Privacy Policy

Jarrah is a personal finance application operated by Zondo Studios ("we", "us", or "our"), available at jarrah.money and as a companion mobile app for iOS and Android. This Privacy Policy explains how we collect, use, disclose, and protect your personal information across both the web and mobile experiences.

Jarrah is available to users worldwide. We are operated from Australia and apply the Australian Privacy Principles under the Privacy Act 1988 (Cth) as our baseline. If you live elsewhere, the privacy rights granted by your local law (for example the EU/UK GDPR, the UK Data Protection Act, California's CCPA/CPRA, or equivalent statutes) apply in addition to this policy and are not waived by anything in it.

By using Jarrah, you consent to the practices described in this policy.

We collect the following categories of information:

Account information

• Email address
• Name (when provided via Google or Apple sign-in)
• Authentication credentials (managed securely by our auth provider)

Financial data

• Bank, savings, credit-card, loan, investment, and property accounts (names, types, balances, institution names)
• Transactions (dates, descriptions, amounts, merchants, notes, transfer pairings)
• Split-transaction allocations
• Budgets, budget history, and category allocations
• Investment contribution history and recorded balance snapshots used for net-worth tracking
• Recurring expenses and income (e.g. rent, subscriptions, salary), including any document attachments (e.g. PDF bills) you upload to one
• Financial goals and goal progress
• Reminders and IOUs, including names and amounts of participants you add
• Vendor names and categorisation rules

Subscription & billing state

• Plan tier, trial start/end dates, current billing period, and cancellation status
• Customer and subscription identifiers issued by Stripe (your card number is never stored by us — see Section 5)

Preferences

• Display settings (start page, period type, country, compact-number formatting, default account)
• Onboarding state (whether you have completed initial setup)
• Import column-mapping templates for CSV and Excel statements

Technical & diagnostic information

• IP address, browser or device type, operating system, and approximate location, captured automatically by our hosting and error-monitoring providers (see Section 5)
• Error reports, performance traces, and — when an error occurs — a session replay of the page where it happened

• Directly from you: when you create an account, add transactions, set budgets, upload attachments to a commitment, or configure your preferences.
• Via Google or Apple sign-in: we receive your name and email address from the identity provider you choose. If you sign in with Apple and choose "Hide My Email", we only receive Apple's private relay address.
• Via statement import: when you import transactions from a CSV or Excel file you exported from your bank, the file is parsed and the resulting rows are saved to your account. We never receive your bank login credentials.
• Automatically: when you use the Service, our hosting and error-monitoring providers collect technical information (IP, device, performance metrics, error context) needed to deliver the Service and diagnose problems.
• Via mobile-device permissions: on iOS and Android, the Jarrah mobile app may ask for permission to access your calendar (to add reminder due dates as native events) or your contacts (to suggest names when adding participants to a shared expense). These permissions are only used when you trigger the relevant feature, and the data stays on your device — Jarrah does not transmit your calendar or contacts to our servers.

We use your information to:

• Provide and maintain the Jarrah service across web and mobile
• Generate budgets, reports, and financial insights
• Process subscription payments and manage your billing status
• Diagnose and fix bugs, performance issues, and crashes
• Communicate with you about account, billing, or service-related matters

We do not sell your personal information. We do not use your data for advertising or profile-building, and we do not share it with data brokers.

We rely on the following third-party services to operate Jarrah:

