Privacy Policy

Last updated: February 17, 2026

1. Introduction

Zari ("we," "our," or "us") is a personal finance tracking application for iOS. Zari reads bank transaction alert emails from your email account to automatically extract and categorize your spending data. This Privacy Policy describes how we collect, use, store, and protect your information when you use the Zari mobile application (the "App").

By using Zari, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the App.

2. Information We Access

2.1 Email Data (via OAuth 2.0)

Zari accesses your email account through industry-standard OAuth 2.0 authentication provided by Google (Gmail) or Microsoft (Outlook/Hotmail). We request read-only access using the narrowest possible permission scope:

2.2 What We Read

Zari only reads emails from known bank transaction alert senders. We filter emails by sender address (e.g., alerts@hbl.com, no-reply@chase.com, alerts@jazzcash.com.pk). Emails from any other sender are never accessed, read, or processed.

2.3 What We Extract

From matching bank alert emails, Zari extracts only the following structured data:

• Transaction amount
• Merchant or payee name
• Transaction date and time
• Transaction type (debit/credit)
• Account identifier (last 4 digits only, if present)

After extracting this data, the raw email content is immediately discarded and is not stored anywhere.

2.4 What We Never Access

• Personal or work emails
• Email attachments, photos, or documents
• Email drafts or sent messages
• Contact lists or address books
• Calendar data
• Your email password or login credentials
• Any email not matching our known bank sender list

3. How We Use Your Data

Zari uses the extracted transaction data solely to:

• Display your spending history and patterns
• Categorize transactions (food, transport, bills, etc.)
• Calculate spending summaries and insights
• Provide trend analysis and weekly comparisons

We do not use your data for advertising, profiling, or any purpose other than providing the Zari service to you.

4. Data Storage and Security

4.1 On-Device Processing

All email processing happens entirely on your device. Raw email content is never transmitted to any external server. Zari's email parsing engine runs locally on your iPhone.

4.2 Local Storage

Extracted transaction data is stored locally on your device using encrypted storage (iOS Keychain for authentication tokens, Core Data with file-level encryption for transaction records). This data never leaves your device.

4.3 Authentication Tokens

OAuth 2.0 access and refresh tokens are stored securely in the iOS Keychain, which provides hardware-backed encryption on devices with a Secure Enclave.

4.4 No Server-Side Storage

Zari does not operate servers that store your email content, transaction data, or personal information. We do not have a user database containing your financial data.

5. Data Sharing

Zari does not share your data with any third parties. Specifically:

• We do not sell your data to advertisers, data brokers, or any other entity.
• We do not share your data with analytics services that could identify you.
• We do not provide your data to financial institutions.
• We do not use your data for purposes unrelated to the Zari service.

6. Google API Services User Data Policy

Zari's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• Zari only uses access to Gmail data to provide the spending tracking functionality described in this Privacy Policy.
• Zari does not transfer Gmail data to third parties except as necessary to provide the service, comply with applicable laws, or as part of a merger/acquisition with user notification.
• Zari does not use Gmail data for serving advertisements.
• Zari does not allow humans to read user data unless: (a) we have the user's express consent, (b) it's necessary for security purposes (investigating abuse), (c) it's necessary to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.

7. Microsoft Graph API Compliance

Zari's use of Microsoft Graph API data complies with the Microsoft APIs Terms of Use. We access only the minimum data necessary (Mail.Read scope) and do not store, share, or use the data for any purpose other than providing Zari's spending tracking functionality.

8. Your Rights and Choices

8.1 Revoke Email Access

You can revoke Zari's access to your email at any time:

• Within Zari: Go to Settings > Disconnect Email
• Google: Visit Google Account Permissions and remove Zari
• Microsoft: Visit Microsoft Account App Permissions and remove Zari

8.2 Delete Your Data

Since all data is stored locally on your device:

• Deleting the Zari app permanently removes all transaction data
• Using the "Clear All Data" option in Settings removes all stored transactions
• Disconnecting your email removes stored authentication tokens

8.3 Export Your Data

You can export your transaction data from within the App in CSV format at any time.

9. Children's Privacy

Zari is not intended for use by children under the age of 13 (or the applicable age in your jurisdiction). We do not knowingly collect information from children under 13.

10. International Users

Zari is available to users in Pakistan, the United States, and Canada. Since all data processing occurs on your device, no cross-border data transfers take place. Your data remains on your iPhone in your physical location.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the App or by other means before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was last revised.

12. Contact Us

If you have questions about this Privacy Policy, your data, or Zari's privacy practices, please contact us at:

Email: privacy@zariapp.com
General support: support@zariapp.com
Website: https://zariapp.com