Privacy Policy for Reach

Effective Date: March 23, 2026
Last Updated: March 23, 2026

Kadeem Compton ("Developer," "we," "us," or "our") operates Reach, a personal financial tracking application available on iOS and Android. This Privacy Policy explains how we collect, use, store, and protect your information when you use our app.

Reach is designed with a local-first architecture — the vast majority of your data never leaves your device. We do not operate a cloud backend, and we do not have access to your financial records.

If you have questions about this policy, contact us at [email protected].

1. Data We Collect

We organize the data associated with Reach into three categories based on where it is stored and how it is handled.

1.1 Data Stored Locally on Your Device

The following data is stored exclusively on your device using a local database. We cannot access, view, or retrieve this data.

Financial records: Transactions (amounts, descriptions, dates, notes, account references), accounts (names, types, balances), categories (names, types, icons, colors)
Planning data: Budgets (names, amounts, periods, allocation percentages, monthly snapshots), savings goals (names, targets, deadlines, contributions, status), recurring transactions (descriptions, frequencies, amounts)
Import data: Import batch records, column mappings, learned category mappings from imported CSV/Excel files
Voice input transcriptions: The text output of speech-to-text conversion, stored locally in your transaction inbox
App preferences: Theme selection, onboarding status, notification preferences, app lock settings

You control this data entirely. You can export it (CSV, Excel, or JSON backup), delete it, or remove it by uninstalling the app.

1.2 Analytics Data (Sent to PostHog)

We use PostHog, a product analytics service, to understand how Reach is used so we can improve the app. Analytics data is collected automatically in production builds.

What we collect:

Usage events: Screen navigation, feature usage milestones (e.g., first transaction recorded, activation reached, feature discovered), onboarding progress, data import completion
Aggregated properties: Total transaction count in buckets (e.g., "1-5," "6-20," "21-50," "50+"), data mode (demo or real), primary entry method, features discovered
Device metadata (collected automatically by the PostHog SDK): Operating system, OS version, device type, app version, screen dimensions, SDK version, locale/language

What we do NOT collect through analytics:

Transaction amounts, descriptions, or details
Account names or balances
Category names
Any actual financial data

Analytics data is associated with an anonymous device identifier generated by PostHog — not your name, email, or any personal account.

Provider: PostHog, Inc.
Server location: United States (us.i.posthog.com)
PostHog privacy policy: https://posthog.com/privacy

1.3 Feedback Data (Opt-In Only)

If you choose to participate in our feedback feature, we collect the following:

Name and email address (provided by you when you register for feedback)
Feedback content: Post titles, descriptions, comments, and votes
Reference identifier: A unique ID derived from your email, used to associate your feedback activity

This data is collected only when you voluntarily register for and use the feedback feature.

Provider: Self-hosted Fider instance
Server location: feedback.horizongroup.dev

2. How We Use Your Data

Data	Purpose	GDPR Lawful Basis
Local financial data	Provide core app functionality (tracking, budgeting, goal setting)	Performance of contract (Art. 6(1)(b))
Analytics data (PostHog)	Understand feature usage, identify issues, improve the app	Legitimate interest (Art. 6(1)(f))
Feedback data (Fider)	Collect and respond to user feature requests and bug reports	Consent (Art. 6(1)(a))
Voice audio (platform speech services)	Convert speech to text for transaction entry	Consent (Art. 6(1)(a))

We do NOT use your data for:

Advertising or ad targeting
Profiling for credit or financial decisions
Selling to third parties
Automated decision-making with legal or similarly significant effects

3. Third-Party Services

3.1 PostHog (Product Analytics)

PostHog receives anonymous usage events and device metadata to help us understand how Reach is used. No financial data is transmitted. PostHog processes data on servers in the United States and maintains its own privacy practices as described in its privacy policy.

3.2 Fider (Feedback Platform)

Our feedback feature is powered by a self-hosted Fider instance at feedback.horizongroup.dev. When you opt in to the feedback feature, your name, email, and feedback content are sent to this platform. We control this server.

3.3 Apple Speech Recognition (iOS)

When you use voice entry on iOS, audio is processed by Apple's Speech Recognition framework. Depending on your device and iOS version, audio may be processed on-device or sent to Apple's servers. We do not control Apple's processing of this audio. The resulting text transcription is stored only locally on your device. See Apple's privacy policy for details.

3.4 Google Speech Services (Android)

When you use voice entry on Android, audio is processed by Google's speech recognition services. Audio may be sent to Google's servers for processing. We do not control Google's processing of this audio. The resulting text transcription is stored only locally on your device. See Google's privacy policy for details.

3.5 Platform Services (Apple & Google)

Biometric authentication (Face ID, Touch ID, fingerprint): Processed entirely by your device's operating system. Reach only receives a success or failure result — we never access or store biometric data.
Local notifications: Scheduled and delivered by your device's operating system for recurring transaction reminders. No data is sent to any external server.

