PafillPafill

Privacy Policy

Effective date: 2025-10-20

This Privacy Policy applies to the Pafill mobile application (“Application”) provided by Görkem Çirtma (“Service Provider”) as a Freemium service. The Service is provided “as is”.

Information We Collect

1) Information you provide

  • Account data: name, surname, email address, password (stored hashed), or social login identifiers (Apple sub, Google sub) and verified email status.
  • Profile photo: if you add one, it is stored locally on your device (not uploaded to our servers).
  • Financial data you enter: salary and plan settings, expenses, saving entries/withdrawals, expense limits, and goals.
  • Support messages: any info you include when you email us.

We use this data to create and operate your account, provide core features (budgeting, summaries), send one-time codes and important service messages, and respond to support.

2) Information collected automatically

  • Server logs: when you use the Service, our servers record a request ID, your IP address (or proxy IP), request path and status code for security, rate-limiting, and troubleshooting.
  • Rate-limit & OTP counters: we keep short-lived counters and hashed OTP tokens in a managed Redis service to prevent abuse and deliver login/verification codes.
  • No analytics / ads / crash SDKs: the Application does not use advertising SDKs, analytics tracking, or device fingerprinting.
  • No location: the Application does not collect precise or background location.

3) In-app notifications

The app may schedule local notifications (daily/weekly/month-end reminders) on your device. Whether notifications are allowed is controlled by your system settings and the in-app toggle.

Third-Party Services We Use

We only share the minimum necessary data with these processors:

  • Sign in with Apple — authentication provider. May share your Apple identifier and, if you allow, name/email. Privacy.
  • Google Sign-In (Google Identity Services / OAuth 2.0) — authentication provider. May share your Google identifier and verified email (and name if available). Privacy.
  • Apple In-App Purchases — handles payments and receipts. We store subscription metadata (transaction IDs, product ID, price/currency, purchase & expiry dates) to operate your premium access. Apple Privacy.
  • Postmark (by ActiveCampaign) — transactional email (verification/reset codes, account emails). Processes your email address and message metadata to deliver emails. Privacy.
  • Upstash (Redis over HTTPS) — stores short-lived rate-limit counters and hashed OTP tokens; no analytics/advertising use. Privacy.

We do not sell personal data.

Data Retention & Deletion

  • We keep account and budgeting data for as long as your account is active.
  • In-app “Delete Account” deletes your data immediately from our primary database (related records such as expenses, savings, limits, goals, and subscriptions are removed via cascading deletes).
  • Operational items like email suppression flags (from delivery providers) and minimal server logs may persist for a short period for security, anti-abuse and compliance, after which they are removed.

If you need help with deletion, contact: support@pafiapp.com.

Children’s Privacy

The Service is not directed to children under 13 and we do not knowingly collect personal information from them. If you believe a child has provided personal data, contact us and we will delete it. Where required, you must be at least 16 to consent to processing in your country (or have parental consent).

Security

We protect data with industry-standard measures, including encryption in transit (TLS) and strong password hashing (Argon2). No security method is perfect, but we continuously work to safeguard your information.

Changes to This Policy

We may update this Policy from time to time. We will post the updated version here and update the effective date below.

Contact

Questions about privacy? Email us at support@pafiapp.com.