KaijuBytes
Aninaya app icon

Aninaya Privacy Policy

Effective date: May 10, 2026  ·  Last updated: May 10, 2026  ·  Terms of Service

Short version: Aninaya processes all of your financial data entirely on your device. KaijuBytes does not operate any servers, does not collect your financial information, and is not a Personal Information Controller (PIC) under Philippine Republic Act 10173 (Data Privacy Act of 2012). Aninaya was previously published under the name KaijuFinance; the product, publisher, and privacy posture are unchanged.

1. Who we are

Aninaya is developed and published by KaijuBytes (sole trader, Orlando G. Martinez / Lanz, Philippines). Contact: kaijubytes.dev@gmail.com.

2. What data Aninaya collects — and where it stays

All personal and financial data you enter or import into Aninaya is stored exclusively on your device in an encrypted local database (SQLite with SQLCipher AES-256 encryption, keyed by your passcode). KaijuBytes never transmits, stores, or has access to your financial data.

Data type Stored where Sent to KaijuBytes?
Transaction records, account balances, budgets, categories On-device SQLite (AES-256, passcode-keyed) No
Receipt photos taken via the camera or gallery On-device app-private storage No
OCR extraction results Processed entirely on-device (MLKit, on-device SLM) No
SALN declarations On-device database; PDF/DOCX exported to your device No
Passcode / biometric key material Android Keystore (hardware-backed on supported devices) No

3. Permissions we request and why

Permission Why Can you deny it?
Camera Scan receipts via the Smart Scan feature Yes — Smart Scan will not work; all other features unaffected
Read external storage / Media (Photos) Import receipt photos from your gallery Yes — gallery picker will not work; camera path unaffected
Internet Required for: (a) downloading optional on-device AI models (Qwen2.5, Qwen3, SmolLM) on first use; (b) refreshing exchange rates (read-only public API, no PII sent); (c) Google AdMob (Free tier); (d) optional Bring-Your-Own AI requests to a third-party endpoint you configure. No financial data is sent to KaijuBytes servers. No — Android does not allow per-app Internet permission denial on modern versions
USE_BIOMETRIC / USE_FINGERPRINT Optional biometric unlock in addition to passcode Yes — passcode login still works

4. Google AdMob (Free tier only)

The Free tier of Aninaya displays advertisements served by Google AdMob. Google is the data controller for ad-targeting data collected through AdMob. KaijuBytes does not access this data. Google's privacy practices are governed by the Google Privacy Policy.

If you are in the EU, EEA, or UK, a consent dialog (Google User Messaging Platform) will appear on first launch as required by GDPR and Google's policies. You can also toggle "Personalized Ads" off in Settings → Privacy → Ad Preferences at any time.

Pro subscribers see no advertisements; AdMob is inactive on Pro-tier sessions.

5. On-device AI models

Smart Scan uses local AI models to extract transaction details from receipts:

  • MLKit Text Recognition — Google's on-device OCR API. Text is processed locally; see MLKit Terms.
  • MiniLM (sentence-transformers/all-MiniLM-L6-v2) — Open-source model (Apache 2.0), runs entirely on-device.
  • Qwen 2.5 (0.5B / 1.5B) — Apache 2.0 small language model, downloaded from a KaijuBytes-hosted CDN the first time you use Smart Scan on a supported device. The model runs locally; no receipt text is sent to any server during inference. The variant chosen depends on your device tier.

Qwen 2.5 is licensed under Apache 2.0. The model file is downloaded over HTTPS and verified by checksum before use; the download itself sends no personal data beyond the standard HTTP request your device would make for any file.

5a. On-device AI compute notice

Because the AI runs locally on your phone, it uses your device's CPU/GPU. During use the phone may warm up, and AI Chat replies can take anywhere from a few seconds to a couple of minutes depending on your device tier and the length of the reply. This is the cost of keeping your data on-device — not a defect. Indicative ranges:

  • Tier S (Snapdragon 8 Gen 3/4, flagship 2024+): about 10–30 seconds for a paragraph reply.
  • Tier A (Snapdragon 8 Gen 2, flagship 2023): about 30–60 seconds.
  • Tier B (Snapdragon 7-series, mid-range): around 1–2 minutes.
  • Tier C/D (entry-level / older): can take 2–5 minutes; the smallest model with template fallback is used to keep responses tractable.

You will see an in-app notice acknowledging this on first use of AI Chat, and Aninaya offers a "Run in background" option so you don't have to keep the screen on while waiting.

5b. Bring-Your-Own AI endpoints (opt-in)

If you connect a third-party AI provider in Settings → Integrations (your own OpenAI key, Anthropic key, hosted Ollama, LM Studio, or any OpenAI-compatible endpoint), Aninaya sends a financial context summary to that provider for each chat turn. The data leaves your device the moment you press Send. KaijuBytes never sees this traffic.

The summary may include:

  • Account names + balances
  • Net worth, income, expense, and savings rate
  • Debt detail (credit limits, utilization, monthly APR, minimum payment)
  • Salary average and frequency (auto-detected from your transactions)
  • Employer name (only if you set one in Settings → Capture & Compliance)
  • Active goals and recurring bills
  • Active travel trips and trip spending

No receipt photos, raw transactions, contact info, or passcode material are sent. Aninaya will refuse to send to a host you have not explicitly approved — toggling on "endpoint chat" with a new base URL prompts a per-host consent dialog. Loopback addresses (localhost, 127.0.0.1, ::1) are treated as on-device and skip the consent prompt.

You are responsible for understanding the receiving provider's privacy posture before enabling BYO AI. KaijuBytes makes no representations about how those providers handle the data you send them. You can revoke consent for a specific host at any time in Settings → Integrations → Approved AI hosts.

6. Data you export

When you use the backup or vault export features, Aninaya writes an encrypted file to your device (or a location you choose, such as OneDrive or a local folder). KaijuBytes does not receive this file. You are responsible for the security of any file you export to a cloud storage provider.

7. Aninaya Bridge (phone↔phone LAN sync)

Aninaya Bridge is an optional feature that lets two or more of your own devices keep their finance data in sync over your local Wi-Fi network. It is strictly peer-to-peer:

  • Devices discover each other via mDNS (_aninaya-bridge._tcp) on the same Wi-Fi network.
  • Pairing requires you to scan a QR code or enter a 6-digit code shown on the other device.
  • All sync traffic is encrypted end-to-end with mutual-TLS plus AES-256-GCM, using ed25519 keys generated on first pairing.
  • Sync only runs while the app is in the foreground on both devices.
  • No sync data ever leaves your local network. KaijuBytes operates no relay, sync, or backup servers and cannot read your synchronised data.

Bridge is included free for two paired devices. Linking a third or further device requires a Pro subscription. Pairing can be revoked from Settings → Bridge → Paired devices at any time, which immediately invalidates that peer's keys.

8. In-app purchases

Pro subscriptions are processed entirely by Google Play Billing. KaijuBytes receives only an anonymised purchase token from Google; we do not see your payment card details. See Google Payments Privacy Notice.

9. Children's privacy

Aninaya is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children.

10. Changes to this policy

If we add server-side features in a future version (e.g. cloud sync, cloud Smart Scan), we will update this policy and notify you via an in-app banner before those features go live. The updated policy will be posted at this URL with a new effective date.

11. Contact

Questions or concerns about this policy:
kaijubytes.dev@gmail.com
KaijuBytes, Philippines