Privacy Policy
Last Updated: May 26, 2026 • Version 1.1.0 • EULA Compliance
Damsera is built on the belief that your financial data is personal, private, and belongs solely to you. Our private-by-design architecture ensures that your financial records are never collected, aggregated, tracked, or sold. Below is an exhaustive disclosure of how Damsera handles privacy.
Local Sandbox
Your transactions, accounts, and budgets are written directly to a private, localized SQLite database inside your Apple sandbox container.
Zero Cloud Servers
We run no intermediate backend databases. There are no server databases where your balance records or credentials could be compromised.
No Telemetry
Damsera contains no tracking SDKs, Firebase metrics, or marketing cookies. Your app interactions remain entirely anonymous.
1. Exhaustive Data Collection Disclosure
To provide absolute transparency, we explicitly state that we **DO NOT COLLECT, TRANSMIT, PROCESS, OR RETAIN** any of the following data categories:
| Data Category | Handling Method | Access Level |
|---|---|---|
| Transactions & Ledgers | Stored strictly in local SQLite Database | User-Only |
| Bank Accounts & Routing | None. Manual registry or offline import | User-Only |
| Credentials & PINs | None. Handled locally by Apple Keychain API | User-Only |
| iCloud Metadata | Encrypted via Apple CloudKit Container | User-Only |
| Usage & App Behavior | No analytics tracking. Zero cloud telemetry | User-Only |
2. Local Sandbox Encryption Architecture
Your database is isolated inside Apple's native application sandbox container. Under iOS and macOS security frameworks, this ensures that no other third-party application installed on your device can audit, read, or alter your financial records.
For hardware-level security, the local database utilizes **Apple's Data Protection API**, encrypting database files automatically whenever your screen is locked. This ensures your financial history remains protected in the event of physical device loss or theft.
3. iCloud CloudKit Synchronization Mechanics
Damsera provides cross-device continuity exclusively through Apple CloudKit. When you activate database synchronization:
- E2E Encryption: Your database is synced directly to your private iCloud container using end-to-end encryption. Apple's Advanced Data Protection protocols ensure that your data keys remain exclusively on your authenticated Apple devices.
- Zero Intermediaries: Damsera does not operate intermediate relays, reverse-proxies, or cloud web servers. Your database travels directly from your local device to Apple's secure iCloud servers.
- Self-Service Control: You can enable or disable iCloud synchronization at any time directly through your Apple System Settings under iCloud > Damsera.
4. Global Privacy Frameworks Compliance (GDPR, CCPA, CPRA)
Although Damsera does not harvest personal details, we fully comply with major global data protection frameworks:
- GDPR (Europe): We act neither as a data controller nor processor on our servers, as we receive no data. Your right to control data is fully exercised locally.
- CCPA / CPRA (California): Damsera does not meet the criteria of a business that "sells" or "shares" consumer personal information, as we possess no database of users.
- COPPA (Children's Online Privacy): Because Damsera has no backend databases and collects no information, it is inherently compliant with children's privacy standards, as no child's metrics are ever stored by us.
5. Crash Reporting & System Diagnostics
We do not include third-party crash reporters (such as Crashlytics or Sentry). If the application encounters an error, diagnostics are generated locally inside your Apple Console log.
Any voluntary logs or diagnostic files that you choose to submit to our support team are audited solely for code troubleshooting and are permanently purged immediately upon issue resolution.
6. Subscription & In-App Purchase Transactions
All premium module licenses and subscription payments are handled through Apple In-App Purchases. Damsera does not collect, store, or transmit your credit card numbers, billing addresses, CVVs, or Apple ID passwords. All checkout transactions are managed securely inside the secure runtime environment provided by Apple StoreKit.
7. Corporate Compliance & Inquiries
Damsera is committed to maintaining the highest privacy benchmarks. For corporate audits, legal EULA inquiries, or general clarifications regarding our offline-first codebase architecture, contact our Data Protection Representative at **support@damseraapp.com**.
8. Website Visitor Analytics & Page Performance
While the Damsera native application itself contains zero third-party telemetry scripts and operates fully offline, our public-facing promotional website uses lightweight analytics services to optimize our design, inspect page loading speeds, and understand general user traffic patterns. These include:
- Vercel Analytics & Speed Insights: Monitors page load times, layout stability, and basic anonymous visitor counts to keep our rendering speeds optimized.
- Google Analytics: Collects generalized, non-personally identifiable metrics (such as device types, general regions, and page pathways) to optimize search discovery.
- Microsoft Clarity: Analyzes user sessions on our web portal via anonymized scroll patterns and heatmaps to refine our interactive documentation layout.
None of these web analytics platforms have access to your local SQLite sandbox database, financial transaction ledgers, or iCloud sync keys. They operate strictly on the public-facing promotional website container.