• Supabase: provides authentication, database hosting, and file storage for attachments. Your data is stored in managed infrastructure with row-level security policies ensuring you can only access your own data. See Supabase's Privacy Policy.
• Stripe: processes subscription payments for the Pro plan when you subscribe on the web. Stripe collects and stores your payment details (card number, expiry, billing address). Jarrah never sees or stores your full card number. Stripe is PCI DSS Level 1 certified. See Stripe's Privacy Policy.
• Apple & Google (in-app purchase): when you subscribe through the iOS or Android app, payment is processed by Apple (App Store) or Google (Play Store) respectively. They collect your payment details and Apple ID / Google account information; Jarrah never sees this data. They share with us a transaction identifier and the entitlement that you purchased. See Apple's Privacy Policy and Google's Privacy Policy.
• RevenueCat: our subscription infrastructure for the mobile apps. RevenueCat receives the transaction confirmation from Apple or Google and tells our servers when your subscription starts, renews, or ends. It receives your Jarrah user ID, the product you purchased, and the transaction identifier. It does not receive your payment details. See RevenueCat's Privacy Policy.
• Vercel: hosts the Jarrah web application and provides aggregate web analytics and performance (Speed Insights) telemetry. Vercel receives technical request information (IP, user agent, page, timing) used for hosting and performance measurement. We do not use Vercel's advertising or audience products. See Vercel's Privacy Policy.
• Sentry: captures error reports, performance traces (sampled), and — when an error occurs — a replay of the affected page so we can reproduce and fix the bug. Replays mask form inputs by default, but error context can include your user identifier, email, IP address, and the URL you were on. We do not enable session replay for normal (non-error) browsing. Sentry is configured for both the web and mobile apps. See Sentry's Privacy Policy.
• Google & Apple sign-in: optional identity providers. When you choose to sign in with Google or Apple, the provider sends us your email address and (where you allow it) your name. Their handling of the sign-in is governed by their own privacy policies.
• Google Fonts: our display font is served from Google's public font CDN. Loading the font sends Google your IP address and user-agent. No cookie is set and no font request includes your account information.
• Expo (mobile only): our mobile app is built with the Expo framework. If you enable push notifications, the app obtains a push token from Apple Push Notification service or Firebase Cloud Messaging via Expo's push infrastructure so that we can deliver reminder and budget notifications to your device.

Each third-party service is governed by its own privacy policy. We encourage you to review them.

Jarrah uses a minimal number of cookies and storage entries:

• Session cookies (essential): managed by our authentication provider to keep you signed in.
• Start-page preference (functional): stores your preferred landing page (dashboard or transactions) so it persists across sessions.
• Password-recovery token (essential): a short-lived cookie (10 minutes) set during the password-reset flow to gate the reset page; cleared once your password is updated.
• Theme preference (functional, browser local storage): remembers your light/dark theme choice. Stored locally in your browser; never sent to us.

We do not use advertising or cross-site tracking cookies. The aggregate analytics and performance telemetry collected by our hosting provider is described in Section 5.

We take reasonable steps to protect your information from unauthorised access, modification, or disclosure:

• All connections are encrypted via HTTPS/TLS
• Row-level security policies ensure each user can only access their own data
• Authentication tokens are managed by our authentication provider and are not accessible to client-side code on the web; on mobile, session tokens are stored in the operating system's encrypted secure store
• Uploaded commitment attachments are served via short-lived signed URLs scoped to your account
• We never ask for your bank login credentials; your bank statements come into Jarrah only through CSV or Excel files you export and upload yourself

No system is perfectly secure. If we ever become aware of a data breach affecting your information, we will notify you and any required authorities in accordance with applicable law.

Your data is retained for as long as your account is active. When you delete your account, all associated data — transactions, accounts, budgets, goals, reminders, attachments, and preferences — is permanently and immediately deleted from our database, your authentication record is removed, and any active Pro subscription is cancelled at Stripe.

You can delete your account at any time from the Settings page within the app.

Some data held by third-party providers (e.g. error logs at Sentry, aggregated analytics at Vercel, billing records retained by Stripe for tax and accounting purposes) is governed by those providers' retention schedules and may persist for a limited period after your Jarrah account is deleted. Stripe is required by law to retain payment records for several years.

You have the right to:

• Access the personal information we hold about you
• Correct any inaccurate or out-of-date information
• Export all your data via the in-app Data Export feature, which produces a JSON file containing every record we hold for your account
• Delete your account and all associated data from the Settings page at any time
• Withdraw consent for optional mobile permissions (calendar, contacts, push notifications) at any time from your device settings

If you live in a country with additional statutory privacy rights (e.g. the EU/UK's GDPR, California's CCPA, Australia's Privacy Act), those rights also apply and are not waived by this policy. Contact us using the details below to exercise any of them.

Jarrah is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

Jarrah is operated from Australia, but our service providers may process and store data in other countries (including the United States, where Sentry and Vercel are based). Where we transfer personal information outside your country of residence, we rely on our providers' standard contractual safeguards and certifications to protect your data to a comparable standard.

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. For material changes, we will give reasonable notice via email or in-app where practicable. We encourage you to review this policy periodically.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

help@zondostudios.com