Payees (name, contact details, account number, notes)
  • Categories and subcategories
  • Budgets, budget alerts and monthly overrides
  • Shared expenses (payer, participants, percentages/amounts)

2.2 Attachments (receipts)

  • Each record accepts up to 5 attachments, 10 MB each at most.
  • Images are normalised to JPEG; PDFs are preserved.
  • Text recognition (OCR) runs entirely on your iPhone with Apple's Vision framework, in European Portuguese and English. Attachments never leave your device or your iCloud account.

2.3 Local preferences

  • Visual theme (light/dark/system)
  • Bookkeeping month start day
  • Haptic toggle
  • Preferred forecast period
  • Last-used account
  • Profile name (used only for identification within family sharing, if you opt in)

These preferences always stay private to your device, even when family sharing is active.

2.4 Trial state

The first time you launch Bolso, the app stores in your iPhone's Keychain the start date of your local 7-day trial. This value is only used to compute when the trial ends — it never leaves the device and is never shared.

3. Where the data lives

3.1 On your iPhone

By default, all of the above is stored locally on your device, encrypted by the operating system whenever the iPhone is locked.

3.2 In your iCloud account (if enabled)

If iCloud sync is on in iOS Settings, financial data (excluding the local preferences listed in 2.3) is synced into your own private iCloud account, in the iCloud.com.fabiogomes.bolso container.

  • Sync is handled directly by Apple through CloudKit.
  • We never have access to that iCloud account or to your data. Apple applies end-to-end encryption to private CloudKit zones.
  • If you disable iCloud, the app keeps working with the local data. If you toggle it back on, Apple resyncs from your account.

3.3 In family sharing (if enabled)

Family sharing relies on CKShare, Apple's CloudKit sharing primitive. When you share your workspace with someone:

  • A private invitation is created. Only people with the link can accept it, and you, as the owner, can revoke it at any time.
  • Only financial data flagged as shareable is visible — personal preferences (theme, profile, forecast) stay private to each participant.
  • The owner's Bolso Pro subscription covers the family's edit access to the shared workspace. If the owner's subscription lapses, participants drop to read-only until it is renewed.
  • To leave the share, you can end it from Bolso Settings or from iOS Settings > iCloud.

The app never makes lists, aggregates or reports about the people sharing with you available to anyone outside that share.

4. Permissions the app asks for

4.1 Camera

  • Purpose: scan receipts as attachments to records.
  • Only when: you tap "Add attachment > Take photo".
  • Authorisation prompt: The camera is used to scan receipts and attach them to your records.

4.2 Face ID / Touch ID

  • Purpose: optional, you enable it under Settings > Security.
  • Who handles it: Apple's LocalAuthentication framework. Biometric data never leaves the Secure Enclave on your iPhone — the app only receives an "authenticated / not authenticated" signal.
  • If you disable biometrics in iOS Settings, Bolso's lock turns itself off safely and the app remains accessible without it.

4.3 Notifications

  • Purpose: receive CloudKit pings when there is pending sync. Notifications never contain financial data, only an indication that there are changes to fetch.
  • You can disable them in Settings > Notifications > Bolso.

4.4 iCloud

  • Purpose: sync and family sharing (section 3).
  • How you control it: Settings > iCloud > Bolso (in iOS) or in the app's settings.

5. In-app purchases

The Bolso Pro subscription (monthly or yearly) is processed by Apple's App Store through the StoreKit 2 framework.

  • We never receive, see or store your payment data (card, IBAN, tax ID, billing address). All of that is handled by Apple.
  • The app only receives an "is subscription active or not" signal from Apple, the minimum required to unlock Pro features.
  • Restores use AppStore.sync(). We do not bill anyone directly.

The 7-day trial is app-managed (it does not go through the App Store), keeping only the start date in the device Keychain (section 2.4).

6. No tracking, no analytics, no third-party sharing

The app:

  • Does not use third-party analytics, tracking or crash-reporting SDKs.
  • Does not send HTTP requests to external domains. All communication goes through Apple frameworks (CloudKit, StoreKit) and stays between your iPhone and your Apple account.
  • Does not use advertising identifiers (IDFA), fingerprinting, cookies, web beacons or any equivalent technique.

The PrivacyInfo.xcprivacy shipped with the app explicitly declares:

  • NSPrivacyTracking: false
  • NSPrivacyTrackingDomains: empty
  • NSPrivacyCollectedDataTypes: empty
  • Only Required Reason API declared: UserDefaults (reason CA92.1 — store user preferences)

7. Exercising your rights (GDPR)

Even though you do not have an account with us, we honour the rights granted by the EU General Data Protection Regulation:

RightHow to exercise
Access and portabilitySettings > Export data → JSON or XLSX (attachments included)
RectificationEdit directly in the app — every field is editable
ErasureSettings > "Delete all data" (local + iCloud), end family sharing, or remove Bolso from your iCloud account in Settings > iCloud > Manage Account Storage
Objection / restriction of processingDisable iCloud, leave family sharing and/or delete the app
Withdraw consentAt any time, with immediate effect and at no cost

Because we have no server, there is no formal "request" to file with us — control sits entirely on your Apple account and inside the app. If you still want to validate conduct, write to privacy@getbolso.com and we will reply within 30 working days (the GDPR limit).

You also have the right to lodge a complaint with the Portuguese supervisory authority, the Comissão Nacional de Proteção de Dados (CNPD)www.cnpd.pt.

8. Data retention

Data exists for as long as you keep it. Because it lives on your device and/or in your iCloud account, retention is fully under your control:

  • If you delete the app: iOS removes the local data.
  • If you delete Bolso from your iCloud account: Apple removes the synced data.
  • If you use the app's "Delete all data" action: it wipes both local and iCloud.

We keep no copies on any server, because we have no server.

9. Children

Bolso is intended for users aged 4 and over (App Store rating). It does not knowingly collect or request personal data from children under 13. If a child in that range is using the app, we recommend setup happens with adult supervision — the app only processes data that is entered manually.

10. Security

  • The app honours the iOS security model: in-transit and at-rest encryption (CloudKit), Secure Enclave protection for biometrics, and the proper Data Protection Class applied to the Keychain and the local database.
  • In shared zones (Family Sharing), Apple validates access; only active participants whose invitations were accepted can read or write.
  • We never ask for passwords or financial data via email, social media or support channels. If you receive a message claiming to come from us asking for any of those, do not reply.

11. Changes to this policy

If the way the app handles data changes in a material way (e.g. adopting a new service, integrating with a third party, or processing new data types) we update this page and bump the version (field at the top). For meaningful changes we also notify you through the app itself before the new version takes effect.

12. Contact

Related