Privacy Policy – CashFlow+

Last Updated: January 3, 2026

ZS ProApps (“we,” “our,” or “us”) operates the Cashflow+ mobile application (the “App”). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice or our practices with regard to your personal information, please contact us at support@zsproapps.in.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the application.

1. Our Zero-Trust Architecture

Our App is built on a “Zero-Trust” security model. This means:

  • Local Encryption: All your sensitive financial data (transactions, wallet balances, notes, categories) is encrypted locally on your device using AES-256-GCM encryption before it is ever saved to our database or synchronized to the cloud.
  • You Hold the Key: The encryption keys are generated on your device and stored in your device’s secure hardware (Android Keystore / iOS Keychain). We do not have access to your encryption keys.
  • No “Backdoor” Access: Because we do not possess your keys, we cannot read, decipher, sell, or monetize your specific financial transactions. To us, your data looks like random, scrambled text.

2. Information We Collect

We collect information that falls into two categories: (1) information you provide to us directly, and (2) information collected automatically.

A. Information You Provide

  • Account Registration: When you register, we collect your User ID and Email Address (if using Google Sign-In) to manage your account and authenticate your devices for synchronization.
  • Financial Data (Encrypted): You input transaction amounts, categories, and notes. As stated above, this data is encrypted on your device. We store only the encrypted blobs on our servers (Google Firebase) to allow you to sync between your own devices.

B. Information Collected Automatically

  • Device Information: We may collect information about your mobile device, such as the model, operating system version, and unique device identifiers (like the Advertising ID, if permitted).
  • Usage Data: We collect anonymous data about how you use the app (e.g., screens visited, buttons clicked) using Google Analytics for Firebase. This helps us improve the App’s performance and user experience.
  • Crash Logs: We use Firebase Crashlytics to collect reports on app crashes. These reports may include stack traces and device state information but do not include your decrypted financial data.
  • SMS Data (Optional): If you enable the “SMS Import” feature, the App scans your SMS inbox locally on your device to identify financial transactions.
    • WE DO NOT UPLOAD YOUR SMS MESSAGES.
    • All parsing happens in your device’s volatile memory. The App only saves the final transaction record that you approve.

3. How We Use Your Information

We use the information we collect to:

  • Facilitate account creation and logon processes.
  • Synchronize your encrypted data across your devices.
  • Process subscription payments via Google Play Billing.
  • Deliver targeted advertising (for free tier users) via Google AdMob.
  • Monitor and analyze usage and trends to improve your experience.
  • Fix bugs and resolve technical issues.

4. Disclosure of Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

  • Third-Party Service Providers: We may share information with third parties that perform services for us, such as:
    • Google Firebase: For backend hosting, authentication, and database services.
    • Google AdMob: To serve advertisements (for non-premium users). AdMob may use device identifiers to personalize ads.
    • Google Play Store: To process payments and subscriptions.
  • Legal Requirements: If required by law, we may disclose your information to respond to legal process, such as a court order or subpoena. (Note: We can only provide the encrypted blobs we hold; we cannot decrypt them for law enforcement).

5. Security of Your Information

We use administrative, technical, and physical security measures to help protect your personal information.

  • Encryption at Rest: Your data is encrypted on our servers.
  • Encryption in Transit: All data transmission occurs over secure HTTPS/TLS channels.
  • Client-Side Encryption: As detailed in Section 1, your sensitive data is encrypted before it leaves your device.

6. Policy Regarding Children

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

7. Account Deletion

You have the right to delete your account and all associated data at any time.

  1. Open the App.
  2. Go to Settings > Account > Delete Account.
  3. Confirm the action. Warning: This process is irreversible. It permanently deletes your User ID and wipes all encrypted data blobs from our servers.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

9. Contact Us

If you have questions or comments about this Privacy Policy, please contact us at:

ZS ProApps Email: support@zsproapps.in