Last updated: May 2026
Welmio is not a bank, financial institution, financial advisor, tax advisor, accounting service or commercial managed service. Do not store highly sensitive information that you do not need inside the app.
1. Data controller
Welmio is operated by Welmio developer as a personal portfolio and source-available project. For privacy requests, you can contact the controller at privacy@welmio.dev.
2. What Welmio is
Welmio is a real personal finance management app built as a professional portfolio project. It is not a commercial product, bank, financial institution, financial advisory service, tax advisor or accounting service. The source code may be publicly available under a non-commercial license.
3. Portfolio and self-hosted context
Welmio is provided as a portfolio project and not as a commercial managed service. The main app infrastructure is self-hosted in a homelab located in Spain, so availability, monitoring and operational guarantees may be more limited than in a commercial cloud service. Avoid storing highly sensitive information that you do not need in the app.
4. Data we collect
We collect the information needed to create and use your account: name, email address, encrypted password, optional phone number, optional date of birth, avatar preferences, accounts, categories, transactions, goals, contributions and app settings. We may also process basic technical data such as IP address, request logs, device/browser information and security events.
5. Why we use your data
We use your data to create and secure your account, authenticate you, verify your email, let you manage your financial records, calculate summaries and analytics, recover your password, send account-related emails, prevent abuse and keep the service working reliably.
6. Legal basis
The main legal basis is the provision of the service requested by the user when creating and using an account. Optional profile data may be processed based on your consent or voluntary action. Security logs and abuse prevention may be processed based on legitimate interest in protecting the app and its users.
7. Third-party services
Welmio may use trusted third-party providers only when needed to operate the app. For example, Resend may be used to send verification, password reset and security emails. GitHub may host the public source code, but it is not used to store user account data.
8. Data retention
Your account data is kept while your account remains active. If you delete your account, personal data will be deleted or anonymized where technically possible, except for limited technical logs, backups or records that may need to be retained temporarily for security, debugging or legal reasons.
9. Your rights
If you are in the EU/Spain, you may request access, rectification, deletion, restriction, portability and objection regarding your personal data. You can contact privacy@welmio.dev. You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD).
10. Security
Welmio uses basic security measures such as password hashing, JWT authentication, email verification, protected private endpoints, validation, rate limiting and restricted CORS for web clients. No system is completely secure, especially in a self-hosted portfolio context, so avoid storing sensitive information that you do not need in the app.
11. Changes to this policy
This policy may be updated as the project evolves, especially if new features, providers or deployment environments are added. The latest version will be available at https://welmio.dev/privacy.