4. Device Permissions

Permission	Platform	Purpose
Speech Recognition	iOS	Convert voice input to text for transaction entry
Microphone	iOS, Android	Capture audio for voice-based transaction entry
Face ID	iOS	Optional app lock to protect your financial data
Biometric / Fingerprint	Android	Optional app lock to protect your financial data

All permissions are requested only when the relevant feature is first used. You can revoke any permission at any time through your device's Settings app. Revoking a permission disables the associated feature but does not affect the rest of the app.

5. Data Storage and Security

Local-first storage: All financial data is stored on your device using TinyBase, a local database. There is no cloud backend and no server-side copy of your financial records.
App lock: You can enable biometric authentication (Face ID, Touch ID, or fingerprint) to restrict access to the app.
Backups: You can create JSON backup files of your data. These backups are stored locally on your device in a location you choose. We do not have access to your backup files.
Exports: You can export transactions as CSV or Excel files with optional filters. Exported files are stored locally and shared only if you choose to share them.
Encryption in transit: Data sent to PostHog and Fider is transmitted over HTTPS (TLS encryption).
Demo mode: The app includes a demo mode that uses temporary in-memory data. No demo data is persisted or transmitted.

6. International Data Transfers

PostHog analytics data is transferred to and processed on servers in the United States. For users in the EU/EEA, this transfer is supported by Standard Contractual Clauses (SCCs) as provided by PostHog.
Speech recognition audio may be processed by Apple or Google servers located outside your country of residence, subject to their respective privacy policies and data transfer mechanisms.
Fider feedback data is processed on our self-hosted server, which may be located outside the EU/EEA.
Local data on your device is not transferred anywhere unless you explicitly choose to export or share it.

7. Your Privacy Rights

7.1 Rights Under the GDPR (EU/EEA Users)

If you are in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation:

Right of access (Art. 15): Request a copy of the personal data we hold about you.
Right to rectification (Art. 16): Request correction of inaccurate personal data.
Right to erasure (Art. 17): Request deletion of your personal data.
Right to restriction (Art. 18): Request that we restrict processing of your data.
Right to data portability (Art. 20): Receive your data in a structured, machine-readable format. For local data, you can use Reach's built-in CSV, Excel, or JSON backup export features.
Right to object (Art. 21): Object to processing based on legitimate interest (e.g., analytics).
Right to withdraw consent: You may withdraw consent for feedback participation or voice input at any time without affecting the lawfulness of prior processing.
Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your EU/EEA member state.

7.2 Rights Under the CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

Right to know: Request what personal information we collect about you and how it is used.
Right to delete: Request deletion of your personal information.
Right to opt-out of sale: We do not sell your personal information and have not done so in the preceding 12 months.
Right to non-discrimination: We will not discriminate against you for exercising any of your rights.

Categories of personal information collected in the preceding 12 months:

Category	Collected	Source	Purpose
Identifiers (anonymous device ID)	Yes	Automatically via PostHog SDK	Analytics
Personal identifiers (name, email)	Yes, opt-in only	Directly from user via feedback feature	Feedback
Internet/electronic activity (usage events)	Yes	Automatically via PostHog SDK	Analytics
Financial information	No	N/A	Stored locally only, never transmitted

Categories of personal information disclosed for a business purpose: Analytics data is disclosed to PostHog (service provider); feedback data is processed on our self-hosted Fider instance.

7.3 How to Exercise Your Rights

Local data: Use the app's built-in features to export (backup, CSV, Excel) or delete your data. Uninstalling the app removes all local data.
Analytics data (PostHog): Email [email protected] to request deletion of analytics data associated with your anonymous device identifier.
Feedback data (Fider): Email [email protected] to request deletion of your feedback account and all associated content.
Opt out of analytics: Email [email protected] and we will configure PostHog to exclude your device from data collection.

We will respond to verifiable requests within 30 days. If additional time is needed, we will notify you of the extension and the reason, up to a maximum of 45 days for CCPA requests or 90 days for GDPR requests.

8. Data Retention and Deletion

Data	Retention Period	How to Delete
Local financial data	Until you delete it or uninstall the app	Use in-app data management features or uninstall
Analytics data (PostHog)	Per PostHog's retention policies	Request deletion via [email protected]
Feedback data (Fider)	As long as the feedback platform operates	Request deletion via [email protected]
Backup/export files	Under your control	Delete files from your device storage

9. Children's Privacy

Reach is not directed at children. You must be at least 16 years old to use this app. We do not knowingly collect personal data from anyone under 16. If we learn that we have inadvertently collected data from a person under 16, we will take steps to delete it promptly. If you are a parent or guardian and believe your child has provided data to us, please contact us at [email protected].

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or on our website. The "Last Updated" date at the top of this policy will be revised accordingly. Your continued use of Reach after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Kadeem Compton
Email: [email protected]
Subject line: "Privacy Request"