Privacy Policy

Last updated: May 16, 2026

The short version: We collect only what's needed to make Chaaq work. We don't sell your data. We don't show ads. We don't track you across other apps or websites. Your financial information stays between you and the people you share it with.

1. Who we are

Chaaq is operated by CapraTrail Studios LLP ("we", "us", "our"), the data controller for the personal information described in this policy. This policy explains how we handle your information when you use the Chaaq mobile app and our website at chaaq.app.

2. What we collect

We collect information in two ways: what you give us directly, and what's generated when you use the app.

Information you provide:

Information generated automatically:

What we do NOT collect:

App Tracking Transparency: Chaaq does not "track" you as defined by Apple's App Tracking Transparency framework. We do not link your identity or activity in Chaaq to data collected by other companies' apps or websites for advertising, measurement, or any other cross-context purpose.

3. How we use your information

We use your data to make the app work. Specifically:

We never use your data for: advertising, selling to third parties, profiling for marketing, or any purpose unrelated to the app's functionality. We do not engage in automated decision-making that produces legal or similarly significant effects on you.

4. How we store and protect your data

Your data is stored on Google Firebase / Cloud Firestore, which provides enterprise-grade security including encryption at rest (AES-256) and in transit (TLS 1.2+), automatic backups, and compliance with SOC 1, SOC 2 Type II, ISO 27001, and ISO 27018 standards.

Receipt images are stored in Firebase Cloud Storage with authenticated access only — no one can view your receipts without being signed into an account that has access to them.

We enforce strict Firestore security rules, server-side: you can only read and write data that belongs to you or groups and chits you're an active member of. These rules cannot be bypassed by a modified client.

5. Payments

Chaaq is an expense tracker, not a payment processor. When you record a payment, you're logging that a payment happened — the actual money transfer happens outside the app (cash, bank transfer, UPI, etc.).

For Pro subscriptions, payments are processed through Apple's In-App Purchase system. We never see or store your payment card details — Apple handles all payment processing under their own privacy policy.

If we add additional payment methods in the future (such as Razorpay or Stripe for non-IAP paths), they will process payment data under their own privacy policies and PCI DSS standards. We will update this policy and notify you before that change takes effect.

6. Who can see your data

We do not share your data with any third parties for marketing, advertising, profiling, or any other commercial purpose.

7. Third-party services

We use a small number of trusted services to operate the app. Each is bound by a data processing agreement and operates under its own privacy policy:

These providers process data on our behalf solely to deliver the services we use. They are contractually prohibited from using your data for their own purposes.

8. Your rights

You have full control over your data. Depending on your location, you have the following rights:

All users:

Users in the EU, UK, and EEA (GDPR): in addition to the rights above, you have the right to:

We do not have an appointed Data Protection Officer because the scale and nature of our processing does not require one under GDPR Article 37. For all data protection matters, contact info@chaaq.app.

Users in California (CCPA / CPRA): you have the right to:

To exercise any of these rights, contact us at info@chaaq.app. We'll respond within 30 days (or 45 days for CCPA requests, with possible extension).

9. Data retention

We keep your personal data for as long as your account is active. When you delete your account, we permanently remove all your personal data, expense records, and receipt images from our active systems within 30 days. Backup copies are purged within 90 days.

Some anonymized, aggregated data (which cannot identify you) may be retained for service improvement and analytics. Limited information may be retained longer where required by applicable law, regulation, or to resolve disputes — for example, records required for tax or anti-fraud compliance.

10. Children's privacy

Chaaq is not intended for children under 13, or older where local law requires a higher minimum age (some EU countries require 16). We do not knowingly collect personal information from children below the applicable minimum age. If you believe a child has provided us with personal information, please contact us at info@chaaq.app and we will promptly delete it.

11. International users

Chaaq is available worldwide. Your data is stored on Google Cloud servers and may be processed in the regions where Google operates, which may be outside your home country. Where data is transferred from the EU/EEA, UK, or other regions with data protection regulations, we rely on appropriate safeguards including the EU Standard Contractual Clauses and Google's certifications under relevant frameworks. By using the app, you consent to these transfers.

12. Cookies and similar technologies

The Chaaq mobile app does not use cookies. Our website (chaaq.app) uses only essential cookies necessary for the site to function — no tracking, advertising, or analytics cookies.

13. Changes to this policy

We may update this policy from time to time. When we make material changes, we'll notify you through the app or by email. The "Last updated" date at the top tells you when this policy was last revised. Continued use of Chaaq after a change means you accept the updated policy.

14. Contact us

Questions, concerns, or requests about your privacy? Reach out:

We aim to respond to all privacy-related inquiries within 7 days.