Cashira ("we," "our," or "us") is committed to protecting your privacy and being transparent about how we handle your personal data. This policy explains how we collect, use, share, and protect your information when you use our AI-powered budgeting and planning application.
| What We Collect | Why We Collect It | Your Control |
|---|---|---|
| Account information (name, email) | To create and manage your account | Update anytime in account settings |
| Financial data (read-only access) | To provide budgeting insights and analytics | Disconnect financial institutions anytime |
| Calendar data | To provide scheduling suggestions | Disconnect calendar anytime |
| Usage data | To improve our services and user experience | Control through privacy settings |
Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This includes but is not limited to name, email address, financial information, calendar data, and device identifiers.
Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
The entity that determines the purposes and means of the processing of personal data. For most processing activities, Cashira acts as a data controller.
| Data Category | Examples | Source | Required/Optional |
|---|---|---|---|
| Account Information | Name, email, password, preferences | Direct from user | Required |
| Financial Data | Account balances, transactions, holdings | Bank/credit card APIs | Required |
| Calendar Data | Events, schedules, meeting details | Calendar service APIs | Optional |
| Device Information | IP address, browser type, device ID | Automated collection | Required |
We do not intentionally collect special category data as defined by GDPR (e.g., health, biometric, genetic data). However, financial information may be considered sensitive personal information under various regulations and is protected accordingly.
| Processing Purpose | Data Categories Used | GDPR Legal Basis | Other Jurisdictions |
|---|---|---|---|
| Account Creation & Management | Account Information | Contract Performance | Service Provision |
| Financial Insights & Budgeting | Financial Data, Calendar Data | Legitimate Interests | Business Operations |
| AI-Powered Recommendations | Financial Data, Usage Data | Consent (where required) | Service Improvement |
| Security & Fraud Prevention | Device Information, Financial Data | Legitimate Interests | Security Purposes |
| Data Category | Retention Period | Deletion Process |
|---|---|---|
| Account Information | While account active + 30 days | Permanent deletion from all systems |
| Financial Data | While account active + 30 days | Secure erasure from databases and backups |
| Calendar Data | While account active + 7 days | Removal from all storage systems |
| Support Communications | 3 years from resolution | Secure deletion after retention period |
When you request account deletion or exercise your right to erasure:
Regardless of your location, we provide accessible mechanisms to exercise control over your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Obtain a copy of your personal data | Account settings or request to privacy@cashira.app |
| Correction | Rectify inaccurate or incomplete data | Edit profile or contact support |
| Deletion | Request erasure of your data | Account deletion option or email request |
| Portability | Receive your data in a machine-readable format | Export feature or request to privacy@cashira.app |
We implement comprehensive security measures to protect your financial and personal data, following industry best practices and "bank-level" security standards where appropriate.
| Security Area | Implementation |
|---|---|
| Encryption | AES-256 encryption for data at rest; TLS 1.2+ for data in transit |
| Access Controls | Role-based access, principle of least privilege, multi-factor authentication |
| Network Security | Firewalls, intrusion detection/prevention, DDoS protection |
| Application Security | Secure SDLC, code reviews, vulnerability scanning, penetration testing |
For questions about this policy or our privacy practices:
We strive to respond to all privacy-related inquiries within the timeframes required by applicable law:
We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes as required by law.
| Version | Date | Changes |
|---|---|---|
| 1.0 | Initial comprehensive Privacy & Data Protection Policy | |
| Future Updates | TBD | This policy will be updated as needed to reflect changes in our practices, services, or legal requirements. |
We will notify users of material changes to this policy through: