Your Data, Your Control

Privacy at Rizqly

No data selling. No bank connections required. Your financial history stays on your device by default — we only sync to the cloud when you explicitly ask us to.

Last Updated: December 1, 2025

1. Information We Collect

We collect information to provide and improve our Service. The types of data we collect depend on your subscription plan.

A. Personal Identification Information (PII)

  • Account Details: When you create an account, we collect your email address via Google SSO. We do not store passwords directly.
  • Support Communications: If you contact us, we collect your email and the content of your message.

B. Financial Data

  • Transaction Data: Amounts, dates, descriptions, categories, and tags of your income and expenses.
  • Account Balances: Current balances of cash, credit, and loan accounts you manually enter or sync.
  • Budgeting Data: Spending limits and category preferences you configure.

C. Technical & Usage Data

  • Device Information: Browser type, operating system, and device type (for compatibility and debugging).
  • Log Data: IP addresses and timestamps of API requests (for security monitoring and fraud prevention).

2. Data Storage & Architecture

Our unique architecture offers two distinct levels of privacy based on your preference:

Basic Plan (Local-Only)

If you use the Basic plan, your financial data is stored exclusively on your local device using your browser's IndexedDB technology. We do not transmit your transaction history or account balances to our servers. You are solely responsible for backing up this data via our CSV export feature.

Standard & Premium Plans (Cloud Sync)

To enable cross-device synchronization and backup, paid plans transmit encrypted data to our secure cloud infrastructure.

  • Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Storage Provider: We use Google Firebase (Google Cloud Platform) to store synced data.
  • Access Control: Strict Row-Level Security rules ensure only your authenticated User ID can access your records.

3. Third-Party Sub-Processors

We partner with trusted industry leaders to provide specific services. We never sell your data to data brokers or advertisers.

  • Google Identity Platform: Handles secure user authentication (SSO).
  • Google Firebase: Provides secure database and backend hosting.
  • Netlify: Hosts the web application frontend and content delivery network (CDN).
  • Plaid (Upcoming): For Premium users connecting bank accounts, Plaid processes credentials and financial data. Plaid adheres to its own strict privacy policy and security standards (SOC 2 Type II). Rizqly.app never accesses or stores your banking credentials.

4. How We Use Your Data

We use your information strictly for the following purposes:

  • Service Provision: To create your account, sync your data (if applicable), and display your financial dashboard.
  • Improvements: To identify bugs, analyze performance, and improve user experience.
  • Communication: To send transaction alerts (system-generated) or respond to your support inquiries.
  • Security: To detect and prevent fraudulent activity or unauthorized access.

5. Your Rights

In accordance with GDPR, CCPA, and other privacy laws, you have the following rights:

  • Right to Access: You can view all your data directly within the application dashboard.
  • Right to Portability: You can export your entire dataset to a CSV file via the Settings page at any time.
  • Right to Rectification: You can edit or update any transaction or account detail instantly within the app.
  • Right to Erasure: You can permanently delete your account and all associated data via the "Danger Zone" in Settings. This action is irreversible and immediately wipes your data from our servers.

6. Cookies & Tracking

We use minimal cookies necessary for the operation of the Service.

  • Essential Cookies: Used to maintain your login session and remember theme preferences (Light/Dark mode).
  • No Ad Tracking: We do not use third-party advertising cookies or tracking pixels to follow you across the web.

7. Data Retention & Privacy Lifecycle

We believe in "Privacy by Deletion." Your financial data follows a strict lifecycle to ensure it does not sit on our servers longer than necessary:

  • 1. Active Subscription/Trial: Your data is encrypted and synced to the cloud for multi-device access.
  • 2. Post-Expiry Grace Period (7 Days): If your trial or subscription ends, your data remains safely in the cloud for 7 days to allow for a full local sync to your primary device.
  • 3. Basic Tier Buffer (30 Days): After the grace period, if you continue on the "Basic Plan," we keep a "frozen" backup of your data in our cloud for an additional 30 days as a final safety net should you choose to re-subscribe.
  • 4. Permanent Purge: Exactly 67 days after your trial or subscription initially expires (7-day grace + 30-day buffer), all cloud-hosted transaction and account data is permanently deleted from our servers. Your data remains 100% available on your local device.

8. Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

9. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our Data Protection team at:

Email: info@rizqly.app