Privacy Policy

Effective Date: March 19, 2026 | Last Updated: March 19, 2026

Ayuuto (“we”, “our”, or “us”) operates the Ayuuto mobile application (the “App”). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our App. By using Ayuuto, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.

1. Information We Collect

1.1 Information You Provide

Data	Purpose
Name	Displayed to other circle members so they can identify you
Email address	Used for account creation, authentication, and password recovery
Profile photo	Optional; displayed to other circle members
Contribution proof images	Optional; uploaded when submitting a contribution as evidence of external payment

1.2 Information Generated Through Use

Data	Purpose
Circle membership data	Tracks which savings circles you belong to and your role (host or member)
Contribution records	Tracks the status of contributions within each round (expected, submitted, confirmed, rejected, disputed)
Trust score	A numeric score (0–100) calculated based on your contribution history within the App
Audit logs	Records of actions taken within circles (e.g., round opened, contribution confirmed) for transparency and dispute resolution
Notification preferences	Whether you have enabled push notifications and your device token for delivery

1.3 Information Collected Automatically

Data	Purpose
Device push token (FCM)	Used to deliver push notifications to your device
Crash reports	Collected via Firebase Crashlytics to identify and fix bugs. These may include device model, OS version, and stack traces. They do not include personal content.

1.4 Information We Do NOT Collect

      We do not collect payment or banking information. All money transfers happen outside the App (e.g., via e-transfer, cash, or other methods chosen by circle members).
We do not collect location data.
We do not collect contacts or address book data.
We do not use advertising trackers or analytics SDKs beyond Crashlytics.

    

2. How We Use Your Information

We use the information we collect to:

Provide the service: Create and manage your account, facilitate savings circle coordination, track contribution statuses, and deliver notifications.
Maintain trust and transparency: Calculate trust scores, maintain audit logs, and support dispute resolution between circle members.
Communicate with you: Send push notifications about circle activity (new rounds, contribution reminders, round closures) and account-related emails (password reset).
Improve the App: Analyze crash reports to identify and fix technical issues.

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes.

3. How Your Information Is Shared

3.1 With Other Circle Members

When you join a savings circle, the following information is visible to other members of that circle:

Your name
Your profile photo (if provided)
Your contribution status within each round (submitted, confirmed, missed, etc.)
Your trust score

This visibility is essential to how savings circles function — members need to see who has contributed and who has not.

3.2 With Circle Hosts

Circle hosts can additionally see:

Audit logs of actions within their circle
The ability to confirm, reject, or manage contributions

3.3 With Service Providers

We use the following third-party services to operate the App:

Provider	Service	Data Shared	Privacy Policy
Google Firebase (Authentication)	Account management	Email, name	Firebase Privacy
Google Cloud Firestore	Database	All app data	Google Cloud Privacy
Google Firebase Cloud Messaging	Push notifications	Device token	Firebase Privacy
Google Firebase Crashlytics	Crash reporting	Device info, crash logs	Firebase Privacy
Google Cloud Storage	File storage	Profile photos, contribution proof images	Google Cloud Privacy

All data is processed within Google Cloud’s northamerica-northeast1 region (Toronto, Canada).

3.4 As Required by Law

We may disclose your information if required to do so by law, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Storage and Security

All data is stored on Google Cloud Platform infrastructure located in Toronto, Canada (northamerica-northeast1).
Data in transit is encrypted using TLS/HTTPS.
Data at rest is encrypted using Google Cloud’s default encryption.
Firestore security rules enforce that users can only read and write data they are authorized to access.
Sensitive operations (closing rounds, creating ledger entries) are performed server-side via Cloud Functions with integrity checks and audit logging.
Ledger entries include SHA-256 integrity hashes to prevent tampering.

5. Data Retention

Data Type	Retention Period
Account data (name, email)	Retained until you delete your account
Circle and contribution data	Retained for the lifetime of the circle, plus 1 year after the circle completes, for dispute resolution
Audit logs	Retained for 2 years after creation
Push notification records	Automatically deleted after 90 days
Crash reports	Retained per Firebase Crashlytics defaults (90 days)
Profile photos	Retained until you replace or delete them, or delete your account

6. Your Rights

Depending on your jurisdiction, you may have the following rights:

6.1 Access and Portability

You can view all your personal data within the App (profile, circles, contribution history). To request a machine-readable export of your data, contact us at privacy@ayuuto.ca.

6.2 Correction

You can update your name and profile photo directly in the App under Profile settings.

6.3 Deletion

You can request deletion of your account and associated data by contacting us at privacy@ayuuto.ca. Upon receiving a verified request:

Your account and profile data will be deleted within 30 days.
Your name in historical contribution and ledger records will be anonymized (replaced with “Deleted User”) but the records themselves will be retained for the integrity of other members’ circle histories.
Active circle memberships must be resolved (leave or complete) before account deletion can proceed.

6.4 Withdraw Consent

You can disable push notifications at any time through your device settings. You can stop using the App at any time. To fully withdraw consent for data processing, request account deletion as described above.

7. Children’s Privacy

Ayuuto is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the “Last Updated” date at the top of this page and notify you via the App if the changes are material.

Your continued use of the App after changes are posted constitutes your acceptance of the revised policy.

9. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Email: privacy@ayuuto.ca

Website: https://ayuuto.ca/privacy