Privacy Policy

1. Data we collect

• Account data — your email address, and (if you sign in with Google) your name and profile picture from Google.
• Profile data — what you tell us during onboarding: your preferred name, country, currency, the savings channels you use, and whether you belong to a SACCO (including its name, if you provide it).
• Savings data — the goals and deposit records you create, including amounts, notes, channels, and dates that you enter yourself.
• Technical data — sign-in session information and limited device/IP details needed to keep your account secure and operate the Service.

We do not collect your bank, SACCO, or mobile-money account credentials, and we never have access to your actual money.

2. How we use your data

• to create your account and authenticate you (passwordless sign-in);
• to provide the core Service — storing and displaying your goals and deposits;
• to show every amount in your chosen currency and tailor the experience;
• to keep the Service secure, prevent abuse, and fix problems;
• to comply with our legal obligations.

3. Legal basis

We process your data on the basis of your consent (which you give at onboarding and may withdraw at any time), to perform our agreement with you in providing the Service, and to pursue our legitimate interests in operating and securing it — consistent with the Data Protection and Privacy Act, 2019.

4. Who we share it with

We do not sell your personal data. We share it only with service providers who process it on our behalf and under contract, namely:

• Neon — managed database hosting where your data is stored;
• Vercel — application hosting that serves the Service;
• Google — authentication, if you choose to sign in with Google;
• Resend — delivery of one-time sign-in codes by email.

We may also disclose data where required by law or to protect our rights.

5. International transfers

Some of these providers may store or process data on servers located outside Uganda. Where that happens, we take reasonable steps to ensure your data remains protected to a standard consistent with the Data Protection and Privacy Act, 2019.

6. Data retention

We keep your data for as long as your account is active. If you delete a goal or deposit it is removed from your records, and if you delete your account we delete your personal data, except where we are required to retain certain information by law.

7. Security

We use appropriate technical and organisational measures — including encrypted connections, passwordless authentication, and access controls that scope your data to your account — to protect your personal data. No system is perfectly secure, but we work to keep your data safe.

8. Your rights

Under the Data Protection and Privacy Act, 2019, you have the right to:

• access the personal data we hold about you;
• correct inaccurate or incomplete data;
• request deletion of your data;
• object to or restrict certain processing;
• withdraw consent at any time;
• lodge a complaint with the Personal Data Protection Office (PDPO) of Uganda.

To exercise any of these rights, contact us at ywalum@gmail.com.

9. Children

The Service is not intended for anyone under 18, and we do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

10. Changes and contact

We may update this Policy from time to time; material changes will be notified through the Service or by email. For any privacy question or request, email ywalum@gmail.com.