Key Definitions #
General Data Protection Terms
| Term | Definition |
|---|---|
| Personal Data/Information | Any information relating to an identified or identifiable natural person |
| Processing | Any operation performed on personal data (collection, storage, use, etc.) |
| Controller | The entity that determines the purposes and means of processing personal data |
| Processor | An entity that processes personal data on behalf of a controller |
| Special Category Data | Sensitive personal data requiring enhanced protection (e.g., financial information, health data) |
| Data Subject/Consumer | The individual to whom personal data relates |
Cashira-Specific Terms
| Term | Definition |
|---|---|
| Financial Data | Account balances, transaction history, and other banking information accessed via read-only connections |
| Calendar Data | Events, schedules, and availability information from integrated calendar services |
| AI Insights | Personalized budgeting recommendations and financial planning suggestions generated by our algorithms |
| Smart Alerts | Automated notifications about unusual spending, budget limits, or financial opportunities |
| Read-Only Access | Our technical inability to move money or initiate financial transactions on your behalf |
What We Collect #
Data Categories & Sources
| Data Category | Examples | Source | Required/Optional |
|---|---|---|---|
| Account Information | Name, email, password, preferences | Direct from user | Required |
| Financial Data | Account balances, transactions, holdings | Bank/credit card APIs | Required |
| Calendar Data | Events, schedules, meeting details | Calendar service APIs | Optional |
| Device Information | IP address, browser type, device ID | Automated collection | Required |
| Usage Data | Feature usage, session duration, clicks | Automated collection | Required |
| Support Communications | Chat logs, emails, feedback | Direct from user | Optional |
Special Category Data
We do not intentionally collect special category data as defined by GDPR (e.g., health, biometric, genetic data). However, financial information may be considered sensitive personal information under various regulations and is protected accordingly.
How We Use Data #
Processing Purposes & Legal Bases
| Processing Purpose | Data Categories Used | GDPR Legal Basis | Other Jurisdictions |
|---|---|---|---|
| Account Creation & Management | Account Information | Contract Performance | Service Provision |
| Financial Insights & Budgeting | Financial Data, Calendar Data | Legitimate Interests | Business Operations |
| AI-Powered Recommendations | Financial Data, Usage Data | Consent (where required) | Service Improvement |
| Security & Fraud Prevention | Device Information, Financial Data | Legitimate Interests | Security Purposes |
| Customer Support | Account Information, Support Communications | Contract Performance | Customer Service |
| Service Improvement | Usage Data, Device Information | Legitimate Interests | Analytics |
| Marketing Communications | Account Information, Usage Data | Consent | Marketing (with opt-out) |
Data Retention & Deletion #
Retention Schedule
| Data Category | Retention Period | Deletion Process |
|---|---|---|
| Account Information | While account active + 30 days | Permanent deletion from all systems |
| Financial Data | While account active + 30 days | Secure erasure from databases and backups |
| Calendar Data | While account active + 7 days | Removal from all storage systems |
| Support Communications | 3 years from resolution | Secure deletion after retention period |
| Usage Analytics | 26 months | Automatic deletion after retention period |
| System Logs | 90 days | Automatic rotation and deletion |
Deletion Workflow
When you request account deletion or exercise your right to erasure:
- Immediate deactivation of your account
- Removal of personal data from active databases within 24 hours
- Queueing of deletion from backup systems (processed within 30 days)
- Confirmation email sent upon completion
Exceptions
We may retain certain data when required by law, such as:
- Financial records for regulatory compliance (7 years)
- Information related to ongoing legal disputes
- Fraud prevention data where retention is necessary
International Data Transfers #
Transfer Mechanisms & Safeguards
Global Operations
Cashira operates globally with data processing activities in multiple jurisdictions. We ensure appropriate safeguards for international data transfers through:
| Transfer Mechanism | Applicable Regions | Implementation |
|---|---|---|
| EU Standard Contractual Clauses (SCCs) | EU/EEA to third countries | Implemented with all non-EEA processors |
| UK International Data Transfer Agreement | UK to third countries | UK Addendum to EU SCCs |
| Adequacy Decisions | EU/EEA to adequate countries | Leveraged where applicable |
| Supplementary Measures | All transfers requiring enhancement | Encryption, access controls, audits |
Data Storage Locations
Primary data processing occurs in the United States and European Union. We select storage locations based on:
- Performance requirements for our global user base
- Data protection regulations in the storage jurisdiction
- Security and redundancy capabilities
Your Rights & How to Exercise Them #
Global Rights Overview
Regardless of your location, we provide accessible mechanisms to exercise control over your personal data:
| Right | Description | How to Exercise |
|---|---|---|
| Access | Obtain a copy of your personal data | Account settings or request to privacy@cashira.app |
| Correction | Rectify inaccurate or incomplete data | Edit profile or contact support |
| Deletion | Request erasure of your data | Account deletion option or email request |
| Restriction | Limit processing of your data | Contact privacy@cashira.app |
| Portability | Receive your data in a machine-readable format | Export feature or request to privacy@cashira.app |
| Objection | Object to certain processing activities | Opt-out mechanisms or contact privacy@cashira.app |
| Withdraw Consent | Revoke previously given consent | Privacy settings or contact privacy@cashira.app |
AI & Automated Decision-Making Transparency #
How We Use AI Responsibly
Cashira uses artificial intelligence to provide personalized budgeting insights and financial planning suggestions. We are committed to transparent and ethical AI practices.
AI Applications
| AI Function | Purpose | Data Used |
|---|---|---|
| Spending Categorization | Automatically categorize transactions | Transaction descriptions, amounts, merchant data |
| Budget Recommendations | Suggest personalized budget limits | Historical spending, income patterns, financial goals |
| Anomaly Detection | Identify unusual spending patterns | Transaction history, spending averages |
| Calendar Integration | Suggest optimal meeting times based on financial calendar | Event data, financial deadlines, user preferences |
Security Measures #
Our Security Posture
We implement comprehensive security measures to protect your financial and personal data, following industry best practices and "bank-level" security standards where appropriate.
Technical Safeguards
| Security Area | Implementation |
|---|---|
| Encryption | AES-256 encryption for data at rest; TLS 1.2+ for data in transit |
| Access Controls | Role-based access, principle of least privilege, multi-factor authentication |
| Network Security | Firewalls, intrusion detection/prevention, DDoS protection |
| Application Security | Secure SDLC, code reviews, vulnerability scanning, penetration testing |
Contact Us / DPO #
How to Reach Our Privacy Team
General Privacy Inquiries
For questions about this policy or our privacy practices:
- Email: privacy@cashira.app
- Support: support@cashira.app
- Mail: Consultants Lengu Inc., [Registered Address, Canada]