Welfaya User Data and Contact Access Policy (Privacy Policy)
Effective Date: 1st March 2026
Last Updated: 7th March 2026
Welfaya (“we,” “our,” “us”) provides community management, member communication, invitations, and payments features. This Policy explains what data we collect, how we use it, and your rights.
1. Scope
This Policy applies to Welfaya mobile apps, web experiences, APIs, and related services.
2. Data We Collect
We collect the following categories of data:
- Account and identity data: Firebase user ID, name, email address, phone number, sign-in provider (Google, email/password, phone), email verification status, phone verification status.
- Profile and membership data: Profile fields you provide, membership role/status, community membership records, invitation status, and related account settings.
- Community and communication data: Posts, comments, direct messages, message delivery/read states, invitation activity, and notification preferences.
- Transaction and claims data: Contribution/replenishment records, claim references, payment status, transaction metadata, and related audit fields.
- Payment data: Payment intent/session metadata from Stripe and related processors. We do not store full card numbers or full bank account credentials on our servers.
- Device and app data: Device/app identifiers, push token, app version, network/error logs, and operational diagnostics.
- Contact data (with permission): Contact names, phone numbers, and country metadata from your device contacts to support member discovery, invite flows, and chat selection.
- Local cache data: Community lists, chats/messages, transactions, account/membership summaries, and related content cached on-device for performance/offline viewing.
3. How We Use Data
We use personal data to:
- Create and secure accounts, authenticate users, and prevent abuse/fraud.
- Enforce unique contact identifiers (email/phone) and verification workflows.
- Show communities, members, transactions, claims, chats, and invitations.
- Enable invitations and contact-based member discovery.
- Process and reconcile payments/replenishments.
- Send push/in-app notifications and route users to relevant events.
- Improve reliability, performance, and offline/cached experience.
- Meet legal, compliance, and audit obligations.
4. Contact Access and Permissions
We request contacts permission only when needed for contact-based features (for example, “Pick from contacts” or new chat/contact discovery).
- We may read contact names, phone numbers, and country metadata from your device contacts.
- Contact data is used to show likely matches, support invitations, and display invite options.
- We do not modify your device contacts.
- We do not send invitations or messages from your contacts without your action.
- You can revoke contacts access at any time in device settings. Related features may stop working until permission is restored.
5. Verification and Invitation Controls
To protect users and reduce abuse:
- Email and phone verification states are stored and enforced.
- Invitation actions may be restricted by verification state of the relevant channel.
- Invitations may be bound to account identity rules to prevent reuse/misuse.
6. Sharing of Data
We share data only as necessary:
- Service providers/processors: Firebase/Google (auth), Stripe (payments), push/notification infrastructure, hosting/logging providers.
- Within your communities: Limited profile/member data needed for community operation.
- Legal/safety: If required by law, regulation, legal process, or to protect rights/safety.
- Business transfers: In mergers/acquisitions, subject to applicable law.
We do not sell personal data.
7. Data Retention
We retain data for as long as needed for service delivery, legal compliance, and legitimate business purposes.
- Account/profile/membership records: retained while account is active, then archived/deleted per policy and law.
- Transaction/payment/claim records: retained for accounting, tax, fraud prevention, and legal requirements.
- Contact-derived data: retained only as needed for contact features and invite/member matching.
- Local cache: stored on-device and may persist until refreshed, app data is cleared, or app is uninstalled.
- 8. Security
We apply administrative, technical, and organizational safeguards, including encrypted transport, access controls, and monitoring. No system is 100% secure, but we continuously improve controls.
9. Your Rights and Choices
Depending on your location, you may have rights to:
- Access personal data we hold about you.
- Correct inaccurate or outdated data.
- Delete your account/data (subject to legal retention obligations).
- Restrict or object to certain processing.
- Withdraw consent for optional permissions (contacts, notifications).
- Request a copy/portability of eligible data.
To exercise rights, contact us at: [welfayallc@gmail.com].
10. Children’s Privacy
Welfaya is not intended for children under 13 (or under the minimum age required by local law). We do not knowingly collect data from children in violation of law.
11. International Transfers
If data is transferred across borders, we apply appropriate safeguards as required by applicable law.
12. Changes to This Policy
We may update this Policy from time to time. We will update the “Last Updated” date and provide notice where required.
13. Contact Us
Data Controller/Company: Welfaya LLC
Email: welfayallc@gmail.com
Address: TBD