Privacy Policy
This Privacy Policy describes how Rownd collects, uses, discloses, and safeguards personal information when you use the Rownd — Kameti Manager mobile application (Google Play package domain: app.rownd.com), related web pages, and associated online services (collectively, the "Service").
Rownd — Kameti Manager is published by Evenlogix. Our official app domain is app.rownd.com. We are not affiliated with rownd.com (Rownd AI Platform) or any other unrelated Rownd-branded products.
By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Service.
1. Who We Are
Rownd is the data controller responsible for personal information processed through the Service. Rownd provides software for private rotating savings and credit association (ROSCA) groups — commonly known as kameti, بیچی, or کمیٹی — to coordinate contribution records, cycles, and member status within invite-only circles.
Important: Rownd is not a bank, payment institution, wallet, escrow agent, or money transmitter. Committee funds move entirely outside the app between organizers and members. Status labels such as “paid” or “verified” reflect in-app records only — not financial transactions processed by Rownd.
Organizers who run a circle may access certain member information (such as phone numbers) to coordinate the group. Organizers are responsible for using that information lawfully and only for legitimate circle-related purposes.
2. Scope of This Policy
This Privacy Policy applies to personal information we process when you:
- Download, install, or use the Rownd Android or iOS application;
- Create or access an account authenticated through our cloud backend;
- Interact with invite links, deep links, or web pages at app.rownd.com;
- Receive push notifications or other Service-related communications from us.
This policy does not apply to:
- Third-party messaging apps (such as WhatsApp), payment apps, or banks you use independently of Rownd;
- Websites, products, or services operated by third parties that we do not control;
- Information you share directly with other users outside the Service.
Our Terms of Service govern your use of Rownd, including organizer and member responsibilities within a circle. This Privacy Policy focuses specifically on how we handle personal information.
3. Definitions
For clarity, the following terms are used in this policy:
| Term | Meaning |
|---|---|
| Personal information | Information that identifies, relates to, or could reasonably be linked to you. |
| Circle | A private, invite-only committee group created or joined within Rownd. |
| Organizer | A user who creates or administers a circle, including approvals, verifications, and cycle management. |
| Member | A user who joins a circle under an organizer’s rules. |
| Contribution record | In-app data about declared payments, verification status, cycles, and related notes — not actual fund movement through Rownd. |
| Service providers | Third parties that process data on our behalf to help us deliver and secure the Service. |
4. Information We Collect
We collect personal information by fair and lawful means, and only what is reasonably necessary to provide, secure, and improve the Service. The categories below describe what we may collect.
4.1 Information you provide directly
| Category | Examples | Purpose |
|---|---|---|
| Account & profile | Full name, mobile/WhatsApp number, optional city, optional recovery email | Account creation, identification within circles, recovery support |
| Authentication data | Phone number; device PIN (stored locally as a hash); session credentials | Sign-in, device unlock, cross-device account access |
| Circle participation | Groups joined or created, role, display name, slot count, payout position, join status | Operating invite-only committees and roster visibility |
| Contribution records | Declared amounts, status labels, due dates, settlement notes, pool requests | Shared operational records within your circle |
| Receipt images | Optional photos or screenshots uploaded as payment proof | Organizer review; Rownd does not validate external payment systems |
| Invites & access control | Invite codes, pre-approved numbers (organizer-controlled), join requests | Managing private circle membership |
| Preferences | Language, theme, currency, notification and location settings | Personalizing your experience |
| Support communications | Messages you send to our support or privacy teams | Responding to requests and resolving issues |
4.2 Information collected automatically
| Category | Examples | Purpose |
|---|---|---|
| Device & app data | Device identifier for push registration, FCM token, platform (iOS/Android), locale | Delivering notifications and maintaining compatibility |
| Diagnostic data | Crash reports, error logs, performance events (via Firebase Crashlytics when enabled) | Identifying and fixing reliability issues |
| Security logs | Authentication events, authorization failures, rate-limit events, audit records | Protecting accounts and investigating abuse |
| Usage metadata | Notification delivery status, subscription or trial status, feature usage counters | Operating plan limits and service reliability |
Production app builds are configured to avoid verbose logging of sensitive values.
