How Suma handles your data
Suma stores the minimum data needed to function as a budget tracker:
Telegram user ID — used to identify your account.
Display name — your Telegram first name, used for greetings. Encrypted at rest (AES-256-GCM).
Transactions — amounts, categories, and descriptions you enter.
Voice messages — if you send a voice note, it is forwarded to OpenAI Whisper for transcription. With your consent, recordings are stored anonymously to improve accuracy. No personal data is linked to stored audio. You can disable storage or delete all recordings from Settings at any time.
Receipt photos — if you send a photo, it is forwarded to OpenAI for analysis and immediately discarded. We do not store images.
SUMA offers two levels of encryption to protect your financial data:
Server-side encryption (default) — Sensitive fields (username, first name) are encrypted at rest using AES-256-GCM. Transaction data is stored in the database and accessible to SUMA for features like AI chat and analytics.
Zero-Knowledge encryption (optional) — When enabled, your financial data is encrypted in your browser using XChaCha20-Poly1305 with a passphrase-derived key (Argon2id). SUMA cannot decrypt or access your data. Some features (AI chat, server-side search) are unavailable in this mode.
Zero-Knowledge Mode encrypts your data client-side before it reaches our servers. Your encryption key is derived from a passphrase you choose and is never transmitted to or stored on our servers.
If you lose your passphrase and recovery key, your encrypted data cannot be recovered. SUMA has no ability to decrypt your data or reset your passphrase in Zero-Knowledge Mode.
Telegram Bot API — to send and receive messages. See "Telegram notice" below for important encryption details.
OpenAI API — for voice transcription (Whisper) and receipt analysis. Data is sent per OpenAI's API data usage policy (not used for training).
Northflank — hosting and managed PostgreSQL database.
Your data is retained for as long as your account is active. When you delete your account, all personal data, transactions, categories, and group memberships are permanently and irreversibly deleted within 24 hours. We do not retain backup copies of deleted user data. Inactive accounts are not automatically deleted — you control when your data is removed.
Suma does not use cookies for tracking, analytics, or advertising. The web dashboard uses a session cookie solely for authentication.
Telegram does not provide end-to-end encryption for messages exchanged with bots. This means your messages to the Suma bot — including financial data such as amounts, descriptions, and voice messages — may be accessible to Telegram. We encrypt sensitive fields at rest on our servers (AES-256-GCM), but we cannot control how Telegram processes messages in transit. We recommend not sharing highly sensitive personal information (passwords, ID numbers, bank credentials) through the bot. The web dashboard uses HTTPS end-to-end and is the most private way to use Suma.
Questions? Visit our feedback page or contact us through @sumaonline_bot on Telegram.
Under Colombian data protection law (Ley 1581 de 2012), you have the following rights regarding your personal data:
Right of access — You can request a copy of all personal data we hold about you at any time via the /mydata bot command or the Settings page.
Right of rectification — You can update or correct your personal data through the Settings page or bot commands.
Right of deletion — You can request complete deletion of your account and all associated data via Settings > Danger Zone or the /deleteaccount bot command.
Right of portability — You can export all your data in JSON, PDF, or Excel format via Settings or the /export bot command.
For any questions, complaints, or requests regarding your personal data, please contact us through the feedback form on the web dashboard or via the Telegram bot. We will respond to your request within 15 business days as required by Colombian law.