Zimma is a personal finance app built for Pakistani users. We take the privacy of your financial data seriously. This policy explains what we collect, why, and what we do with it.
The short version: your financial data lives on your device first. Cloud backup exists to protect you from data loss, not to monetize your information. We will never sell your data.
Who we are
Zimma ("ذمہ") is operated by Zimma App. When this policy says "we," "us," or "Zimma," it refers to Zimma App and its services, including the Zimma mobile application and the zimma.app website.
What we collect
Account information
When you create a Zimma account, we collect your name and email address. If you sign in with Google or Apple, we receive the profile information those services share (typically name and email).
Financial data you enter
Zimma stores the financial data you choose to enter: transactions, accounts, assets, categories, Zakat calculations, and tax-related income.
All financial data is stored locally on your device first. Cloud backup is optional and exists solely for data protection and device migration. The app works fully offline.
Waitlist information
If you join our waitlist, we collect your name and email address to notify you when access is available.
Automatically collected data
We collect minimal technical data to keep the app running: device type, app version, and crash reports (with no financial data included). We do not collect location data, contact lists, photos, or any data from other apps on your device.
How we use your data
| Data | Purpose |
|---|---|
| Email and name | Account creation, login, and communication about your account |
| Financial data | Powering the app features you use: tracking, reports, Zakat, tax organization |
| Cloud backup data | Protecting against data loss and enabling device migration |
| Crash reports | Identifying and fixing bugs |
| Waitlist email | Notifying you when early access opens |
We do not use your financial data for advertising, profiling, or any purpose other than providing Zimma's features to you.
Data storage and security
Your financial data is stored in two places:
- On your device. All data is stored locally. The app works entirely offline.
- In the cloud (optional). If you enable cloud backup, your data is synced to our servers. Data is encrypted in transit (TLS) and at rest. Cloud backup enables data recovery if you lose your device or switch to a new one.
Authentication tokens are stored in your device's secure storage (Keychain on iOS, Keystore on Android), not in regular app storage. For more details, see our Data Security page.
Data sharing
We do not sell, rent, or trade your personal or financial data. Period.
We share data only in these limited circumstances:
- Service providers. We use trusted infrastructure providers to host cloud backups and send transactional emails. They process data on our behalf under strict agreements.
- Legal requirements. We will share data if required by Pakistani law, court order, or regulatory authority with valid jurisdiction.
We do not use any third-party analytics, advertising, or tracking in the Zimma app.
Website cookies
The zimma.app website uses minimal cookies required for basic functionality. We do not use third-party analytics, advertising, or behavioral tracking cookies on the website. If this changes in the future, we will add a cookie notice and update this policy.
Data retention
Your local data remains on your device for as long as the app is installed. If you delete your account, all cloud data is permanently removed from our servers. If you stop using Zimma without deleting your account, we retain your cloud data so you can pick up where you left off when you return.
Waitlist emails are retained until you are invited or you ask to be removed.
Data breach notification
If a data breach affects your personal information, we will notify you by email as soon as reasonably possible, along with the steps we are taking in response and what you can do to protect yourself.
Communications
We may send you transactional emails related to your account (security alerts, backup status, product updates). You can unsubscribe from non-essential emails at any time. We will never share your email with third parties for marketing.
Your rights and control
You have full control over your data:
- Access. All your data is visible within the app at all times.
- Delete. You can delete your account and all associated cloud data. Local data on your device is deleted when you uninstall the app.
- Offline use. You can use Zimma entirely offline without creating an account. No data leaves your device unless you choose to enable cloud backup.
To request data deletion or ask questions about your data, email us at privacy@zimma.app.
Children
Zimma is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe a child under 13 has created an account, contact us at privacy@zimma.app and we will delete it. Users between 13 and 18 may use Zimma with parental or guardian consent.
Changes to this policy
If we make material changes to this policy, we will notify you through the app or by email before the changes take effect. Minor clarifications may be made without notice.
Contact
For privacy questions, data requests, or concerns:
- Email: privacy@zimma.app
Your financial data is yours. Zimma exists to help you understand and manage it, not to profit from it. That is our commitment.