Raas (“the app”, “we”, “us”) is a personal expense tracker for Pakistani users. This policy explains what data Raas collects, why, how it is stored, who it is shared with, and the choices you have. By creating an account you agree to this policy.
1. Who we are
Raas is operated by the Raas team. For privacy questions, contact support@raas.website.
2. Data we collect
| Data | Why we collect it | Where it is stored |
|---|---|---|
| Email address | Account creation, sign-in, and password reset | Our server database |
| Name & profile photo (optional) | Personalising your profile | Our server database |
| Google account basic profile (if you use Google Sign-In) | Authentication | Processed via Google OAuth; we store your email and name |
| Expense & income records | The core purpose of the app — tracking your spending | Our server database + locally on your device |
| Voice audio recordings | Converting spoken input into an expense | Sent to our AI provider for transcription, then deleted immediately after parsing. Not retained. |
| Future Funds / savings entries | Sinking-fund tracking | Our server database + locally on your device |
| App settings | Remembering your preferences | Locally on your device + synced settings on our server |
We do not collect your contacts, location, SMS, call logs, or advertising identifiers.
3. How we use your data
- To provide the expense-tracking service and sync it across your sessions.
- To authenticate you and keep your account secure.
- To convert voice input into structured expenses using AI.
- To generate spending insights and summaries from your own data.
- To send transactional emails (e.g. password reset) if you request them.
We do not sell your data, and we do not use it for advertising.
4. Third-party services
Raas shares the minimum necessary data with these processors:
- Google OAuth — only if you choose Google Sign-In, to verify your identity.
- AI provider(s) — your voice audio and/or expense text are sent for transcription and parsing. Audio is deleted after parsing. They process the data under their own terms and never receive your account credentials.
- Email/SMTP provider — to deliver password-reset emails.
We do not share your financial records with any third party for marketing or analytics.
5. Data storage and security
- Account passwords are stored hashed (bcrypt), never in plain text.
- Any AI API key you provide is encrypted at rest on our server.
- Network traffic uses HTTPS/TLS in production.
- On your device, sensitive tokens are kept in encrypted storage, and the app supports a biometric lock.
6. Data retention
- Your account and expense data are retained until you delete your account.
- Voice audio is not retained — it is deleted right after parsing.
- When you delete your account (Profile → Delete account), your expenses, tags, settings, and refresh tokens are removed from our server.
7. Your rights
- Access / export: you can view your full history in the app.
- Correction: you can edit or delete any expense, tag, or fund.
- Deletion: you can permanently delete your account and all associated data from within the app. This action requires confirmation and cannot be undone.
8. Children
Raas is a general-audience finance utility and is not directed at children under 13. We do not knowingly collect data from children.
9. Changes to this policy
We may update this policy. Material changes will be reflected by the “Last updated” date above and, where appropriate, an in-app notice.
10. Contact
For any privacy request or question, contact support@raas.website.