Privacy Policy

1. Data Protection & GDPR Compliance

Kamiara, a service provided by Pavly Boules (Independent Developer), based in Ravenna (RA), Italy, operates in strict accordance with the Italian "Garante Privacy" and the EU General Data Protection Regulation (GDPR). We are dedicated to ensuring the highest standards of data integrity and user privacy.

2. Your Rights Under GDPR

In accordance with the European Union's GDPR, you are entitled to the following rights regarding your personal information:

• Right to Access: You may view and verify your profile data within the application at any time.
• Right to Erasure: You have the right to permanently delete your account and all associated financial history via the application settings.
• Data Portability: Users may export their financial transactions and data in a structured format through the export features provided in the settings menu.

3. Data Security & Zero-Knowledge E2EE Architecture

End-to-End Encryption (E2EE): All your sensitive financial transactions, wallets, balances, and categories are encrypted directly on your device using AES-256-GCM. Your data is encrypted before it ever leaves your device or is synced to Firebase cloud infrastructure.

Zero-Knowledge Access: Cryptographic keys are generated on your device. To facilitate seamless multi-device synchronization, an encrypted escrow copy of your Master Key is securely stored on our servers, wrapped by a key derived from your custom 6-digit E2EE PIN using PBKDF2 (600,000 iterations). Because the PIN is never transmitted to or stored on our servers, zero-knowledge is maintained: neither Pavly Boules (the developer), hosting providers, nor administrators can decrypt or view your financial records under any circumstances.

Local Protection: On mobile devices, sensitive authentication tokens and key materials are stored using Hardware-Backed Encryption (Expo SecureStore/Keychain), ensuring that credentials never exist in plain text on your device's storage.

Data Isolation: We implement server-side Firestore Security Rules. This technical barrier ensures that your data is logically isolated; no user, regardless of technical ability, can access, read, or modify encrypted payloads belonging to another user.

4. Google Drive Integration & Data Ownership

Optional Synchronization: Kamiara provides an optional feature to sync your data with Google Drive. For maximum security, we utilize the hidden "App Data Folder"—a specialized storage area designed by Google specifically for application-specific data. This folder is logically isolated from your personal files (photos, documents, etc.) and is not visible or accessible through the standard Google Drive interface.

No-Access Policy: Kamiara does not request, nor can it access, any of your personal files on Google Drive. Our integration is strictly limited to this hidden sandbox to ensure 100% privacy and data integrity.

5. Incident Response & Transparency

In the unlikely event of a data breach, Kamiara adheres to a strict 72-hour notification commitment. We will notify any affected users via their registered email address within 72 hours of confirming an incident, detailing the nature of the breach and the steps taken to mitigate it.