Privacy Policy

Last updated: February 2026

1. Introduction

Restio ("we", "us", or "our") operates the Restio mobile application (the "App") and the website restio.io (the "Website"). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our services.

2. Data Controller

The data controller is:
Restio
Email: info@restio.io

3. Data We Collect

3.1 Account Data

  • Email address
  • Authentication data (encrypted)

3.2 Financial Data

  • Expense and income entries (amount, description, date, category)
  • Tax-relevant information
  • Tax profile (tax class, income, employment status, etc.)

3.3 Media

  • Receipt photos and scanned documents
  • Photographed letters (e.g., from the Finanzamt)

3.4 Chat and AI Data

  • Messages sent to the AI tax expert
  • Preferences and rules stored by the AI memory agent

3.5 Technical Data

  • Device type and operating system
  • App usage data (anonymized)
  • Error reports (anonymized)

3.6 Website Data

  • The website restio.io does not use cookies and does not collect personal data
  • Standard server log data is collected when visiting the website (IP address, timestamp, page visited)

4. Purpose of Data Processing

We process your data for the following purposes:

  • Providing and managing your account
  • Storing and managing your expense and income entries
  • AI-powered tax guidance and refund estimates (via 7 specialized AI agents)
  • Monitoring tax-relevant thresholds and deadlines (Guardian feature)
  • Receipt capture via OCR recognition
  • Generating reports and analytics
  • Improving our services
  • Customer service and support

5. Legal Basis

Processing is based on:

  • Art. 6(1)(b) GDPR (Contract performance)
  • Art. 6(1)(a) GDPR (Consent)
  • Art. 6(1)(f) GDPR (Legitimate interests)

6. Data Storage

6.1 Storage Location

Your data is stored on Google Firebase servers in the European Union.

6.2 Retention Period

  • Account data: until account deletion
  • Expense and income data: until manual deletion by you
  • Receipt photos and documents: until manual deletion
  • Chat history and AI memory: until manual deletion or account deletion

7. Data Sharing

We only share your data in the following cases:

  • With Google Firebase (hosting, authentication, data storage)
  • With RevenueCat (subscription management)
  • With OpenAI (processing AI requests — your data is sent contextually to generate relevant responses; OpenAI does not store this data for its own training)
  • When required by law

8. Your Rights

You have the following rights:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object (Art. 21 GDPR)

To exercise your rights, contact us at info@restio.io.

9. Data Security

We implement technical and organizational measures:

  • Encrypted data transmission (TLS/SSL)
  • Encrypted data storage
  • Access control and authentication
  • Regular security audits

10. Cookies and Tracking

The App and Website do not use cookies or tracking. We do not use third-party analytics or advertising tools.

11. Minors

Our services are not intended for persons under 16 years of age. We do not knowingly collect data from minors.

12. Changes

We reserve the right to update this Privacy Policy. Material changes will be communicated through the App and on the Website.

13. Contact

For privacy-related questions, contact us at:
info@restio.io

14. Right to Complain

You have the right to lodge a complaint with a data protection supervisory authority.