CAPITA S.R.L.
Capita / UnDrip / Privacy

Privacy Policy

UnDrip by CAPITA S.R.L.

Summary

UnDrip is built so that your bank statements never leave your iPhone. No bank login is required. No financial data is uploaded to any server. The AI that detects subscriptions runs entirely on your device.

What we do not collect

  • We never request or store your bank account credentials, online banking passwords, or one-time codes.
  • We do not connect to your bank through Plaid, MX, Finicity, or any open-banking aggregator.
  • We do not collect your name, email address, phone number, or device identifiers.
  • We do not use third-party analytics, attribution SDKs, or advertising trackers.

What stays on your device

When you import a PDF bank or credit card statement, UnDrip parses it locally and stores the resulting transactions in an encrypted SQLCipher database inside the app's iOS sandbox. The PDF you imported, every detected transaction, and every subscription pattern stay on your phone. Uninstalling the app deletes all of this data.

On-device AI

UnDrip bundles a fine-tuned language model (Gemma 3 270M, ~304 MB) and a CoreML classifier. Both run on your device's Apple Silicon. No part of your statement, no transaction text, and no detected merchant name is ever sent to a remote inference server.

In-app purchases and subscription receipts

Purchases (monthly subscription, lifetime upgrade) are handled by Apple through StoreKit. To verify an active subscription across devices, UnDrip uses RevenueCat as a subscription receipt service. RevenueCat receives the App Store transaction receipt and a randomly generated, anonymous app-instance identifier — it does not receive your name, email, Apple ID, or any data extracted from your statements. RevenueCat's role is limited to validating your purchase and unlocking the Pro entitlement on your device. See RevenueCat's privacy policy for details on their data handling.

California Consumer Privacy Act (CCPA)

If you are a California resident, the CCPA gives you certain rights. Because we do not collect personal information from you, the practical effect of these rights is as follows:

  • Right to know: we collect no personal information; there is nothing for us to disclose to you.
  • Right to delete: we hold no personal information about you. Uninstalling the app from your device deletes every piece of data UnDrip ever processed.
  • Right to opt out of sale: we do not sell, share, or rent personal information. We have nothing to opt out of.
  • Right to non-discrimination: we do not differentiate users based on the exercise of any privacy right.

GDPR compliance

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR), we inform you that the data controller is:

  • Controller: CAPITA S.R.L.
  • Registered office: Piazza Lodovico Cerva 43, 00143 Roma (RM), Italy
  • VAT / Tax ID: IT17385951003
  • REA: RM 1715127

As UnDrip processes financial data exclusively on the user's device and the controller never receives or accesses that data, no GDPR processing operation takes place under our control beyond the minimal subscription receipt described above.

Children

UnDrip is not directed to children under 13. We do not knowingly collect any data from children. The app is rated 4+ on the App Store because its content is non-objectionable, but personal financial management is intended for adults.

Changes to this policy

If our data practices change, we will update this page and revise the "Last updated" date below. Material changes will also be reflected in app release notes.

Contact

For any privacy-related questions: privacy@capita.srl

Last updated — 5 May 2026