Parawise Privacy Policy

Last updated: March 4, 2026

1. DATA COLLECTION

1.1. Parawise stores your data on your device by default. Cloud synchronization and backup are optional.

1.2. Data collected:

• Financial transaction data (income, expense, transfer)
• Category preferences
• Application settings
• Notification preferences
• AI chat history (optional)

1.3. Automatically collected data:

• Device information (model, operating system)
• Application usage statistics (anonymous)

1.4. DATA RETENTION: Your data is retained only for as long as your account remains active. Following account deletion, all personal data is permanently erased from our servers within 30 days. Backup files stored in the user's Google Drive or iCloud are outside Parawise's access and must be deleted separately by the user.

2. DATA USAGE

2.1. Your data is used for the following purposes:

• Financial tracking and analysis
• Personalized recommendations (if AI feature is enabled)
• Report and chart generation
• Improving application experience

2.2. AI DATA PROCESSING (optional): Enabled only with the user's explicit consent during onboarding. When using the AI chat feature, your data is processed through a third-party API provider (DeepSeek). Data transmitted: current conversation context only; personal identifiers are anonymized. The provider does not use data for AI model training and does not retain data after processing. A Data Processing Agreement (DPA) is available upon request. Data is not shared with any other third parties.

3. DATA SECURITY

3.1. All data is stored in encrypted form on the device.

3.2. Additional protection can be enabled with app lock (PIN/biometric).

3.3. Only on-device data is permanently removed when the application is uninstalled.

3.4. CLOUD SYNCHRONIZATION AND END-TO-END ENCRYPTION: Cloud synchronization is optional. All synchronized data is encrypted on the device using AES-256-GCM (end-to-end / E2E) before transmission. Encryption keys are stored solely on the user's devices (iOS Keychain / Android Keystore). No one — including the Parawise team — can read the data on our servers (Zero-Knowledge architecture). When sharing workspaces, encryption keys are securely transferred using RSA-2048 key exchange. The infrastructure runs on cloud database systems; servers are located in the EU/US.

3.5. WORKSPACE SHARING: Users may choose to share their data with other users via workspaces. Access permissions for shared users are controlled through a granular role-based system (owner, co-owner, manager, operator, member, viewer). Sharing can be revoked at any time; the removed user's encryption key is invalidated.

3.6. CLOUD BACKUP: Cloud backup is entirely optional. Backed-up data is encrypted on the device using AES-256 before being uploaded to Google Drive or iCloud. Encryption keys are stored exclusively on the user's device; no one — including Parawise — can read the backup contents (Zero-Knowledge).

3.7. SECURITY BREACH NOTIFICATION: In the event of a security breach, affected users and the relevant data protection authorities will be notified within 72 hours.

4. COOKIES AND TRACKING

4.1. Parawise does not use cookies.

4.2. No third-party tracking tools (analytics SDKs, advertising SDKs) are used.

5. THIRD-PARTY SHARING

5.1. Your data is not shared with third parties for advertising, marketing, or profiling purposes.

5.2. When the AI feature is used, only anonymized context data is processed through a provider with whom a data processing agreement is in place (see §2.2).

6. YOUR RIGHTS UNDER DATA PROTECTION LAWS

Under applicable data protection legislation — including the EU GDPR, the CCPA, and the Turkish KVKK — you have the following rights:

• Right to know whether your personal data is being processed
• Right to request information about processed data
• Right to request rectification if your data is incomplete or inaccurate
• Right to request erasure or destruction of your data (right to be forgotten)
• Right to receive your data in a structured, machine-readable format (data portability)
• Right to object to automated decision-making processes
• Right to withdraw consent at any time
• Right to lodge a complaint with a supervisory authority

7. DATA AND ACCOUNT DELETION

7.1. You can permanently delete both local and server data via "Settings → Data Management → Delete My Account."

7.2. Account deletion covers all data on our servers. However, backup files in the user's Google Drive or iCloud must be deleted separately by the user.

8. CONTACT

For privacy inquiries: privacy@parawise.info

Data protection officer requests: dpo@parawise.info