Privacy Policy

Last updated: 6 June 2026

Pre-launch note: This policy reflects Bullio v1.0 at the time of writing. Some features described (crash reporting, subscriptions) are not yet fully active in the current build. This policy will be reviewed and updated before each feature goes live.

1. Who we are

Bullio is the trading name of the developer of the Bullio portfolio tracking app for iOS and Android. We are based in Queensland, Australia. Contact: support@getbullio.app.

2. What data we collect

Data that stays on your device (never sent to us)

All portfolio data is stored locally in a SQLite database on your device. This includes:

Holdings — metal type, purity, weight, cost basis, labels, notes, storage location
Transactions — buy and sell records, prices paid, fees, realised P&L
Realised sales history
Holding photos — stored as local file references only. Photos are never uploaded.
Portfolio value history
App settings — home currency, biometric lock preference, screenshot-safe mode

An install_id (a random UUID generated at first launch) and install_date are stored locally in the database. These are device-local identifiers and are not transmitted to our servers in routine operation.

Data sent to our servers

When you request a price update, your app sends:

Your selected currency (e.g. "AUD")
The metals you are tracking (e.g. "AU", "AG")

No portfolio values, holding counts, purchase prices, or any financial data are included in price requests.

When validating a premium subscription, your app sends:

An anonymous device identifier
Your App Store or Google Play purchase receipt token

No name, email, or portfolio data is sent during subscription validation.

Crash reports

Bullio uses Sentry for anonymised crash reporting. When a crash occurs, a report is sent containing the error type, source file name, and line number. No portfolio values, no personally identifiable information, and no financial data are included. Sentry is configured with a beforeSend hook to strip any inadvertently captured identifiers.

Note: crash reporting is not yet active in all build configurations. This section will be confirmed before launch.

Analytics

We do not currently collect analytics. Analytics functionality is stubbed in the app with PII guards, but no analytics SDK is active. This section will be updated if and when analytics are introduced.

3. Third-party services

The following third-party services receive data in connection with operating Bullio:

Service Data received

Metals.Dev Privacy policy ↗

Currency code, metal identifier — no portfolio data

ExchangeRate-API Privacy policy ↗

Currency pair request — no portfolio data

RevenueCat Privacy policy ↗

Anonymous device identifier + App Store/Play receipt Not yet active in v1.0 — wired at subscription launch

Sentry Privacy policy ↗

Error type, file name, line number — identifiers stripped Verify beforeSend hook is active in native build before publishing

Cloudflare Privacy policy ↗

Standard server logs including IP addresses in transit

Apple App Store / Google Play

Governed by Apple and Google policies

4. Device permissions

Camera and photo library

Used only when you choose to add a photo to a holding. Photos are stored locally on your device. Bullio never uploads photos to our servers.

Biometric authentication (Face ID / Touch ID)

Used only for app lock when you enable it in Settings. Biometric data never leaves your device — biometric verification is handled entirely by the iOS or Android operating system. Bullio never has access to raw biometric data.

5. Data backup

When you initiate a backup in Settings, your device writes a copy of the local SQLite database directly to iCloud Drive (iOS) or Google Drive (Android). Bullio's servers are not involved in this process.

Important: Backup files are plain SQLite database files and are not currently encrypted. They contain your full portfolio data including holdings, transactions, and financial values. Treat backup files as sensitive and store them in a secure location. Encrypted backups are planned for a future version.

6. Data retention

All your data lives on your device. Deleting the app from your device deletes the local database. Backup files you have saved to iCloud Drive or Google Drive are under your control and are managed through those platforms.

Bullio holds no copy of your portfolio data and has nothing to delete on your behalf.

7. Your rights

Because your portfolio data never leaves your device, you already hold it in full. To export a portable copy: Settings → Export → CSV. This is always available at no cost, on every version.

For any other privacy queries, email support@getbullio.app. We will respond within a reasonable time.

8. Children

Bullio is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has provided personal data to us, please contact us and we will take appropriate action.

9. Changes to this policy

Material changes to this privacy policy will be announced in-app before they take effect. The "last updated" date at the top of this page will be updated with each revision.

10. Contact

For privacy questions or concerns:
support@getbullio.app

This policy has been written to accurately reflect the current state of the Bullio codebase and will be reviewed by a legally-qualified person before the app is publicly released.