Privacy Policy for Paysa

Introduction

Paysa ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our expense tracking mobile application.

Information We Collect

Personal Information

We collect minimal information strictly necessary to provide core functionality:

Email Address (Temporary Use Only) - Cloud Mode Only

• Collected when you log in to the app to receive a 6-digit verification code
• Sent securely to our backend via encrypted HTTPS
• Never stored in plain text in any database
• Used only to send a one-time code through Amazon Simple Email Service (SES)
• Automatically deleted within minutes after verification or expiration

Hashed User ID – Cloud Mode Only

• A hashed version of your email (using a private salt) is used to identify your account data in our database
• This value is anonymized, non-reversible, and used to associate your expenses, budgets, and preferences with you
• The hashing ensures your actual email is never stored alongside your expense data

Expenses, Budgets, and Tags

• All financial records you enter (expense name, amount, category, tags, notes, etc.) are stored securely on your device
• When in Cloud Mode, these records are securely stored in our database
• If using Cloud Mode, these records are associated only with your hashed user ID — not your real name, email, or any other identifiable detail

App Preferences

• Settings like default currency, display preferences, and notification settings
• Stored on device only

Device Information

• Device Identifiers: Device ID and app installation information
• Usage Analytics: How you interact with the app (features used, frequency of use)
• Technical Data: App version, operating system version, and device type

Cloud Storage Data

• AWS DynamoDB: Your expense data, categories, tags, and user preferences are stored in Amazon Web Services DynamoDB
• Authentication: User authentication and session management through AWS services

How We Use Your Information

Core App Functionality

• Expense Tracking: To store and organize your expense records
• Data Analysis: To provide insights, spending patterns, and smart recommendations. All calculations are performed on-device
• Budget Management: To track spending against budgets and show alerts
• Cloud Synchronization: To sync your data across devices and provide backup

Smart Features

• Category Suggestions: To suggest appropriate categories based on merchant names and spending patterns
• Frequent Expenses: To identify and suggest commonly used expenses for quick entry
• Spending Insights: To analyze your spending patterns and provide recommendations

What We Don't Do

• We do not collect or store your full email address long-term
• We do not share your data with advertisers, data brokers, or third parties
• We do not use cookies, trackers, or third-party analytics in the app

Data Analytics

We do not collect any analytics data about your usage of the app. The only data collection that may occur is through Apple's standard iOS analytics, which is controlled by your device settings and Apple's privacy policies. We have no access to or control over Apple's data collection practices.

Data Storage and Security

Local Storage

• Your data is stored locally on your device using iOS secure storage mechanisms
• Local data includes expenses, categories, tags, and app preferences

Cloud Storage

We use industry-standard security measures, including:

• End-to-end encryption (HTTPS) for all network requests
• One-way SHA-256 hashing for identity management
• AWS DynamoDB: Your data is securely stored in Amazon Web Services cloud infrastructure
• Encryption: Data is encrypted in transit and at rest using industry-standard encryption
• Access Control: Strict access controls and authentication mechanisms protect your data

Data Retention

Offline Mode

Your data is stored locally on your device and is retained only while you keep the app installed. When you delete the app, all local data is permanently deleted.

Cloud Mode

• Account Deletion: When you delete your account, all cloud data is deleted immediately
• Inactive Accounts: If you don't log in for 1 year, your cloud data will be automatically deleted
• Active Use: Your data is retained as long as you maintain an active account and log in regularly
• Backup: Cloud data serves as a backup and enables cross-device synchronization

Data Sharing and Disclosure

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties.

Limited Sharing

We may share your information only in the following circumstances:

• Service Providers: With trusted third-party service providers who assist in app operation (e.g., AWS for cloud storage)
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets (with appropriate privacy protections)

Third-Party Services

We do not use any third-party analytics, advertising, or tracking services. The only external service we use is Amazon Web Services (AWS) for secure cloud storage and authentication.

