Legal
Privacy Policy
Last updated: 1 April 2026
Kasefra Financial Technologies LLC (“Kasefra”, “we”, “us”, or “our”), registered in Dubai, UAE, operates the Kasefra personal finance application available at kasefra.io. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data.
By creating a Kasefra account or using our services, you agree to the practices described in this policy.
1. Data We Collect
1.1 Account Information
When you register, we collect your full name, email address, and a hashed version of your password. We never store your password in plain text.
1.2 Financial Data
Kasefra currently operates as a manual-entry finance app. We do not connect to your bank or payment accounts automatically — the financial data in your account (balances, transactions, budgets, goals, and net worth snapshots) is data you enter yourself.
We plan to introduce open banking integration in a future update, which will allow you to optionally link your bank accounts for automatic data import. When that feature launches, this policy will be updated accordingly and you will be notified before any new data access takes place.
1.3 AI Chat Data
When you use Loky AI, your messages and Loky's responses are stored and associated with your account so you can review your chat history. To generate responses, relevant parts of your financial data are processed by our AI systems. See Section 4 for details.
1.4 Usage Data
We may collect standard server logs including IP address, browser type, device type, pages visited, and timestamps for security, debugging, and service improvement purposes.
1.5 Payment Data
If you subscribe to Kasefra Premium, payment is processed by Stripe. Kasefra does not store your card number, CVV, or full payment details — only a subscription status and Stripe customer reference.
2. How We Use Your Data
- To create and manage your account and authenticate your identity.
- To provide core app features: account tracking, budgets, goals, net worth calculation, and transaction management.
- To power Loky AI responses using your financial data as context.
- To process subscription payments and manage your plan.
- To send transactional emails (account confirmation, password reset, billing receipts).
- To improve the reliability, security, and performance of the service.
- To comply with applicable UAE laws and regulations.
We do not use your financial data for advertising, profiling for third-party marketing, or any purpose beyond providing you the Kasefra service.
3. Legal Basis for Processing
We process your personal data on the following grounds under the UAE Personal Data Protection Law (PDPL) Federal Decree-Law No. 45 of 2021:
- Contractual necessity — to provide the services you signed up for.
- Legitimate interest — to keep the platform secure and improve the service.
- Legal obligation — to comply with UAE law where required.
- Consent — for any optional communications, which you may withdraw at any time.
4. Third-Party Services
We share data with the following third parties only to the extent necessary to operate the service:
OpenAI
Powers Loky AI responses. Your messages and relevant financial context are processed by OpenAI's models to generate answers. OpenAI does not use this data to train its models under our API agreement.
View OpenAI Privacy Policy →Anthropic (Claude)
An AI provider used by Loky AI for certain response types. Your messages and relevant financial context may be processed by Anthropic's Claude models.
View Anthropic (Claude) Privacy Policy →Stripe
Payment processing for Premium subscriptions. Stripe handles card details directly and is PCI-DSS compliant.
View Stripe Privacy Policy →We do not sell, rent, or trade your personal data to any third party.
5. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will permanently delete your personal and financial data within 30 days, except where we are required to retain it by law (e.g., billing records).
AI chat history is retained until you delete it or your account is closed.
6. Data Security
We take reasonable technical and organisational measures to protect your data, including encrypted connections (HTTPS) for all data in transit and access controls to limit who can reach your data within our systems. Passwords are stored as bcrypt hashes and are never recoverable.
No system is 100% secure. If you believe your account has been compromised, contact us immediately at ask@kasefra.io.
7. Your Rights
Under UAE PDPL, you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate or incomplete data.
- Delete your account and associated data.
- Export your data in a portable format.
- Object to specific processing activities.
To exercise any of these rights, email us at ask@kasefra.io. We will respond within 14 days.
8. Cookies
Kasefra uses only essential session-related cookies and local storage (for authentication tokens) necessary to keep you logged in. We do not use tracking cookies or third-party advertising cookies.
9. Children's Privacy
Kasefra is not intended for users under the age of 18. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us at ask@kasefra.io and we will delete the account promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page and, for material changes, notify you by email or an in-app notice. Continued use of Kasefra after changes constitutes acceptance of the updated policy.
11. Contact Us
For any privacy-related questions or requests:
Kasefra Financial Technologies LLC
Dubai, United Arab Emirates
Email: ask@kasefra.io
Website: kasefra.io