Privacy Policy

Kizu - AI-Powered Financial Healing Platform

Last Updated: December 28, 2025

Effective Date: December 28, 2025

Introduction

Welcome to Kizu ("we," "our," or "us"). Kizu is operated by Sheriax Solutions ("Company"). We are committed to protecting your privacy and ensuring the security of your personal and financial information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application Kizu (the "App") and related services (collectively, the "Services").

Please read this Privacy Policy carefully. By using Kizu, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Information

  • Email address
  • Name (optional)
  • Password (encrypted)
  • Profile preferences (currency, language)

Financial Information You Enter

  • Account names and types (e.g., "HDFC Savings," "Credit Card")
  • Account balances
  • Transaction details (amounts, dates, merchants, categories)
  • Budget information
  • Financial goals

Content You Upload

  • Receipt images
  • Bank statement screenshots
  • PDF documents
  • Any other images for AI scanning

Communications

  • Support requests
  • Feedback and suggestions
  • Survey responses

1.2 Information Collected Automatically

Device Information

  • Device type and model
  • Operating system and version
  • Unique device identifiers
  • App version

Usage Information

  • Features used and frequency
  • Screens viewed
  • Actions taken within the App
  • Time spent in the App
  • Crash logs and error reports

Technical Information

  • IP address (anonymized)
  • Time zone
  • Language settings

1.3 Information from Third-Party Services

Authentication Providers

  • If you sign in with Google, we receive your email address and name from Google
  • We do not receive or store your Google password

Payment Processors

  • Subscription status from Apple App Store or Google Play Store
  • We do NOT receive or store your payment card details
  • Payment processing is handled entirely by Apple/Google

2. How We Use Your Information

2.1 To Provide and Improve Our Services

  • Create and manage your account
  • Process and display your financial transactions
  • Provide AI-powered receipt and document scanning
  • Generate financial insights and analytics
  • Calculate your Kizu Score
  • Send budget alerts and notifications
  • Provide customer support
  • Improve and optimize the App

2.2 AI Processing

On-Device Processing

  • Basic text recognition (OCR) is performed locally on your device
  • This data does not leave your device for basic scanning

Cloud AI Processing

  • When you use AI extraction features, anonymized text from your scans may be sent to our secure servers
  • AI processing extracts transaction details (amount, date, merchant)
  • We use AI providers (such as Anthropic Claude) to process this text
  • We do NOT send your images to third parties — only extracted text
  • AI providers do not retain your data after processing

2.3 Analytics and Improvements

  • Understand how users interact with the App
  • Identify and fix bugs and errors
  • Develop new features
  • Measure the effectiveness of our Services

2.4 Communications

  • Send service-related announcements
  • Respond to your inquiries
  • Send promotional communications (with your consent)
  • You can opt out of promotional communications at any time

2.5 Legal and Safety

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraud and abuse
  • Protect the rights and safety of users

3. How We Share Your Information

3.1 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal or financial information to third parties for their marketing purposes.

3.2 Service Providers

We may share information with trusted third-party service providers who assist us in operating the App:

| Provider | Purpose | Data Shared | |----------|---------|-------------| | Firebase (Google) | Authentication, Database, Storage | Account data, encrypted transactions | | Anthropic (Claude AI) | AI text extraction | Anonymized OCR text only | | RevenueCat | Subscription management | User ID, subscription status | | Apple/Google | Payment processing | User ID (no financial data) | | Firebase Crashlytics | Crash reporting | Device info, crash logs |

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.3 Legal Requirements

We may disclose your information if required by law, such as:

  • In response to a court order or subpoena
  • To comply with legal process
  • To protect our rights or property
  • To prevent fraud or illegal activity
  • In connection with a merger or acquisition

3.4 With Your Consent

We may share your information for other purposes with your explicit consent.

