Privacy Policy

CiviQ ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services, website, and applications (collectively, the "Service"). Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service. This policy applies to all users of CiviQ.

We collect the following types of information: Account Information • Name, email address, and username when you register. • Profile information you choose to provide. • Authentication credentials (passwords are hashed and never stored in plaintext). Financial Data • Bank account details, credit card information, and wallet balances you manually enter. • Income and expense records you log. • Budget goals and financial targets. • All financial data is encrypted at rest and in transit. Documents & Files • Documents you upload to the Document Vault. • Document metadata (filename, upload date, file type). • Blockchain verification hashes (no document content is stored on-chain). Usage Data • Log data including IP addresses, browser type, pages visited, and timestamps. • Device information such as operating system and screen resolution. • Interaction data such as features used and actions taken within the app. Communications • Messages you send to other CiviQ users through the messaging feature. • Feedback and support requests you submit to us.

We use the information we collect to: • Provide, operate, and maintain the Service. • Create and manage your account and authenticate your identity. • Process and display your financial data within your personal dashboard. • Enable document storage, verification, and blockchain audit trails. • Send transactional emails such as email verification and security alerts. • Respond to your comments, questions, and support requests. • Monitor and analyze usage patterns to improve the Service. • Detect, prevent, and address technical issues, fraud, and security threats. • Comply with applicable legal obligations. We do not sell your personal information to third parties. We do not use your financial data for advertising purposes.

Security Measures CiviQ employs industry-standard security practices to protect your data: • All data is encrypted in transit using TLS 1.2+. • Sensitive financial data (bank details, card numbers) is encrypted at rest using Fernet encryption. • Passwords are hashed using bcrypt with a secure salt. • JWT tokens are short-lived (1 hour) and stored securely. • Redis-based token blacklisting prevents use of revoked tokens. Encrypted Vault The Encrypted Vault uses AES-256-GCM client-side encryption. This means: • Your vault data is encrypted on your device before it reaches our servers. • CiviQ staff cannot access or read your vault contents. • Your encryption key is derived from your password and never transmitted to us. • Loss of your encryption key means permanent loss of vault access. Data Location Your data is stored on secure servers. We take appropriate technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction.

CiviQ uses a custom blockchain to provide immutable audit trails for documents, transactions, and key account events. Important characteristics: • Only anonymized identifiers (CiviQ IDs) are recorded on-chain — no personal names, emails, or financial amounts. • Blockchain records are permanent and cannot be deleted or modified once recorded. • The blockchain ledger is maintained on our secure servers and is not a public blockchain. • You can view your blockchain audit trail from within your account settings.

CiviQ uses minimal cookies and local storage: • Session management: We use localStorage to store authentication tokens on your device. • No third-party advertising cookies are used. • We may use anonymous analytics to understand how the Service is used. You can control cookie and local storage settings through your browser, though disabling them may affect Service functionality.

We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances: Service Providers We may share data with trusted third-party service providers who assist in operating our Service (e.g., email delivery, hosting). These providers are contractually obligated to protect your data. Legal Requirements We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others. Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy. With Your Consent We may share your information for any other purpose with your explicit consent.

CiviQ includes social features such as posts, connections, reactions, and direct messaging. Please be aware: • Content you post publicly on CiviQ (posts, profile information) may be visible to other CiviQ users. • Direct messages are stored on our servers and may be reviewed if reported for policy violations. • You can control the visibility of your profile and posts from your privacy settings. • Deleting content removes it from the interface, but may remain in backup systems for a limited period.

You have the following rights regarding your personal data: Access & Portability • View and download your personal data from your account settings. • Export your financial data, documents list, and activity history. Correction • Update or correct inaccurate personal information at any time from your profile settings. Deletion • Request deletion of your account and associated data from your account settings. • Some data may be retained for legal compliance purposes or in anonymized blockchain records. Opt-Out • Unsubscribe from non-essential marketing emails at any time. • Disable optional features such as social sharing from your settings. To exercise any of these rights or for data-related inquiries, contact us at privacy@civiq.app.

We retain your personal information for as long as your account is active or as needed to provide you the Service. Specifically: • Account data is retained for the duration of your account and deleted within 90 days of account deletion. • Financial records are retained for as long as you maintain them in the Service. • Log and usage data is retained for up to 12 months. • Blockchain records are permanent by design and cannot be deleted. • Backup data may persist for up to 30 days after deletion.

CiviQ is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will take steps to delete such information promptly.

If you are accessing CiviQ from outside the country where our servers are located, your data may be transferred internationally. By using the Service, you consent to this transfer. We take appropriate measures to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it.

We may update this Privacy Policy from time to time. We will notify you of significant changes by: • Sending an email to the address associated with your account. • Displaying a prominent notice within the Service. The "Last updated" date at the top of this policy indicates when it was last revised. Your continued use of CiviQ after changes take effect constitutes acceptance of the revised policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: Email: privacy@civiq.app Address: CiviQ, [Your Address] For security-related disclosures: security@civiq.app We aim to respond to all privacy inquiries within 5 business days.