Ir al contenido
Walu

Privacy Policy

Last updated: May 2026

Who We Are

Walu is a personal and family finance management web application operated by Alan Fuentes, trading as tracegazer.dev ("we", "our", "us"), based in Buenos Aires, Argentina. Our website is usewalu.com.

We built Walu to help individuals and families take control of their finances. We believe your financial data is deeply personal, and we treat it accordingly.

What Data We Collect

We collect only the data necessary to provide and improve the Walu service:

Account information

  • Email address (required for registration and login)
  • Display name (chosen by you during onboarding)
  • Avatar URL (if you sign in with Google)
  • Timezone and locale preferences

Financial data you enter

  • Bank accounts, cash accounts, savings accounts, and credit cards you create
  • Transactions, budgets, goals, categories, and tags
  • Any other financial information you voluntarily enter into the service

What we do NOT collect

  • We do not connect to your bank accounts. All financial data is entered manually by you.
  • We do not collect your bank credentials, account numbers, or any data from financial institutions.
  • We do not use tracking cookies, advertising pixels, or analytics that identify you personally.

How We Use Your Data

Your data is used solely to provide the Walu service. Specifically:

  • To create and manage your account
  • To store and display your financial records
  • To calculate balances, budgets, goals, and reports
  • To send transactional emails (password resets, account verification)
  • To process subscription payments through our payment processor

We do not sell, rent, share, or monetize your personal or financial data. We do not use your data for advertising. We do not provide your data to third parties for their marketing purposes.

Legal Basis for Processing

We process your personal data under the following legal bases as defined by GDPR Article 6:

  • Contract Performance — Processing necessary to provide the Walu service, including account creation, data storage, and subscription management.
  • Consent — For optional communications such as product updates and newsletters. You may withdraw consent at any time.
  • Legitimate Interest — For security measures, fraud prevention, service improvement, and analytics that do not override your fundamental rights.

Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase on AWS infrastructure. We implement multiple layers of security:

  • Row Level Security (RLS)— Every table with user data has database-level security policies. Your data is isolated at the PostgreSQL level, meaning even a bug in our application code cannot expose another user's data.
  • Encryption in transit — All connections use HTTPS/TLS. Data is encrypted between your browser, our servers, and our database.
  • Encryption at rest — Database storage is encrypted at rest on AWS infrastructure.
  • Authentication — Sessions are managed via secure, httpOnly cookies with JWT tokens provided by Supabase Auth.

Third-Party Services

We use the following third-party services to operate Walu:

  • Supabase — Authentication, database hosting, and storage. See their privacy policy.
  • Paddle — Payment processing. Paddle acts as our Merchant of Record, meaning they handle billing, tax collection, and refunds on our behalf. When you subscribe to a paid plan, Paddle processes your payment information directly. We do not store your credit card details. See their privacy policy.
  • MercadoPago — Alternative payment processing for Latin American users. See their privacy policy.
  • Resend — Transactional email delivery (password resets, verification emails). See their privacy policy.
  • Cloudflare — DNS, CDN, and web application firewall. Cloudflare may process your IP address and request metadata for security and performance purposes. See their privacy policy.
  • Google OAuth— If you choose to sign in with Google, Google shares your email address and profile name with us. We do not access any other Google data. See Google's privacy policy.

Cookies

Walu uses a minimal number of cookies, all essential to the service:

  • Authentication session — Secure cookies that keep you logged in. These are httpOnly and cannot be accessed by JavaScript.
  • Locale preference — Stores your language choice (e.g., English, Spanish).
  • Theme preference — Stores your light/dark mode choice.

We do not use tracking cookies, advertising cookies, or any third-party cookies for analytics or marketing purposes.

As we only use essential cookies required for the functioning of the Service (authentication, preferences), we do not require cookie consent under the ePrivacy Directive or GDPR regulations.

Data Retention

We retain your data for as long as your account is active. If you delete your account, all your personal and financial data is permanently deleted from our database within 30 days. Backups containing your data are automatically purged within 90 days.

Billing and transaction records processed by Paddle (our Merchant of Record) are retained by Paddle in accordance with their data retention policies and applicable tax regulations. We do not control Paddle's data retention practices.

Your Rights

You have the following rights regarding your data:

  • Access — You can view all data stored in your account at any time through the Walu interface.
  • Export — You can export all your financial data in CSV format at any time from the Settings page.
  • Correction — You can edit any of your data directly in the application.
  • Deletion — You can delete your account and all associated data from the Settings page. This action is irreversible.
  • Portability — Your exported data is in standard formats (CSV) that can be imported into other tools.

If you need assistance exercising any of these rights, contact us at [email protected].

Children's Privacy

Walu is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you believe a child under 16 has created an account, please contact us at [email protected] and we will promptly delete the account and all associated data.

International Data Transfers

Walu is operated from Argentina. Your data may be processed and stored in the United States (where our database infrastructure is hosted) and other countries where our service providers operate. By using Walu, you consent to the transfer of your data to these countries. We ensure that all service providers maintain appropriate data protection standards.

Changes to This Policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you by email and/or by displaying a prominent notice within the application. Your continued use of Walu after changes take effect constitutes your acceptance of the revised policy.

Contact Us

If you have any questions about this privacy policy or how we handle your data, please contact us:

For all data protection inquiries, including requests to exercise your rights under GDPR or applicable privacy laws, contact our privacy contact at [email protected].