Kronkoll

Privacy

Privacy Policy

Effective 9 July 2026 · Controller: CHK GmbH, Lucerne, Switzerland · privacy@kronkoll.com

Kronkoll is built so your financial data stays yours. This policy explains what data the app handles, where it lives, and your rights under the EU GDPR and the Swiss FADP.

Your expense data stays in your iCloud

Expenses, budgets, income settings, receipts you attach, and shared lists are stored on your device and in your personal iCloud account (Apple CloudKit). Shared lists live in CloudKit shared zones visible only to the members you invite. CHK GmbH has no access to your CloudKit data and cannot read your expenses. Kronkoll requires no bank login and never connects to your bank.

AI receipt and voice parsing

When you scan a receipt, import receipt images, or capture an expense by voice or text, the receipt image or transcribed text is sent over an encrypted connection to a parsing service operated by CHK GmbH (hosted on Vercel, EU region), which forwards it to OpenAI's API to extract the amount, merchant, date, and line items. This data is processed to return your result and is not stored by CHK GmbH. Per OpenAI's API terms, submissions are not used to train models and are retained by OpenAI for up to 30 days for abuse monitoring, then deleted. Speech-to-text for voice capture runs on your device (Apple speech recognition); only the resulting text is sent for parsing.

The friends directory

Kronkoll requires no sign-up. If you never set a nickname, no data about you is stored on our servers at all. When you choose a nickname to be findable by friends, Kronkoll operates a small directory service (hosted on Vercel and Neon, EU region — Frankfurt) storing: your chosen nickname and display name, your Apple CloudKit user identifier, a hashed device credential, and pending invites (list name, inviter, share link). This is the only personal data CHK GmbH stores. You can delete your directory profile at any time in the app or by emailing us; deletion removes your nickname, identifier, and pending invites from our servers. Your expenses and receipts are never on our servers — they live in your own iCloud.

What we don't do

No advertising, no ad SDKs, no analytics SDKs, no tracking across apps or websites, no sale or sharing of personal data, no profiling. Exchange rates are fetched from public European Central Bank data without sending any personal data.

Legal bases & your rights (GDPR / FADP)

We process directory data to provide the service you request (Art. 6(1)(b) GDPR) and AI-parsing data on the same basis. You have the right to access, rectify, export, and erase your data, and to lodge a complaint with a supervisory authority. For anything in your iCloud, Apple's terms and your Apple ID controls apply; for directory data, contact us or use in-app deletion. We retain directory data until you delete it; server logs are retained briefly for security.

Children

Kronkoll is not directed at children under 13.

Changes

We'll update this page and the effective date when the policy changes materially.