Privacy Policy

1. Introduction

Welcome to PapayaLedger ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

By using PapayaLedger, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

• Account Information: Email address, name, phone number (optional), and password
• Profile Information: Currency preference, timezone, notification preferences
• Financial Data: Expense amounts, descriptions, categories, payment methods, and group information
• Receipt Images: Photos of receipts you upload for OCR processing
• Communication Data: Messages sent through our support channels

2.2 Automatically Collected Information

• Device Information: Device type, operating system, browser type, IP address
• Usage Data: Pages visited, features used, time spent on pages, click patterns
• Location Data: Approximate location based on IP address (not precise GPS)
• Cookies: Session cookies, analytics cookies (with your consent)

2.3 Information from Third Parties

• Payment Processors: Stripe processes your payment information (we do not store card details)
• Authentication Services: OAuth providers (if you sign in with Google, Apple, etc.)
• Analytics Services: Google Analytics (anonymized data only)

3. How We Use Your Information

We use your information for the following purposes:

• Provide Services: Create and manage your account, process expenses, calculate splits
• AI Features: Categorize expenses, extract data from receipts using OCR, provide insights
• Communication: Send notifications, updates, security alerts, and customer support
• Payments: Process subscription payments and manage billing
• Improve Service: Analyze usage patterns, fix bugs, develop new features
• Security: Detect fraud, prevent abuse, protect user accounts
• Legal Compliance: Comply with laws, regulations, and legal requests

4. Third-Party Services We Use

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• With Group Members: Expense data is shared with other members of your expense groups
• Service Providers: Third-party vendors who help us operate the Service (all under strict data protection agreements)
• Legal Requirements: When required by law, court order, or government request
• Business Transfers: In the event of a merger, acquisition, or sale of assets
• With Your Consent: Any other sharing with your explicit permission

6. Data Security

We implement industry-standard security measures to protect your data:

• TLS/SSL encryption for all data in transit
• Encryption at rest for sensitive data
• Secure password hashing (bcrypt)
• Regular security audits and updates
• Access controls and authentication
• Automated backup systems

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have the following rights:

GDPR Rights (EU Users)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Object: Opt out of certain data processing activities

CCPA Rights (California Users)

• Know: What personal information we collect and how it's used
• Delete: Request deletion of your personal information
• Opt-Out: Opt out of the sale of personal information (we don't sell data)
• Non-Discrimination: Equal service regardless of privacy choices

To exercise these rights, please contact us at privacy@papayaledger.com

8. Data Retention

• Active Accounts: We retain your data as long as your account is active
• Deleted Accounts: Data is permanently deleted 30 days after account deletion request
• Legal Requirements: Some data may be retained longer for legal or regulatory compliance
• Anonymized Data: Usage analytics may be retained indefinitely in anonymized form

9. Children's Privacy

PapayaLedger is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission for EU data transfers.

11. Cookies

We use cookies and similar technologies:

• Essential Cookies: Required for the Service to function (always enabled)
• Analytics Cookies: Help us understand how you use the app (requires consent)
• Marketing Cookies: Track ad performance (requires consent)

You can manage your cookie preferences in Settings or view our full Cookie Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through a prominent notice in the app. The "Last Updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: