Privacy Policy

Last updated: May 2026

1. Information We Collect

Account information: email address, display name, and password hash (or OAuth provider tokens). Business phone number: read from the store’s public Google Places listing during business claim verification — used to place an automated voice call that reads a one-time verification code (OTP). We do not collect or store the personal mobile number of the person initiating the claim. Business documents: when a claimant chooses the document upload verification method instead of a voice call, the uploaded files (utility bill, business license, lease, or tax registration) are stored privately and accessed only by Paasya admin reviewers. Location data: used transiently to personalize your feed — we store only city and neighborhood, never precise GPS coordinates (CCPA compliant). Usage data: interactions with posts (reactions, saves, redemptions) to improve recommendations. Device information: device type, OS version, and Expo push token for notifications.

2. How We Use Your Information

To provide and personalize the feed based on your location. To enable deal redemptions between Users and Stores. To send push notifications about deals and account activity. To place automated voice verification calls and review uploaded business documents when a store owner initiates a business claim (see Section 12 for details). To improve the App through aggregated, anonymized analytics. To enforce our Terms of Service and prevent fraud.

3. Location Data

We take your privacy seriously regarding location data. Your GPS coordinates are used transiently to find nearby deals — they are never stored in our database. We store only your city and neighborhood for feed personalization. You can change your location manually at any time via the city selector. Location permissions can be revoked in your device settings.

We do not sell your personal information to third parties. We share data only with: Google Places API (for store information — subject to Google’s privacy policy); cloud infrastructure providers (AWS) for hosting; law enforcement when required by law. Store owners can see aggregated follower counts but not individual follower identities (except recent followers for their own store).

5. Data Security

Passwords are hashed using BCrypt with a cost factor of 12. Authentication uses JWT tokens with short expiry and refresh rotation. All API communication is encrypted via HTTPS/TLS. Sensitive configuration is stored in AWS Secrets Manager, never in code.

6. Your Rights

Access: View your data via the Profile screen. Correction: Edit your display name and profile information. Deletion: Delete your account and all associated data from Profile settings. Portability: Request a copy of your data by contacting support. Opt-out: Disable push notifications in device settings.

7. Data Retention

Active account data is retained while your account exists. Deleted accounts are soft-deleted for 30 days (for recovery), then permanently erased. Redemption records are anonymized after 90 days. Push tokens are cleared on logout.

8. Children’s Privacy

The App is not intended for children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided us with personal information, contact us immediately.

9. Third-Party Services

Google Places API: Used for store discovery and photos. Subject to Google’s Privacy Policy. Apple Sign In / Google Sign In: Used for authentication. Subject to their respective privacy policies. Expo Push Notifications: Used for deal alerts. Subject to Expo’s privacy policy.

10. Cookies & Tracking

The App does not use cookies. We do not use third-party tracking or advertising SDKs. Analytics are collected in aggregate and cannot identify individual users.

11. California Residents (CCPA)

California residents have additional rights under the CCPA: Right to know what personal information is collected. Right to delete personal information. Right to opt-out of the sale of personal information (we do not sell data). Right to non-discrimination for exercising these rights.

Paasya offers two methods to verify ownership when a store owner initiates a business claim through the App: (a) an automated voice call to the store’s listed phone number, or (b) upload of business-ownership documents for admin review. We do not send SMS marketing or promotional texts.

Voice verification: when you tap “Initiate Voice Call” on the claim screen, you consent to Paasya placing an automated, robocaller-style voice call to the phone number listed for that store on Google Places (not your personal mobile). The call reads a six-digit verification code aloud twice and ends. Frequency is one call per claim attempt, with up to a few retry attempts during a single 5-minute verification window. The call lasts roughly 30 seconds. Standard call rates may apply from the recipient’s carrier. We do not store voice recordings — Twilio places the call on Paasya’s behalf and Paasya retains only the call timestamp and Twilio call SID for support diagnostics. If a store has no Google-listed phone number, the voice option is hidden and document upload is the only path.

Document upload: when you tap “Upload Documents” on the claim screen, you consent to Paasya storing the uploaded files privately in encrypted cloud storage and sharing them with Paasya admin reviewers (and, where required by law, with law enforcement). Documents are not made public, never indexed, and never shared with the store. Reviews typically complete within 48 hours. Rejected claims may be resubmitted with additional documentation. Documents are retained for the lifetime of the claim record plus 30 days after a final decision, then permanently deleted.

For both methods: voice calls and SMS delivery are provided by our third-party carrier Twilio; phone numbers and call metadata are shared with Twilio only to the extent required to place the call and are not used for any other purpose. Document storage is provided by AWS S3 in encrypted private buckets. For help reply HELP or contact support@paasya.com.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via the App. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us at support@paasya.com.