Privacy Policy

We collect the following types of information:

We process your data based on the following legal grounds:

• Contract performance - to provide the Masareef service, manage your account, and process your transactions
• Consent - for SMS reading, Apple Wallet sync, and optional notifications. You can withdraw consent at any time
• Legitimate interest - for crash reporting, app improvement, and fraud prevention

We use the information we collect to:

• Provide, maintain, and improve the Masareef app
• Automatically categorize and log your transactions
• Generate spending insights and budget tracking
• Send you budget alerts and notifications you opt into
• Provide customer support
• Detect and prevent fraud or abuse

We do not sell, rent, or trade your personal or financial data to any third party. We do not use your data for advertising.

SMS processing is a core feature of Masareef. Here is exactly how it works:

• SMS reading is opt-in and requires your explicit permission
• We only process messages that match financial transaction patterns from known banks
• Non-financial messages are filtered out on-device and never leave your phone
• Matched transaction data (amount, merchant, date) is sent to our servers for categorization
• Raw SMS text is not stored on our servers after processing
• You can disable SMS reading at any time in your device settings

We take the security of your financial data seriously:

• All data is encrypted in transit using TLS 1.3
• Data at rest is encrypted using AES-256 on our servers
• Authentication tokens are stored using platform-native secure storage (Keychain on iOS)
• We use passwordless authentication (email OTP, Google, Apple) to eliminate password-related vulnerabilities
• Server access is restricted with role-based controls and audit logging
• We conduct regular security reviews and apply patches promptly

While no system is 100% secure, we implement industry-standard practices to protect your data. In the event of a data breach, we will notify affected users within 72 hours as required by applicable law.

Masareef integrates the following third-party services:

• Authentication providers (Google, Apple) - for sign-in only; they do not receive your financial data
• PostHog - product analytics to understand app usage (anonymized, no financial data shared)
• Crash reporting - to identify and fix bugs (contains no financial data)

We do not share your financial transaction data with any third-party analytics, advertising, or data broker services.

Masareef is a mobile application and does not use browser cookies. However, our analytics SDK collects anonymized usage data such as:

• Screen views and feature usage frequency
• App open/close events
• Device type and OS version

This data is anonymized and cannot be linked to your financial transactions. We do not use any advertising trackers, retargeting pixels, or fingerprinting technologies.

Your data may be processed on servers located outside your country of residence. When we transfer data internationally, we ensure adequate protection through:

• Encryption of all data in transit and at rest
• Using hosting providers that comply with international data protection standards
• Limiting access to authorized personnel only

We retain your data for as long as your account is active. If you delete your account:

• Your personal and financial data will be permanently deleted within 30 days
• Anonymized, aggregated data (not linked to you) may be retained for analytics purposes
• Backups containing your data are purged within 90 days

Depending on your jurisdiction, you may have the following rights:

• Access - request a copy of your personal data
• Rectification - correct inaccurate data
• Erasure - delete your account and all associated data
• Portability - export your transaction data in a structured, machine-readable format (CSV/JSON)
• Withdraw consent - revoke SMS reading or Apple Wallet sync at any time
• Restriction - limit how we process your data
• Objection - object to processing based on legitimate interest

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

You can manage your permissions at any time:

• SMS reading- disable in your device Settings > Apps > Masareef > Permissions
• Apple Wallet sync - toggle off in the Masareef app settings
• Push notifications - manage in your device notification settings
• Analytics- opt out in the Masareef app under Settings > Privacy

Withdrawing consent does not affect the lawfulness of processing performed before withdrawal.

Masareef is not intended for use by children under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it within 48 hours.

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify you through an in-app notification
• For significant changes, request your acknowledgment before continuing to use the app

If you have any questions about this Privacy Policy, want to exercise your rights, or have a data-related concern, contact us: