Privacy Policy

Dara collects only the data necessary to deliver its service: • Gmail data — Read-only access to bank credit alert emails (sender, subject, body text containing transaction amounts). We never access personal emails, drafts, sent mail, or attachments. • Profile information — Your name, email, state of residence, occupation, and WhatsApp number (if provided). • Financial classifications — Your income classifications, tax estimates, and investment pocket configurations. • Usage analytics — Anonymous interaction data (page views, feature usage) via PostHog. No personally identifiable information is sent to analytics.

Your data is processed for the following purposes: • Income detection — Scanning Gmail for bank credit alerts to identify incoming payments. • AI classification — Categorising transactions as income, personal, refund, savings, or investment using pattern matching and AI models. • Tax estimation — Calculating estimated PITA tax liability based on your state and income. • Investment tracking — Displaying your self-reported financial plan progress. • WhatsApp notifications — Sending income confirmations, tax reminders, and summaries (only if you opt in).

Under the Nigeria Data Protection Regulation (NDPR) 2019 and the Nigeria Data Protection Act (NDPA) 2023, we process your data based on: • Consent — You explicitly grant Gmail access via Google OAuth and can revoke it at any time. • Contractual necessity — Processing is necessary to deliver the Dara service you signed up for. • Legitimate interest — Anonymous analytics to improve the product, balanced against your privacy rights.

• Data is stored on encrypted servers (Supabase / AWS infrastructure). • Gmail OAuth tokens are stored securely and never shared with third parties. • We use TLS encryption for all data in transit. • We do not sell, rent, or share your personal data with any third party for marketing purposes. • Financial data is never used for credit scoring or shared with financial institutions.

• You can delete all your data at any time from Settings → Data & Privacy. • Upon account deletion, all personal data is permanently removed within 30 days. • Gmail access can be independently revoked via your Google Account settings at any time. • Anonymous, aggregated analytics data (which cannot identify you) may be retained.

Dara integrates with: • Google (Gmail API) — Read-only email access, governed by Google's API Services User Data Policy. • WhatsApp (via approved provider) — Message delivery only; we do not store WhatsApp message content. • PostHog — Anonymous product analytics. No PII is shared. • Payment processor (Remita) — For subscription payments. Dara does not store card details.

Under the NDPR, you have the right to: • Access — Request a copy of all data we hold about you. • Rectification — Correct any inaccurate data. • Erasure — Delete your account and all associated data. • Portability — Export your data in a machine-readable format (CSV). • Withdraw consent — Revoke Gmail access or WhatsApp notifications at any time. • Lodge a complaint — Contact the National Information Technology Development Agency (NITDA) if you believe your data rights have been violated.

For privacy-related inquiries: • Email: privacy@mydara.co • Data Protection Officer: dpo@mydara.co • Address: Dara Technologies Ltd, Abuja, FCT, Nigeria This policy was last updated on February 26, 2026.