Privacy Policy
Last updated: March 24, 2026
Phosphor ("we," "us," or "our") is a personal finance application developed by an independent developer based in Canada. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
By using our website or app, you agree to the practices described below. If you do not agree, please do not use our services.
1. Information We Collect
Email address — When you join our waitlist, we collect your email address so we can notify you when Phosphor launches.
On-device financial data — When you use the Phosphor app, your financial entries (income, expenses, transfers, categories, etc.) are stored locally on your device. This data is not transmitted to our servers unless you explicitly choose to enable cloud sync in the future.
Automatically collected data — We may collect basic, anonymized usage analytics (e.g., app opens, feature usage) to improve the product. We do not collect personally identifiable information through analytics.
2. How We Use Your Information
- To send you a notification when Phosphor launches (waitlist emails only)
- To provide and improve app functionality
- To understand how the app is used so we can make it better
We will never sell your personal information to third parties.
3. Third-Party Services
We use the following third-party services that may process your data:
- Loops (privacy policy) — Processes waitlist email addresses on our behalf. Loops acts as a data processor under our instructions.
We require all third-party processors to handle your data in accordance with applicable privacy laws.
4. Data Storage & Security
Financial data stays on your device. Phosphor is designed with privacy at its core. Your financial entries, categories, and personal data are stored locally on your phone and are never sent to our servers unless you explicitly opt into a future cloud sync feature.
Waitlist email addresses are stored by our email service provider (Loops), whose servers are located in the United States. We take reasonable measures to protect your information, but no method of transmission over the internet is 100% secure.
5. International Data Transfers
We are based in Canada. If you are located outside of Canada (including the EU/EEA), your email address may be transferred to and processed in the United States through our third-party email service. These transfers are conducted in compliance with applicable data protection laws, including through standard contractual clauses where required.
6. Your Rights
Depending on where you live, you may have the following rights regarding your personal information:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate data
- Deletion — Request that we delete your personal data
- Withdrawal of consent — Withdraw your consent at any time (e.g., unsubscribe from the waitlist)
- Data portability — Request your data in a portable format (EU/EEA residents)
- Complaint — Lodge a complaint with your local data protection authority
For Canadian residents, you may contact the Office of the Privacy Commissioner of Canada. For EU/EEA residents, you may contact your local supervisory authority.
To exercise any of these rights, contact us at hello@yumolab.com.
7. Data Retention
We retain your email address for as long as you remain on our waitlist or mailing list. You can unsubscribe at any time using the link in any email we send, and we will delete your email address within 30 days.
On-device financial data is retained on your device until you delete it or uninstall the app. We have no access to this data.
8. Consent & Email Communications
By submitting your email through our waitlist form, you provide express consent to receive email communications from us about Phosphor. In compliance with Canada's Anti-Spam Legislation (CASL), we will only send you emails you've consented to receive. Every email includes an unsubscribe link.
9. Children's Privacy
Phosphor is not directed at children under the age of 13 (or 16 in the EU/EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.
10. Do Not Track
Some browsers send a "Do Not Track" signal. We currently do not respond to DNT signals, as there is no industry-wide standard for compliance. However, we limit data collection to what is described in this policy.
11. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page. We encourage you to review this policy periodically.
12. Contact Us
If you have questions about this Privacy Policy or your personal data, contact us at: