Privacy Policy
Refynne - Personal Finance Management App
Effective Date: December 9, 2025
Last Updated: December 9, 2025
Website: https://refynne.com
Developer: BPS Dynamic (bpsdynamic.com)
1. Introduction
Welcome to Refynne ("we," "our," or "us"). We are committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website.
This policy is designed to comply with:
- South Africa: Protection of Personal Information Act (POPIA)
- European Union: General Data Protection Regulation (GDPR)
- United States: California Consumer Privacy Act (CCPA) and other state laws
- United Kingdom: UK GDPR and Data Protection Act 2018
- Brazil: Lei Geral de Proteção de Dados (LGPD)
- Australia: Privacy Act 1988
2. Information We Collect
2.1 Information You Provide
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Account Information | Name, email address, password | Contract performance, Consent |
| Financial Data | Transactions, budgets, expenses, income | Contract performance |
| Profile Information | Currency preference, language, timezone | Legitimate interest |
| Support Communications | Messages, feedback, support requests | Legitimate interest |
2.2 Information Collected Automatically
| Data Type | Purpose | Legal Basis |
|---|---|---|
| Device Information | Device type, OS version, app version | Legitimate interest |
| Usage Data | Features used, session duration, interactions | Legitimate interest |
| Crash Reports | Error logs, diagnostic data | Legitimate interest |
| Analytics | Aggregated usage patterns | Consent |
2.3 Information We Do NOT Collect
- Bank account credentials or login details
- Credit card numbers or CVV codes
- Social security numbers or national ID numbers
- Biometric data (fingerprints, face scans)
- Location data (GPS coordinates)
3. How We Use Your Information
We use your information for the following purposes:
3.1 Core Service Delivery
- Provide expense tracking and budget management features
- Sync your data across devices (if enabled)
- Generate financial reports and analytics
- Send budget alerts and notifications
3.2 Service Improvement
- Analyze usage patterns to improve features
- Fix bugs and technical issues
- Develop new features based on user needs
3.3 Communication
- Send important service updates
- Respond to support requests
- Send marketing communications (with consent)
4. Data Storage and Security
4.1 Local Storage (Default)
By default, Refynne stores your financial data locally on your device using encrypted storage. This means:
- Your data never leaves your device unless you enable cloud sync
- We cannot access your financial data
- You are responsible for backing up your data
4.2 Cloud Storage (Optional)
If you enable cloud sync, your data is stored on secure AWS servers:
- Data is encrypted in transit (TLS 1.3)
- Data is encrypted at rest (AES-256)
- Servers are located in [AWS Region]
- Access is restricted to authorized personnel only
4.3 Security Measures
- End-to-end encryption for sensitive data
- Regular security audits and penetration testing
- Multi-factor authentication (optional)
- Automatic session timeout
- Secure password hashing (bcrypt)
5. Data Sharing and Disclosure
5.1 We Do NOT Sell Your Data
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5.2 Service Providers
We may share data with trusted service providers who assist us in operating our service:
| Provider | Purpose | Data Shared |
|---|---|---|
| AWS | Cloud infrastructure | Encrypted user data (if cloud sync enabled) |
| Analytics Provider | Usage analytics | Anonymized usage data |
| Support Platform | Customer support | Support ticket content |
5.3 Legal Requirements
We may disclose your information if required by law or in response to:
- Valid legal process (court orders, subpoenas)
- Government requests in accordance with applicable law
- Protection of our rights, privacy, safety, or property
6. Your Rights
6.1 Universal Rights
All users have the following rights:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data
- Portability: Export your data in a machine-readable format
- Objection: Object to certain processing activities
- Withdrawal: Withdraw consent at any time
6.2 How to Exercise Your Rights
To exercise any of these rights:
- In-App: Settings → Privacy & Security → Data Management
- Email: privacy@refynne.com
- Website: https://refynne.com/privacy-request
We will respond to your request within:
- GDPR/UK: 30 days
- POPIA: 30 days
- CCPA: 45 days
- LGPD: 15 days
7. Region-Specific Provisions
7.1 South Africa (POPIA)
Information Officer: BPS Dynamic
Contact: privacy@refynne.com
Under POPIA, you have the right to:
- Be notified when your personal information is collected