4.3 Location information
Location access is optional and requires your permission. If granted, we may use low-accuracy location temporarily to suggest a city name for your profile. We store only the city-level information you choose to save — not a continuous history of precise GPS coordinates. You may decline permission and enter your city manually at any time.
4.4 Information we do not collect
- We do not operate a public directory or marketplace of users or circles.
- We do not read or import the contents of your WhatsApp or other third-party chat applications.
- We do not collect bank account numbers, card numbers, IBANs, or mobile-wallet credentials used for committee payments.
- We do not collect government-issued identification for know-your-customer or payment compliance purposes.
- We do not sell personal information to data brokers or advertisers.
5. How We Use Information
We use personal information for the following purposes:
- Providing the Service — creating accounts, managing circles, displaying contribution records, processing organizer verifications, generating cycle reports, and delivering in-app functionality.
- Communicating with you — sending push notifications and in-app alerts about dues, approvals, verifications, and other Service events you would reasonably expect.
- Enforcing access controls — applying role-based permissions, invite-only visibility, subscription limits, and row-level data security.
- Operating messaging integrations — where enabled, formatting and dispatching utility messages (such as authentication or reminder templates) through configured provider channels.
- Maintaining security and integrity — detecting abuse, preventing fraud, maintaining audit trails, and protecting users and the platform.
- Improving the Service — analyzing crash data and operational metrics to fix bugs and enhance reliability.
- Complying with legal obligations — responding to lawful requests and meeting applicable regulatory requirements.
We do not use your personal information for unrelated behavioral advertising or to build advertising profiles.
6. Legal Bases for Processing
Where applicable data protection law requires a legal basis, we rely on one or more of the following:
- Performance of a contract — processing necessary to provide the Service you request, including account and circle functionality.
- Legitimate interests — securing the platform, preventing abuse, improving reliability, and communicating essential Service updates, balanced against your rights.
- Consent — for optional features such as location access and push notifications, which you may withdraw through device or in-app settings.
- Legal obligation — where we must retain or disclose information to comply with applicable law.
8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law.
Retention periods depend on the type of data and context, including:
- Active accounts — retained while your account remains open and you use the Service.
- Circle records — retained to preserve operational and dispute-related history for circles you participated in, which may include records visible to other members.
- Security and audit logs — retained for a limited period appropriate to security and compliance needs.
- Deleted accounts — personal data is deleted or anonymized within a reasonable period after verified deletion, except where retention is required for legal compliance, ongoing disputes involving other members, or scheduled backup deletion cycles.
When you delete your account, we may anonymize your identity in shared circle records rather than destroy records that other members rely on for their committee history.
9. Security
We implement technical and organizational measures designed to protect personal information against unauthorized access, loss, misuse, or alteration. These measures include, where appropriate:
- TLS 1.2+ encryption for data in transit;
- Encryption at rest for database and file storage managed by our infrastructure providers;
- Row-level security and server-side authorization for sensitive operations;
- Private, group-scoped storage for receipt images with type and size limits;
- Rate limiting on sensitive endpoints;
- Immutable audit logging for security-relevant actions;
- No storage of plaintext device PINs in our databases.
No method of transmission or electronic storage is completely secure. While we work to protect your information, we cannot guarantee absolute security. You are responsible for safeguarding your device, PIN, and account credentials.
10. International Data Transfers
Rownd is used globally, but our infrastructure providers may process and store information in countries other than your own — including the United States and member states of the European Union.
When personal information is transferred internationally, we rely on appropriate safeguards such as contractual commitments with our service providers and, where applicable, standard contractual clauses or equivalent mechanisms recognized under applicable data protection law.
