Privacy Policy

1. Information We Collect

When you use Pochidata, we collect the following types of information:

• Account Information — Your name, email address, phone number, and profile photo when you create an account.
• Authentication Data — If you sign in with Google, we receive your basic profile information (name, email, and profile picture) from Google.
• Financial Data — Transaction records, wallet balances, income, and expense entries that you voluntarily input into the Service.
• Group Data — Information related to savings groups (Vikoba) you create or join, including contributions and group transactions.
• Usage Data — Basic information about how you interact with the Service, such as login times and feature usage.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and secure your account
• Display your financial data and group activity within the application
• Send transactional notifications via SMS or email (e.g., group updates, password resets)
• Respond to your support requests

3. Information Sharing

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

• Within Savings Groups — Your name, contributions, and transaction history are visible to other members of groups you join.
• Service Providers — We use trusted third-party services (e.g., cloud hosting, SMS delivery) that process data on our behalf under strict confidentiality agreements.
• Legal Requirements — We may disclose your information if required by law, court order, or governmental regulation.

4. Data Storage & Security

Your data is stored on secure servers with industry-standard protections, including:

• Encrypted data transmission (HTTPS/TLS)
• Hashed passwords — we never store your password in plain text
• Access controls limiting who can view your data
• Regular security updates and monitoring

Profile photos and uploaded files are stored on DigitalOcean Spaces with restricted access policies.

5. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will remove your personal information within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

6. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete information
• Delete your account and associated data
• Export your financial data
• Withdraw consent for optional communications (e.g., SMS notifications)

To exercise any of these rights, contact us through the application or our support channels.

7. Cookies & Local Storage

The Service uses essential cookies and local storage to maintain your session and preferences. We do not use third-party tracking cookies or advertising cookies.

8. Third-Party Services

If you sign in using Google OAuth, Google's privacy policy applies to the data they collect. We only receive the basic profile information you authorize during sign-in.

9. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected data from a child under 18, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy or how your data is handled, please contact us through the application or at our support channels.