Aggregated Data

We may use aggregated, anonymized data for analytics and research purposes. This data cannot be used to identify individual users.

Your Rights and Choices

Access and Control

• View Your Data: You can view all your expense data within the app
• Edit Your Data: You can modify, add, or delete expenses, categories, and tags
• Export Data: You can export your expense data in CSV format
• Delete Account: You can request deletion of your account and all associated data by opening the app and choosing "Delete Account" in Settings

Privacy Settings

• Offline Mode: You can use the app in offline mode without cloud synchronization
• Data Sync: You can control whether your data is synced to the cloud
• Notifications: Notifications are only displayed inside the application. You can manage budget alerts and other notifications

Data Portability

• CSV Export: You can export your expense data for use in other applications
• Data Backup: Your cloud data serves as a backup and can be restored

Data Security

Security Measures

• Encryption: All data is encrypted in transit and at rest
• Authentication: Secure user authentication and session management
• Access Controls: Strict access controls for cloud data
• Regular Updates: Regular security updates and vulnerability assessments
• Privacy Protection: We do not store personally identifiable information on our servers. Only a hash of your email address is stored for authentication purposes, which cannot be used to identify you personally

Data Breach Notification

Due to our privacy-first approach, we do not store any personally identifiable information on our servers. The only data stored is a hash of your email address for authentication, which cannot be reversed to reveal your actual email. Therefore, in the unlikely event of a data breach, there would be no personally identifiable information at risk that would require notification under typical breach notification laws.

Your Responsibilities

• Device Security: Keep your device secure and use strong authentication
• Account Protection: Protect your account credentials and log out when not in use
• App Updates: Keep the app updated to benefit from security improvements

Children's Privacy

Paysa is not intended for children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe we have collected information from a child under 13, please contact us immediately.

International Data Transfers

Your data may be processed and stored in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

Disclaimer and Limitation of Liability

Disclaimer of Warranties

The Paysa app is provided "as is" and "as available" without any warranties of any kind, express or implied. To the fullest extent permitted by applicable law, we disclaim all warranties, including but not limited to:

• Warranties of merchantability, fitness for a particular purpose, and non-infringement
• Warranties that the app will be uninterrupted, error-free, or secure
• Warranties that defects will be corrected or that the app or server are free of viruses or other harmful components
• Warranties regarding the accuracy, reliability, or completeness of any information provided through the app

Limitation of Liability

To the fullest extent permitted by applicable law, in no event shall Paysa, its officers, directors, employees, agents, or affiliates be liable for any indirect, incidental, special, consequential, or punitive damages, including but not limited to:

• Loss of profits, data, use, goodwill, or other intangible losses
• Damages resulting from the use or inability to use the app
• Damages resulting from any changes to the app or temporary or permanent cessation of the app
• Damages resulting from unauthorized access to or alteration of your data
• Damages resulting from statements or conduct of any third party on the app

In no event shall our total liability to you for all claims exceed the amount paid by you, if any, for accessing the app during the twelve (12) months preceding the event giving rise to the liability.

Data Accuracy and Financial Decisions

• The app is designed to help you track expenses but should not be used as the sole basis for financial decisions
• We do not guarantee the accuracy, completeness, or timeliness of any financial information
• Users are responsible for verifying the accuracy of their expense data and making informed financial decisions
• We recommend consulting with qualified financial professionals for important financial matters

Indemnification

You agree to indemnify, defend, and hold harmless the author and any associated parties from and against any claims, damages, losses, costs, and expenses (including reasonable attorneys' fees) arising from your use of the application or violation of these terms.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the updated policy in the app
• Updating the "Last Updated" date

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information
• Right to non-discrimination for exercising your privacy rights

GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to restrict processing
• Right to object to processing
• Right to withdraw consent

To exercise these rights, please contact us using the information provided above.

Compliance

This Privacy Policy is designed to comply with applicable privacy laws, including:

• General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other applicable local privacy regulations