Home Terms

Privacy Policy

Last updated: March 6, 2025

Contents

  1. Who We Are
  2. Information We Collect
  3. How We Use Your Information
  4. Contact Access & Phone Numbers
  5. Data Storage & Security
  6. Third-Party Services
  7. Data Sharing
  8. Data Retention
  9. Your Rights
  10. Children's Privacy
  11. Changes to This Policy
  12. Contact Us

Chaaq ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, how we protect it, and what choices you have — in clear, plain language.

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes. Ever.

1. Who We Are

Chaaq is a mobile application designed for expense splitting and savings group management, built for users worldwide. This policy applies to all users of the Chaaq iOS application and any associated web properties.

2. Information We Collect

2.1 Information You Provide

  • Account information: Phone number, display name, and profile picture (optional) when you create an account
  • Financial activity: Expense details, group names, amounts, splits, savings group contributions, and payout records that you create within the app
  • Communications: Messages you send to our support team

2.2 Information Collected Automatically

  • Device information: Device model, operating system version, and unique device identifiers
  • Usage data: App feature usage patterns, crash reports, and performance data
  • Log data: IP address, access times, and referring URLs

2.3 Information We Do NOT Collect

  • Bank account numbers, credit/debit card details, or UPI IDs
  • Biometric data (fingerprints, face scans)
  • Location data (GPS, precise or approximate)
  • Contact names, emails, or addresses from your address book

3. How We Use Your Information

We use the information we collect strictly for the following purposes:

  • Core functionality: To create and manage your account, process expense splits, manage savings group operations, and display balances
  • Friend discovery: To help you find other Chaaq users from your contacts (see Section 4)
  • Notifications: To send you payment reminders, group updates, and savings group alerts that you have opted into
  • Improvement: To fix bugs, improve performance, and develop new features based on aggregated, anonymised usage patterns
  • Security: To detect and prevent fraud, abuse, and unauthorised access

We never use your financial data to build advertising profiles, serve targeted ads, or make automated decisions about you.

4. Contact Access & Phone Numbers

This is important, so we want to be extra clear:

4.1 What Happens When You Grant Contact Access

  • Your phone numbers (and only phone numbers) are read from your device's address book
  • Each number is hashed using a one-way cryptographic hash (SHA-256) directly on your device before being transmitted
  • These hashes are sent to our server and compared against hashes of existing Chaaq users
  • Matches are returned so you can see which contacts already use Chaaq
  • The original phone numbers never leave your device

4.2 What We Never Do With Contacts

  • We never store raw (unhashed) phone numbers from your contacts
  • We never read contact names, email addresses, physical addresses, or any other fields
  • We never upload your full address book to our servers
  • We never share contact data with any third party
  • We never use contact data for marketing, advertising, or profiling

4.3 Contact Access Is Optional

You can deny contact access and still use every feature of Chaaq. You can add friends manually by entering their phone number or sharing an invite link. You can revoke contact access at any time through your device's Settings app.

5. Data Storage & Security

  • Encryption in transit: All data transmitted between the app and our servers uses TLS 1.2+ encryption
  • Encryption at rest: Sensitive data stored on our servers is encrypted using AES-256 encryption
  • Authentication: We use Firebase Authentication with secure token-based sessions
  • Infrastructure: Our backend runs on Google Cloud Platform (Firebase), which maintains SOC 2 Type II and ISO 27001 certifications
  • Access control: Employee access to user data is restricted on a need-to-know basis and requires multi-factor authentication

6. Third-Party Services

We use the following third-party services, each with their own privacy policies:

  • Google Firebase: Authentication, database, analytics, and crash reporting (Firebase Privacy)
  • Google AdMob: Advertising in the free tier of the app (Google Privacy Policy). AdMob may collect device identifiers and usage data for ad personalisation. You can opt out of personalised ads in your device settings.
  • Apple App Store: For app distribution and in-app purchases (Apple Privacy)

We do not use any third-party analytics that track individual users across apps or websites.

7. Data Sharing

We do not sell, rent, trade, or share your personal information with third parties except in the following limited circumstances:

  • With your consent: When you explicitly choose to share data (e.g., sharing a group invite)
  • Group members: Expense and savings group information is visible to other members of groups you join — this is core app functionality
  • Service providers: With the third-party services listed in Section 6, strictly for operating the app
  • Legal requirements: If required by law, court order, or governmental authority, or to protect the safety of our users

8. Data Retention

  • Active accounts: We retain your data for as long as your account is active
  • Deleted accounts: When you delete your account, all personal data, expense history, group memberships, and savings group records are permanently deleted from our servers within 30 days
  • Anonymised data: We may retain fully anonymised, aggregated data (e.g., total number of transactions) indefinitely for analytical purposes. This data cannot be traced back to any individual.

9. Your Rights

You have the following rights regarding your data:

  • Access: Request a copy of all personal data we hold about you
  • Correction: Update or correct inaccurate information
  • Deletion: Delete your account and all associated data at any time from within the app
  • Portability: Request your data in a machine-readable format
  • Withdraw consent: Revoke contact access or notification permissions at any time through your device settings
  • Objection: Object to processing of your data for specific purposes

To exercise any of these rights, contact us at info@chaaq.app. We will respond within 30 days.

10. Children's Privacy

Chaaq is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we discover that we have inadvertently collected data from a minor, we will delete it immediately. If you believe a child has provided us with their information, please contact us at info@chaaq.app.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or via email before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of Chaaq after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, contact us: