Privacy Policy
Last updated July 8, 2026
Staaash ("Staaash", "we", "us") is a simple, free app for keeping your payment cards, 2FA recovery codes, and passes in one place. This policy explains what we collect, how we store it, and the choices you have. The short version: we collect the minimum, we store it securely, and we never sell it.
1. The short version
- We collect the minimum needed to run the app and keep it working.
- Your data is stored on Google Firebase, encrypted in transit and at rest.
- We don't sell your data. Ever, to anyone.
2. Data we process
Your saved content
The cards, 2FA recovery codes, passes, and notes you add are stored in your account on Google Firebase so we can sync them across your devices. This data is encrypted in transit and at rest, but it is not end-to-end encrypted — our systems can process it as needed to provide the Service.
Account data
When you sign in with Google or Apple, we receive a basic identifier and your email address to create and secure your account.
Device and diagnostic data
We process limited technical data — such as app version, device type, IP address, and crash logs — to operate, secure, and improve the Service.
3. How we use data
- To provide and sync your saved content across your devices;
- To authenticate you and prevent fraud and abuse;
- To provide support and respond to your requests;
- To diagnose problems and improve the Service; and
- To comply with legal obligations.
We limit access to your data to what is needed to run and support the Service, and we do not access your saved content except where necessary for these purposes or where you ask us to.
4. What we never do
We do not sell or rent your personal information, we do not use your saved content for advertising, and we do not build profiles of you for third parties.
5. Service providers
We rely on Google Firebase for authentication, database, and hosting, and on a small number of other vetted providers for things like email delivery and analytics. They process data only on our instructions and under contractual confidentiality and security obligations.
6. Data retention
We keep your account and saved content for as long as your account is active. When you delete your account, we delete your data from our active systems promptly and from backups within 30 days, except where we must retain limited records to meet legal obligations.
7. Your rights
Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can export or delete your data directly in the app, or contact us to exercise any of these rights. We will not discriminate against you for doing so.
8. International transfers
We may process data in countries other than your own, including on Google Cloud infrastructure. Where we transfer personal data internationally, we rely on appropriate safeguards such as standard contractual clauses.
9. Children
Staaash is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us data, contact us and we will delete it.
10. Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you in the app or by email before they take effect.
11. Contact
For privacy questions, email privacy@staaash.app.