← Home|Legal|PrivacyTerms

Privacy Policy

Effective date: 31 March 2026 · Last updated: 31 March 2026

TaawunX (“TaawunX”, “we”, “us”) provides a mobile application and related services for community savings pools (“Darets”), wallet features, charitable campaigns (“Zakat” / verified philanthropy flows), and related financial tools oriented toward users in Algeria and the broader Francophone / MENA region. This Privacy Policy explains what personal data we collect, why we use it, how long we keep it, and your choices.

Controller. Contact: privacy@taawunx.app (replace with your production inbox before launch). Jurisdiction: Algeria, with hosting and subprocessors potentially outside DZ — see Section 7.

1. Who this applies to

This policy applies to users of the TaawunX mobile app who create an account or otherwise interact with our services.

2. Data we collect

  • Account & identity: full name, mobile phone number, password (stored hashed), optional email, optional KYC-related data you submit, role (e.g. user vs. administrator).
  • Transactional & product data: Daret memberships, contribution amounts in DZD, wallet balance and transaction history as modeled in the app, campaign donations, timestamps, and dispute-related records you create.
  • Device & technical data: device type, OS version, app version, push notification token (Expo push token) if you grant permission, coarse diagnostic logs if crash reporting (e.g. Sentry) is enabled.
  • Usage & support: in-app actions we log for security and audit (e.g. admin seed operations), support messages you send us.
  • Payments: card or bank interactions may be processed by third-party gateways (e.g. SATIM / partner acquirers). We do not store full card numbers on our servers; payment providers process card data under their own terms.

3. Purposes and legal bases

We process data to:

  • Provide the service — authenticate you, show balances and Darets, record contributions, display campaigns.
  • Security & fraud prevention — session tokens, refresh tokens, rate limits, audit logs for privileged actions.
  • Communications — optional push notifications about cycles, payouts, and account events if you opt in; transactional emails (when implemented) for important notices.
  • Compliance — meet legal, regulatory, or law-enforcement requests where required.
  • Improve reliability — aggregated analytics and crash reports without selling your personal data.

4. Sharing and subprocessors

We may share data with:

  • Infrastructure — cloud hosting (e.g. Heroku or equivalent), managed PostgreSQL, file storage if used.
  • Push delivery — Expo / Apple / Google notification services to deliver push messages.
  • Crash reporting — Sentry or similar, if enabled in the build.
  • Payment partners — acquiring banks / SATIM-compliant gateways solely to complete payments you initiate.

We do not sell personal data to data brokers. We do not use your contacts or photos unless a future feature explicitly requests permission in the OS permission dialog.

5. Retention

  • Account data: retained while your account is active and for a period afterward for legal / dispute resolution unless you request deletion where applicable.
  • Financial records: may need longer retention for accounting and regulatory reasons.
  • Logs: rotated on a rolling basis (e.g. 30–90 days) unless needed for an investigation.

6. Security

We use industry-standard measures including HTTPS in transit, password hashing (bcrypt-class), JWT access and refresh tokens stored in secure device storage where supported, and HTTP security headers on the API. No method is 100% secure; protect your password and device.

7. International transfers

Servers or subprocessors may be located outside Algeria (e.g. EU/US). Where required, we rely on appropriate safeguards (standard contractual clauses or equivalent) or your explicit consent for specific transfers.

8. Your rights & Account Deletion

You have the right to access, correct, or delete your personal data.

How to delete your account:

To request account and associated data deletion, please follow these steps:

  1. Send an email to privacy@taawunx.app.
  2. Use the subject line "Account Deletion Request".
  3. Include your registered mobile phone number in the body of the email.

Once verified, we will delete your account and personal data, except for data we are legally required to retain for financial auditing or regulatory purposes (e.g., transaction logs).

Children: TaawunX is not directed at children under 16; do not register them.

9. Child Safety & CSAE Prevention

TaawunX has a zero-tolerance policy for child sexual abuse material (CSAM) and exploitation (CSAE). We are committed to maintaining a safe environment for all users within our social coordination features.

  • Prohibited Content: The creation, storage, or sharing of any content that depicts the sexual abuse or exploitation of children is strictly prohibited and will result in immediate account termination.
  • Reporting Mechanism: Users can report any suspicious or illegal content involving minors via the in-app "Disputes" or "Help" features, or by emailing safety@taawunx.app.
  • Law Enforcement: We comply with all relevant child safety laws and will report any discovered CSAM/CSAE to the appropriate regional and national authorities (e.g., NCMEC where applicable).
  • Designated Contact: For inquiries regarding our child safety compliance and prevention practices, please contact our safety lead at mehdi.mansor3115@gmail.com.

10. Changes

We will update this page for material changes and adjust the “Last updated” date. Continued use after changes constitutes acceptance where permitted by law.

10. Demo & testing builds

Pre-production builds may use test data, skip OTP, or expose demo reset endpoints for administrators only. Do not use demo configurations for real money or production PHI/PII beyond what is necessary for testing.