Home  /  Privacy Policy

Privacy Policy

Effective 7 June 2026Last updated 7 June 2026Version 2.1

HisabRakh is built privacy-first. This policy explains what we collect, why, how we protect it, and the control you have — in plain language, with the legal detail where it matters.

01 Who we are

HisabRakh ("HisabRakh", "we", "us" or "our") provides a personal-finance, budgeting and bill-splitting mobile application and related services (the "App" or "Service"). This Privacy Policy describes how we handle your information when you use the App on iOS or Android, or visit our website.

For the purposes of the EU/UK General Data Protection Regulation (GDPR), HisabRakh is the data controller of the personal data described here. If you have any questions, contact our privacy team at privacy@hisabrakh.com.

02 Data we collect

We collect only what we need to make the App work. We do not sell your personal data, and we do not run banner or interstitial advertising networks that profile you.

Information you provide

Account details
Name, email address or phone number, and a password (or sign-in token) when you create an account.
Profile
Optional display name, avatar initials/colour, preferred language, currency and theme.
Financial entries
Expenses, income, budgets, goals, recurring items, loans and the splits, balances and notes you add. This data is stored to provide the Service.
Groups & contacts
Group names, members you add, and any messages you send in a shared-expense chat.
Support & payments
Messages you send to support, and subscription status processed by Apple or Google (we never receive your full card number).

Information collected automatically

  • Device & app data — device model, OS version, app version, language and crash diagnostics, used to keep the App stable.
  • Usage data — anonymised, aggregated events (e.g. "an expense was added") to understand which features are useful. This is not linked to your financial entries.
  • Identifiers — a randomly generated installation ID. We do not use advertising identifiers for cross-app tracking.
Offline-first by design. Your financial entries are created and stored locally on your device first. They sync to your private, access-controlled account only so you can use HisabRakh across devices and restore your data.

03 How we use your information

  • To provide core functionality — recording expenses, splitting bills, calculating balances, budgets, goals and loan ledgers.
  • To sync and back up your data securely across your devices.
  • To send service communications you've enabled, such as bill reminders and settle-up notifications.
  • To keep the App secure, prevent fraud and abuse, and debug crashes.
  • To process subscriptions and provide customer support.
  • To improve the App using aggregated, de-identified analytics.

We do not use your financial entries to build advertising profiles, and we never sell or rent your personal data to third parties.

04 Legal bases for processing (GDPR)

Where the GDPR applies, we rely on the following legal bases:

  • Performance of a contract — to deliver the Service you signed up for (your account, sync and core features).
  • Legitimate interests — to secure, maintain and improve the App, balanced against your rights and freedoms.
  • Consent — for optional notifications and any non-essential analytics; you can withdraw consent at any time.
  • Legal obligation — where we must retain or disclose data to comply with applicable law.

05 Sharing & disclosure

We share data only in these limited circumstances:

  • With people you choose — members of a group or a shared loan you create can see the shared expenses, balances and messages within it, subject to the access role you assign (equal, self-pay or read-only).
  • Service providers (processors) — vetted vendors that host our infrastructure, deliver notifications or process crash reports, under contracts that require them to protect your data and use it only on our instructions.
  • App stores — Apple and Google process your subscription payments under their own privacy policies.
  • Legal & safety — where required by law, to enforce our Terms, or to protect the rights, safety and property of our users or the public.
  • Business transfers — if HisabRakh is involved in a merger or acquisition, data may transfer under this policy; we will notify you of any material change.

06 Storage, security & retention

We protect your data with industry-standard safeguards including encryption in transit (TLS) and at rest, access controls, and regular security review. No method of transmission or storage is 100% secure, but we work hard to protect your information.

Retention. We keep your personal data for as long as your account is active. When you delete your account, we permanently erase or irreversibly anonymise your personal data within 30 days, except where we must retain limited records to meet a legal, tax or accounting obligation, or to resolve disputes.

Where data is shared in a group or loan with another person, deleting your account removes your personal identifiers; entries needed to keep their balances accurate may be retained in an anonymised form ("a former member").

07 Your rights

Depending on where you live (including under the GDPR and the California Consumer Privacy Act), you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data ("right to be forgotten").
  • Restrict or object to certain processing.
  • Port your data — export it in a portable format.
  • Withdraw consent at any time, without affecting prior lawful processing.
  • Not be discriminated against for exercising these rights.

You can exercise most of these directly in the App (Settings → Account & Data → Export / Delete) or by emailing privacy@hisabrakh.com. We respond within 30 days. You may also lodge a complaint with your local data-protection authority.

08 Account deletion

You can delete your account and associated personal data at any time:

We confirm the request, then permanently erase your personal data within 30 days as described in Section 6. Some anonymised, aggregated statistics that cannot identify you may be retained.

09 Children's privacy

HisabRakh is not directed to children under 13 (or the minimum age of digital consent in your country). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

10 Third-party services

We use a small number of trusted providers, each acting as a data processor under contract:

  • Cloud hosting & database for sync and backup.
  • Push-notification delivery (Apple Push Notification service / Firebase Cloud Messaging).
  • Privacy-respecting, aggregated product analytics and crash reporting.
  • Apple App Store and Google Play for subscription billing.

These providers may process data outside your country; see Section 11. Their use of information is governed by their own privacy policies.

11 International data transfers

Your data may be processed in countries other than your own. Where we transfer personal data out of the EEA, UK or other regulated regions, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision.

12 Cookies & tracking

The HisabRakh mobile app does not use advertising cookies. Our website uses only essential cookies and local storage — for example, to remember your light/dark theme preference. We do not use third-party advertising or cross-site tracking cookies. You can clear these at any time in your browser settings.

13 Changes to this policy

We may update this policy to reflect changes in our practices or the law. We'll revise the "Last updated" date above and, for material changes, notify you in the App or by email before they take effect. Continued use after an update means you accept the revised policy.

14 Contact us

Questions, requests or complaints about privacy? We're here to help.

HisabRakh Privacy Team
Email: privacy@hisabrakh.com
For data-deletion requests, use our online form.