- Request access to your personal information
- Request correction or deletion of your personal information
- Object to the processing of your personal information
- Lodge a complaint with the Information Regulator
Information Regulator Contact:
- Website: https://www.justice.gov.za/inforeg/
- Email: inforeg@justice.gov.za
7.2 European Union (GDPR)
Data Controller: BPS Dynamic
Legal Basis for Processing:
- Contract performance (core service features)
- Legitimate interest (service improvement, security)
- Consent (marketing, analytics)
EU Representative: [To be appointed if required]
Under GDPR, you have additional rights to:
- Data portability
- Restriction of processing
- Lodge a complaint with your local Data Protection Authority
7.3 United States (CCPA/State Laws)
California Residents: Under CCPA, you have the right to:
- Know what personal information is collected
- Know whether your personal information is sold or disclosed
- Say no to the sale of personal information
- Access your personal information
- Request deletion of your personal information
- Equal service and price (non-discrimination)
Categories of Personal Information Collected:
- Identifiers (name, email)
- Commercial information (transaction history)
- Internet activity (usage data)
We do NOT sell personal information.
7.4 United Kingdom (UK GDPR)
Post-Brexit, UK residents are protected under UK GDPR and the Data Protection Act 2018. Your rights mirror those under EU GDPR.
UK Representative: [To be appointed if required]
ICO Contact:
- Website: https://ico.org.uk/
- Phone: 0303 123 1113
7.5 Brazil (LGPD)
Under LGPD, you have the right to:
- Confirmation of data processing
- Access to your data
- Correction of incomplete or inaccurate data
- Anonymization, blocking, or deletion of unnecessary data
- Data portability
- Information about sharing with third parties
- Revocation of consent
ANPD Contact:
- Website: https://www.gov.br/anpd/
7.6 Australia (Privacy Act)
Under the Australian Privacy Principles (APPs), you have the right to:
- Know what personal information is collected
- Access your personal information
- Request correction of your personal information
- Complain about privacy breaches
OAIC Contact:
- Website: https://www.oaic.gov.au/
- Phone: 1300 363 992
8. Children's Privacy
Refynne is not intended for children under 13 years of age (or 16 in the EU). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@refynne.com.
9. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until account deletion + 30 days |
| Financial data | Until account deletion + 30 days |
| Support communications | 2 years |
| Analytics data | 26 months (anonymized) |
| Crash reports | 90 days |
After account deletion, we may retain anonymized, aggregated data for statistical purposes.
10. International Data Transfers
If you are located outside the country where our servers are located, your data may be transferred internationally. We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) for EU/UK transfers
- Adequacy decisions where applicable
- Binding Corporate Rules where applicable
11. Cookies and Tracking
11.1 Mobile App
The Refynne mobile app does not use cookies. We use local storage for app preferences and session management.
11.2 Website
Our website (refynne.com) uses cookies for:
- Essential functionality (session management)
- Analytics (with consent)
- Preferences (language, theme)
You can manage cookie preferences through your browser settings or our cookie consent banner.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by:
- In-app notification
- Email notification (if you have an account)
- Prominent notice on our website
The "Last Updated" date at the top of this policy indicates when it was last revised.
13. Contact Us
If you have questions about this Privacy Policy or our privacy practices:
BPS Dynamic
Email: privacy@refynne.com
Website: https://refynne.com/contact
Support: https://refynne.com/support
For privacy-specific inquiries, please include "Privacy Request" in your subject line.
14. Definitions
| Term | Definition |
|---|---|
| Personal Information | Any information that identifies or can be used to identify an individual |
| Processing | Any operation performed on personal information (collection, storage, use, disclosure, deletion) |
| Data Controller | The entity that determines the purposes and means of processing personal information |
| Data Processor | An entity that processes personal information on behalf of the data controller |
| Consent | Freely given, specific, informed, and unambiguous indication of agreement |
© 2025 BPS Dynamic. All rights reserved.