Privacy Policy

Broke is operated by Brainexy, based in the United Arab Emirates. This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with the UAE Personal Data Protection Law (PDPL) — Federal Decree-Law No. 45 of 2021.

We collect the following categories of personal data:

• Account data: username, email address, password (stored as a one-way hash).
• Financial data: expense records, account balances, credit card entries, budgets, assets, and liabilities that you manually enter or import.
• SMS data: if you enable SMS parsing via our mobile companion, raw SMS text from financial institutions is processed to extract transaction details.
• Usage data: timestamps, feature interactions, subscription status.
• Device/communication data: Telegram user ID (if you connect the Telegram bot).
• Consent record: the date and time you accepted these terms.

Your data is used solely to:

• Provide and improve the Broke application and its features.
• Process subscription payments through Ziina.
• Power the AI Financial Advisor (data is sent to OpenAI for processing).
• Send Telegram notifications if you have connected the bot.
• Detect spending anomalies and send budget alerts.
• Comply with legal obligations under UAE law.

We do not sell your personal data to any third party.

We share limited data with the following processors solely to deliver the service:

• Ziina — payment processing. Only the data required to complete the transaction is shared. We do not store card details.
• OpenAI — AI Financial Advisor. Expense summaries and chat messages may be sent to OpenAI for processing. OpenAI's privacy policy applies to that data.
• Telegram — bot notifications. Your Telegram user ID and the notification content are processed by Telegram if you enable this feature.

We retain your personal data for as long as your account is active. If you delete your account, your data will be removed from our systems within 30 days, except where retention is required by UAE law (e.g., financial records required for regulatory purposes).

Under the UAE Personal Data Protection Law you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your data (right to erasure), subject to legal retention obligations.
• Withdraw consent at any time (this will result in account deactivation).
• Object to certain types of processing.

To exercise any of these rights, email us at support@brainexy.com. We will respond within 30 days.

We implement industry-standard security measures including password hashing (bcrypt), short-lived JWT tokens, HTTPS-only communication, and access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

Broke is not intended for anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has registered, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use after the effective date constitutes acceptance.

Brainexy is the data controller for the purposes of UAE PDPL.
Email: support@brainexy.com