4. Data Security

4.1 Security Measures

We implement robust security measures to protect your information:

Encryption

  • All data transmitted between your device and our servers is encrypted using TLS 1.3
  • Sensitive data stored on our servers is encrypted at rest
  • Local data on your device can be protected with biometric authentication

Access Controls

  • Strict access controls limit who can access your data
  • We use secure authentication methods
  • Regular security audits and monitoring

Infrastructure

  • We use Google Cloud Platform (Firebase) with enterprise-grade security
  • Data centers are SOC 2 Type II certified
  • Regular backups with encryption

4.2 Your Security Responsibilities

You are responsible for:

  • Keeping your login credentials secure
  • Using a strong, unique password
  • Enabling biometric lock if available
  • Logging out on shared devices
  • Keeping your device's operating system updated

4.3 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will:

  • Notify you within 72 hours of discovery
  • Inform relevant regulatory authorities as required
  • Take immediate steps to mitigate the breach

5. Data Retention

5.1 How Long We Keep Your Data

| Data Type | Retention Period | |-----------|------------------| | Account information | Until you delete your account | | Transaction data | Until you delete your account | | Uploaded images | Until you delete them or your account | | Usage analytics | 24 months (anonymized) | | Crash logs | 90 days | | Support communications | 3 years |

5.2 Account Deletion

When you delete your account:

  • All your personal data is permanently deleted within 30 days
  • Some anonymized, aggregated data may be retained for analytics
  • Backup copies are deleted within 90 days

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

  • Access all personal data we hold about you
  • Export your data in a portable format (CSV, PDF)
  • Request a copy of your data

How to exercise: Use the "Export Data" feature in Settings, or contact us at privacy@kizu.app

6.2 Correction

You can correct inaccurate personal information:

  • Edit your profile in Settings
  • Edit or delete any transaction
  • Contact us for assistance

6.3 Deletion

You have the right to delete your data:

  • Delete individual transactions or accounts within the App
  • Delete your entire account in Settings → Delete Account
  • Contact us at privacy@kizu.app

6.4 Opt-Out Rights

You can opt out of:

  • Promotional emails (unsubscribe link or Settings)
  • Push notifications (device settings)
  • Analytics collection (Settings → Privacy)

6.5 Data Processing Restrictions

You can request that we limit how we process your data in certain circumstances. Contact us at privacy@kizu.app.

7. Children's Privacy

Kizu is not intended for children under 13 years of age (or 16 in the European Economic Area). We do not knowingly collect personal information from children.

If we discover that a child has provided us with personal information, we will delete it immediately. If you believe a child has provided us with personal information, please contact us at privacy@kizu.app.

8. International Data Transfers

8.1 Where Your Data Is Processed

Your data may be processed in:

  • United States (Google Cloud / Firebase)
  • European Union (for EU users, where applicable)

8.2 Safeguards

For data transferred internationally, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Compliance with applicable data protection laws
  • Service providers with adequate data protection certifications

9. Regional Privacy Rights

9.1 European Economic Area (EEA) / UK (GDPR)

If you are in the EEA or UK, you have additional rights under GDPR:

Legal Basis for Processing

  • Contract: To provide the Services you requested
  • Consent: For optional features and marketing
  • Legitimate Interests: For analytics and security
  • Legal Obligation: To comply with laws

Additional Rights

  • Right to lodge a complaint with a supervisory authority
  • Right to withdraw consent at any time
  • Right to object to processing based on legitimate interests

Data Protection Officer Contact: dpo@kizu.app

9.2 California (CCPA/CPRA)

If you are a California resident, you have additional rights:

Right to Know

  • Categories of personal information collected
  • Purposes for collection
  • Categories of third parties with whom we share data

Right to Delete

  • Request deletion of your personal information

Right to Opt-Out

  • We do NOT sell personal information
  • We do NOT share personal information for cross-context behavioral advertising

Non-Discrimination

  • We will not discriminate against you for exercising your rights

To Exercise Your Rights: Contact us at privacy@kizu.app or use the in-app privacy controls.

9.3 India (Digital Personal Data Protection Act)

If you are in India:

  • You have the right to access, correct, and erase your data
  • You can withdraw consent at any time
  • You can nominate someone to exercise your rights
  • Contact our Grievance Officer: grievance@kizu.app

10. Third-Party Links and Services

The App may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

  • We will update the "Last Updated" date
  • For significant changes, we will notify you via email or in-app notification
  • Continued use of the App after changes constitutes acceptance

We recommend reviewing this Privacy Policy periodically.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Sheriax Solutions

  • Email: privacy@kizu.app
  • Support: support@kizu.app
  • Website: https://kizu.app/privacy

Data Protection Officer (for EEA/UK)

  • Email: dpo@kizu.app

Grievance Officer (for India)

  • Email: grievance@kizu.app

We will respond to your inquiry within 30 days.

13. Consent

By using Kizu, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.

© 2025 Sheriax Solutions. All rights reserved.

Kizu - Heal Your Finances 🦊