Privacy & Data Protection Policy
Last updated:
Disclaimer: This document provides general information about our privacy practices and is not legal advice. In case of conflict between this policy and applicable law, the law prevails. Please consult with a legal professional for advice on your specific situation.
Executive Summary #
Cashira ("we," "our," or "us") is committed to protecting your privacy and being transparent about how we handle your personal data. This policy explains how we collect, use, share, and protect your information when you use our AI-powered budgeting and planning application.
At a Glance
| What We Collect | Why We Collect It | Your Control |
|---|---|---|
| Account information (name, email) | To create and manage your account | Update anytime in account settings |
| Financial data (read-only access) | To provide budgeting insights and analytics | Disconnect financial institutions anytime |
| Calendar data | To provide scheduling suggestions | Disconnect calendar anytime |
| Usage data | To improve our services and user experience | Control through privacy settings |
Key Principles
- Read-Only Access: We only access your financial data in read-only mode. We cannot move money or initiate transactions.
- Data Minimization: We only collect data necessary to provide our services.
- Transparency: We're clear about what data we collect and why.
- Security: We implement robust security measures to protect your data.
- Your Control: You have rights over your data, which you can exercise at any time.
Global Compliance Framework
Cashira complies with major global privacy regulations including:
- GDPR (EU/EEA/UK)
- CCPA/CPRA (California)
- PIPEDA & Quebec Law 25 (Canada)
- LGPD (Brazil)
- Privacy Act/APPs (Australia)
- PDPA (Singapore)
- DPDP Act 2023 (India)
- POPIA (South Africa)
- And other applicable regional laws
2. Key Definitions #
Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes but is not limited to name, email address, financial information, calendar data, and device identifiers.
Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
The entity that determines the purposes and means of the processing of personal data. For most processing activities, Cashira acts as a data controller.
An entity that processes personal data on behalf of a controller. Cashira may act as a processor for enterprise clients under specific agreements.
A special category of personal data that may receive additional protections under various privacy laws. This may include financial information, precise geolocation, racial or ethnic origin, health data, and other categories defined by applicable law.
The individual to whom personal data relates. Under various privacy laws, you may be referred to as a data subject, consumer, or individual.
Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by clear affirmative action, signify agreement to the processing of personal data relating to them.
15. Contact Us / DPO #
If you have questions about this privacy policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us:
Primary Contact
Privacy Officer / Data Protection Officer
Email: privacy@cashira.app
Mail: Consultants Lengu Inc., [Address to be specified], Canada
Support
For general support inquiries: support@cashira.app
EU/UK Representatives
[OPTIONAL: If appointed, details of EU and UK representatives would be included here]
Response Times
We strive to respond to all privacy-related inquiries within the timeframes required by applicable law:
- GDPR/UK: Within one month (may be extended by two further months where necessary)
- CCPA/CPRA: Within 45 days (may be extended by an additional 45 days where necessary)
- Other jurisdictions: As required by local law
16. Changelog & Versioning #
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes as required by law.
Recent Changes
| Version | Date | Changes |
|---|---|---|
| 1.0 | Initial publication |
Update Notification
We will notify you of material changes to this policy through:
- In-app notifications
- Email communications
- Website banners or notices
- Other methods as required by law
Historical Versions
Previous versions of this privacy policy are available upon request. Contact us at privacy@cashira.app to request a specific historical version.
17. Jurisdiction Appendices #
This section provides additional jurisdiction-specific details that may apply based on your location.
Legal Framework
General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)
Data Controller
For most processing activities, Cashira (a sub corporation of Consultants Lengu Inc.) acts as a data controller.
Legal Bases for Processing
We process personal data on the following legal bases under Article 6 GDPR:
- Contract Performance (Article 6(1)(b)): Processing necessary for the performance of our services.
- Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, such as service improvement and security.
- Consent (Article 6(1)(a)): Where we have obtained your consent for specific processing activities.
- Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations.
Data Protection Authority
You have the right to lodge a complaint with your local supervisory authority. Contact details for EU data protection authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.
Special Categories of Data
We do not intentionally process special categories of personal data (Article 9 GDPR) unless you explicitly provide such information in your financial or calendar data.
Legal Framework
UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018
Data Controller
For most processing activities, Cashira (a sub corporation of Consultants Lengu Inc.) acts as a data controller.
Legal Bases for Processing
We process personal data on the following legal bases under Article 6 UK GDPR:
- Contract Performance (Article 6(1)(b)): Processing necessary for the performance of our services.
- Legitimate Interests (Article 6(1)(f)): Processing necessary for our legitimate interests, such as service improvement and security.
- Consent (Article 6(1)(a)): Where we have obtained your consent for specific processing activities.
- Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations.
Data Protection Authority
You have the right to lodge a complaint with the Information Commissioner's Office (ICO). Contact details can be found at https://ico.org.uk/make-a-complaint/.