Holdary
Download

Privacy Policy

Last updated: 2026-05-15

What data we collect

Holdary has no user accounts and no backend database of our own that retains your financial data. Your accounts, snapshots, holdings, and trade notes live on your device and in your personal iCloud by default, and we do not read your balance history or trade-note content from any server.

Market-data lookups, symbol search, and crash diagnostics leave your device in the background. In addition, when you explicitly use brokerage-screenshot import or natural-language quick-add, the relevant content is sent to a third-party AI service for transient processing and then discarded. The exact fields sent — and the fields that are never sent — are listed under Third-party services below.

How data is stored

All Holdary data — accounts, snapshots, holdings, trade notes — is stored locally on your device using Apple’s SwiftData framework, which is a typed wrapper over a private SQLite database in the app’s sandbox.

If you choose to back up your data, Holdary writes a snapshot file to your own iCloud Drive (under a Holdary container in your personal iCloud account). We do not own this storage; only you and Apple can access it. Holdary never uploads your backup to any third party.

Third-party services

Holdary relies on the following third parties, each scoped to a specific narrow purpose. Where requests pass through a Holdary-operated backend (market data, search, screenshot OCR, quick-add parsing), only the necessary payload is forwarded — never your balances, snapshot history, or trade-note content. Backend logs may include request metadata such as URL paths, response codes, durations, and the operational parameters in the URL (ticker symbols, currency codes, and search-query text) for debugging and abuse prevention; they are retained only for normal operational windows and are not used for tracking.

  • Apple iCloud (your own iCloud account) — Optional storage of your Holdary backup file. Only you and Apple can access it. Apple’s privacy policy applies: https://www.apple.com/legal/privacy/.
  • Market-data provider — Source of stock, ETF, and currency price data. Requests carry ticker symbols or short search-query text (e.g. a company name you typed into search). No balances, account names, holdings, or user identifiers are included.
  • Google Gemini API — Invoked in two cases. (a) When you import a brokerage screenshot, the image is sent for OCR and holdings extraction. (b) When you use natural-language quick-add, your typed entry (e.g. “信用卡 -3000 yesterday”) and the list of your account names, institutions, types, and notes is sent so the model can match the entry to the right account. In neither case are your balances, snapshot history, or trade-note content sent. Google processes the request and discards it within their standard transient processing window, and requests are used only for serving the response — not for training general-purpose AI models. Google’s API privacy terms apply: https://ai.google.dev/terms.
  • Firebase Analytics & Remote Config (Google) — Collects anonymous usage events such as snapshot_created, account_created, and backup_created, along with standard Firebase telemetry (app version, OS version, device model, locale, session counts, Firebase Instance ID). Remote Config fetches feature-flag values to enable or disable features without a new app release. No balances, account names, amounts, or holdings are sent. We use this only to understand which features are used and to spot regressions. Google’s Firebase privacy terms apply: https://firebase.google.com/support/privacy.
  • Firebase Crashlytics (Google) — Anonymous crash diagnostics; see Crashlytics below.

Crashlytics

Holdary uses Firebase Crashlytics (a Google service) to receive anonymous crash diagnostics. When the app crashes, Crashlytics may report:

  • The crash stack trace
  • Device model and iOS version
  • App version
  • Anonymous breadcrumb logs of the actions immediately preceding the crash

Crashlytics does not receive any of your financial data — no account names, balances, holdings, or trade notes. The breadcrumb logs are deliberately scoped to operation history (e.g. “backup started”, “import completed”).

Deleting your data

Because Holdary stores your data only on your device and in your personal iCloud by default, you can delete it at any time by:

  • Deleting the app
  • Clearing data from within the app
  • Deleting any Holdary backup files you exported yourself

Once deleted, we have no way to access or recover your data.

Not investment advice

The data, analysis, and valuations Holdary provides are for personal record-keeping only and do not constitute investment, financial, or trading advice.

Children

Holdary is not directed at children under 13, and we do not knowingly collect any data from children.

Contact

Questions about this policy or about the data Holdary handles? Email [email protected].

Policy updates

We may update this privacy policy from time to time. The date at the top of this page is the source of truth for when this policy was last revised.