Legal

Privacy Policy

Version: 1.0 Effective Date: June 6, 2026 Last Updated: June 6, 2026

1. Who We Are

This Privacy Policy describes how Holicow LLC ("Holicow," "we," "us," or "our"), a Washington limited liability company, collects, uses, and shares information in connection with the sharedHisaab mobile application and related services (collectively, the "Service").

Contact: [email protected] | https://holicow.app/sharedhisaab/privacy

2. Who This Policy Applies To

The Service is offered only to United States residents who are 18 years of age or older. We do not knowingly collect information from anyone under 18. If we learn we have collected information from a person under 18, we will delete it.

3. Information We Collect

3.1 Information You Provide

  • Account information: name, email address, password (stored as a one-way hash).
  • Profile information: optional Venmo username.
  • Expense data: amounts, dates, payer, split allocations, vendor name, category, subcategory, notes, tags, and any other data you enter about shared expenses.
  • Group data: group names, member lists, currency, settlement-policy choices, invitations.
  • Recurring-expense templates: schedules and amounts for repeating expenses.
  • Support communications: if you contact us, we keep a record of the correspondence.

3.2 Information Collected Automatically

  • Device information: device model, operating system version, locale, time zone.
  • App-version information: version of the sharedHisaab app you are using.
  • Identifiers: an app-generated device identifier (used for sync and security), push-notification tokens (if you grant permission).
  • Usage information: API request logs, IP address, request timestamps, error reports, and crash diagnostics.

3.3 Information from Payment Processing

We do not collect or store payment-card numbers, CVCs, or bank-account details. When you subscribe, Apple, Inc. processes the payment through Apple In-App Purchase and handles all card data via your Apple ID. We do not receive your card number. From Apple's App Store Server Notifications and StoreKit transactions, we receive: an opaque Apple transaction identifier, the subscription product purchased, current period start and end dates, renewal/cancellation status, and Sandbox-vs-Production environment markers. We do not receive the card brand or last four digits.

4. How We Use Your Information

We use your information to:

  • operate, maintain, and provide the Service;
  • compute balances, splits, and settlement information within the groups you belong to;
  • send transactional communications (account verification, billing notifications, push notifications you have opted into, security alerts);
  • prevent and investigate fraud, abuse, or violations of our Terms of Use;
  • comply with legal obligations and respond to lawful requests;
  • improve and develop new features (using aggregated and anonymized analytics where reasonably possible).

5. How We Share Your Information

5.1 With Other Group Members

When you create or join a group, other members of that group can see the expenses you create, the splits assigned to you, your name, and your profile information as displayed in the Service. This sharing is essential to the Service's core function.

5.2 With Service Providers

We share data only with providers necessary to operate the Service, under written agreements that restrict their use of your data. As of the effective date of this policy, these include:

  • Apple, Inc. — payment processing (Apple In-App Purchase), App Store distribution, and push notification delivery via APNs
  • Laravel Holdings, Inc. — backend infrastructure and database hosting (Laravel Cloud)

5.3 For Legal and Safety Reasons

We may disclose information if required to do so by law, subpoena, or court order; to protect the rights, property, or safety of Holicow, our users, or others; or in connection with an investigation of fraud, security, or technical issues.

5.4 In a Business Transaction

If Holicow is involved in a merger, acquisition, financing, reorganization, or sale of assets, user information may be transferred as part of that transaction. We will notify you and give you choices, where required by law.

5.5 We Do Not Sell Your Information

We do not sell your personal information to third parties for monetary consideration. We do not engage in cross-context behavioral advertising.

6. Data Retention

  • Active accounts: we retain your data while your account is active.
  • Lapsed groups: when a group's license expires, the group enters a 90-day grace period during which all members retain export access. At the end of the 90-day grace period, the group's expenses, splits, recurring templates, vendors, notifications, and group-member rows are permanently deleted.
  • Deleted accounts: when you delete your account, we anonymize your name, email, and Venmo username; preserve user-ID references in other members' historical records (so their balances stay accurate); and retain Terms-acceptance audit records and limited billing records as required for legal and audit purposes.
  • Server logs: retained for up to 90 days for security and operational purposes.
  • Backup copies: may persist in our backups for up to 35 days beyond deletion of the live record.

7. Your Privacy Rights

Depending on where you live, you may have rights under applicable U.S. state privacy laws (including the California Consumer Privacy Act (CCPA) and similar laws in Virginia, Colorado, Connecticut, Utah, and other states):

  • Right to access the personal information we hold about you.
  • Right to delete your personal information, subject to legal-retention exceptions.
  • Right to correct inaccurate personal information.
  • Right to portability — export of your personal information in a portable format.
  • Right to opt out of "sale" or "sharing" of personal information (we do neither).
  • Right to non-discrimination for exercising your privacy rights.

To exercise any of these rights, contact [email protected] with the subject "Privacy Request." We will verify your identity using the email associated with your account and respond within the timeframes required by applicable law (typically 45 days). For California-specific rights, see Section 8.

You can also:

  • Export your data at any time directly from within the Service (Profile → Export Expenses).
  • Delete your account at any time directly from within the Service (Profile → Delete Account).

8. California Residents (CCPA Notice)

If you are a California resident, the California Consumer Privacy Act ("CCPA") gives you additional rights. The categories of personal information we collect are listed in Section 3. The business or commercial purposes for which we collect that information are listed in Section 4. The categories of third parties to whom we disclose information are listed in Section 5.

We do not sell personal information and do not engage in cross-context behavioral advertising. We do not knowingly collect personal information from minors under 16; we do not collect from anyone under 18.

To exercise your CCPA rights, contact [email protected]. We will not discriminate against you for exercising any CCPA right.

9. Security

We use commercially reasonable safeguards to protect your information, including:

  • HTTPS/TLS encryption for all data in transit;
  • one-way cryptographic hashing of passwords (we never store passwords in plain text);
  • Apple Keychain storage of authentication tokens on iOS devices;
  • access controls and audit logging on our backend systems.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security and disclaim such warranty in our Terms of Use.

10. Children's Privacy

The Service is not directed to anyone under 18. We do not knowingly collect personal information from anyone under 18. If you believe a child under 18 has provided information to us, contact [email protected] and we will delete it.

11. International Users

The Service is offered only to U.S. residents and is hosted in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States, which may have different data-protection laws than your country. We do not market or offer the Service to users in the European Economic Area, the United Kingdom, or other jurisdictions outside the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the Service, by email, or both, before they take effect. The "Last Updated" date at the top reflects the most recent revision. Your continued use of the Service after a change constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights:

Holicow LLC Attn: Privacy 100 N Howard St Ste W Spokane, Washington 99201 United States [email protected]