11. Your Rights and Choices
Depending on your location, you may have rights regarding your personal information. These may include the right to:
- Access — request confirmation of whether we process your personal information and obtain a copy.
- Correction — update inaccurate profile information through the app or by contacting us.
- Deletion — request deletion of your account and associated personal data.
- Portability — request an export of your data in a commonly used format.
- Restriction or objection — object to certain processing or request restriction where applicable law provides this right.
- Withdraw consent — for processing based on consent, such as optional location or push notifications.
11.1 In-app controls
You can manage many preferences directly in the app:
- Privacy & deletion — Account → Privacy (delete account, export data)
- Notifications — Account → Notifications
- Location — Account → Settings (or your device settings)
- Profile — Account → Profile
- Sign out — ends your active session on the current device
11.2 Account deletion and data requests
To request account deletion or a copy of your data, you may:
- In the app — open Account → Privacy and follow the delete account or data export steps;
- On the web — visit https://evenlogix.com/delete-account.html;
- By email — contact [email protected] from the phone number or email associated with your account.
Deletion requests enter a 30-day recovery window before final processing. We may verify your identity before fulfilling a request. We aim to respond to verified privacy requests within 30 days, or inform you if an extension is required under applicable law.
If you are not satisfied with our response, you may have the right to lodge a complaint with a data protection authority in your jurisdiction.
12. Children’s Privacy
The Service is not directed to children under the age of 18, and we do not knowingly collect personal information from anyone under 18.
If you believe a child has provided us with personal information, please contact [email protected]. We will take appropriate steps to investigate and delete such information where required.
13. Third-Party Services
The Service may contain links to third-party websites or integrate with services we do not operate. When you use WhatsApp, mobile payment apps, banks, or other third-party tools to communicate or transfer money with your circle, those services are governed by their own privacy policies — not this one.
- Invite links may open Rownd from WhatsApp, SMS, or other channels. We do not control those platforms.
- Messages you send manually outside Rownd are not imported unless you explicitly use an in-app share feature.
- Payment instructions shared between members off-platform are user-to-user communications, not instructions from Rownd.
We encourage you to review the privacy policies of any third-party services you use.
14. Subscriptions
Rownd may offer optional paid plans (such as Plus or Pro). Committee money and Rownd subscription payments are entirely separate. Committee contributions are never processed through Rownd.
If you purchase a subscription through Google Play or the Apple App Store, payment is processed solely by the applicable store under its own terms and privacy policy. Rownd receives subscription entitlement status (such as active plan or trial) — not your full payment card details.
For subscription-related data, we process plan tier, trial status, and usage counters needed to enforce plan limits.
15. Automated Decision-Making
Rownd does not make decisions that produce legal or similarly significant effects on you based solely on automated processing. Contribution verification is performed by circle organizers, not by automated financial adjudication systems.
16. Region-Specific Information
16.1 Pakistan
Rownd is designed primarily for Pakistan-based informal ROSCA groups, including PKR-denominated workflows and Pakistani mobile number formats. Committee funds always move off-platform between members. We apply reasonable security practices and transparent handling as described in this policy, and we continue to monitor developments in Pakistan’s personal data protection framework.
16.2 European Economic Area and United Kingdom
If you are located in the EEA or UK, you have the rights described in Section 11. Our legal bases are set out in Section 6. To exercise your rights, contact [email protected]. You may also contact your local supervisory authority.
16.3 California, United States
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), as amended, including the right to know what personal information we collect, request deletion, and opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioral advertising. To submit a request, email [email protected]. We will not discriminate against you for exercising your privacy rights.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Service.
When we make material changes, we will:
- Update the “Last updated” date at the top of this page;
- Provide additional notice within the app or by email where appropriate.
Your continued use of the Service after the effective date of an updated policy constitutes acceptance of the revised terms, unless applicable law requires a different form of consent.
18. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
For account deletion, use Account → Privacy in the app, visit evenlogix.com/delete-account, or email [email protected].