Orua Privacy Policy
Last updated: 2026-04-23 · v1.0 and later
1. Core Principle
Orua is a personal finance tracking app. The design principle is your financial data stays entirely on your device. The Orua backend only provides anonymous real-time quote lookup. It does not store, analyze, or transmit your holdings, balances, or net worth.
- ✅ Stored on-device: holdings, lots, history, categories, settings, backups
- ❌ Never uploaded: financial data, name, phone, contacts, location, photos
- 🔒 Anonymous auth: backend identifies API calls only by a random device ID
2. What We Collect
2.1 Backend (minimum necessary)
| Data | Purpose | Retention |
|---|---|---|
device_id(UUID generated on device) | Anonymous API auth; same device → same anonymous user_id | While account exists |
user_id(anonymous UUID issued by backend) | Issuing short-lived anonymous session tokens for quote / FX endpoints to prevent abuse as an open API Token payload contains only the anonymous user_id — no email, name, or PII | While account exists Auto-purged 365 days after becoming orphan |
| Access logs (IP, UA, ts, path) | Debugging, rate limiting, abuse detection Not linked to user identity; never used for analytics | Up to 30 days |
| Quote params (symbol / market / base) | Proxying to third-party quote providers in real time | Not persisted; cached for 10 minutes |
2.2 On-Device Only
- Holdings, lots, net-worth history, categories, FX snapshots
- Location: iOS Documents (
orua_ledger.json,orua_history.json) - Auth token and device ID: iOS Keychain (Secure Enclave)
- Optional export to iCloud Drive — handled by the iOS Files app. This data flow is governed entirely by the Apple iCloud Privacy Policy; Orua neither initiates nor reads these backup files, and iCloud sync is controlled by the user in iOS Settings.
2.3 What We Do Not Collect
- Name, email, phone, address, or any other PII
- Location, contacts, camera, photo library, microphone
- Advertising ID (IDFA), cross-app tracking data
- Third-party analytics SDKs
Orua does not use the App Tracking Transparency (ATT) framework — you will never see an "Allow tracking" prompt. The app performs no cross-app or cross-website behavioral tracking, and shares no data with advertisers or data brokers.
2.4 iOS System Permissions
Orua does NOT request any of the following iOS permissions:
- Location Services
- Camera / Photo Library
- Microphone / Speech Recognition
- Contacts / Calendars / Reminders
- HealthKit / Motion & Fitness
- Push Notifications
- Bluetooth / Local Network / Nearby Interaction
- App Tracking Transparency (ATT)
The app only makes HTTPS requests to the Orua backend to fetch public market quotes — none of the permissions above are required. If any future feature needs additional permissions, we will disclose them in the release notes and update this policy.
3. Third-Party Services
To provide real-time quotes, the Orua backend proxies requests to the following public services. Only symbol / market / base currency are sent; no user-identifying information is transmitted:
| Service | Purpose |
|---|---|
| TWSE (Taiwan Stock Exchange) | Taiwan stock quotes |
| Yahoo Finance | US / JP stocks and fallback quotes |
| Stooq | US / JP fallback quotes |
| CoinGecko / Binance | Cryptocurrency quotes |
| Open Exchange Rate API | FX rates |
The app itself embeds no advertising, analytics, push-notification, or crash-reporting third-party SDKs.
4. Data Security
- All backend communication uses HTTPS (TLS 1.2+)
- Tokens and device ID stored in iOS Keychain, protected by the Secure Enclave
- Backend secrets managed via environment variables, never committed
- Backend hosts expose only required ports; databases are network-isolated
5. Your Rights
5.1 Delete local data
Uninstall Orua to remove all local data. Any iCloud Drive backups must be deleted separately via the iOS Files app.
5.2 Delete backend anonymous account
Because the account is anonymous (no email / password), uninstalling leaves the backend record unreferenced. Such orphan records are purged automatically after 365 days. To request immediate deletion, email us the Device ID from Settings → About (the only identifier we can use).
5.3 Data Portability
Go to Settings → Data Export to export full holdings and history as JSON or CSV.
6. Children
Orua is not directed at children under 13 and does not knowingly collect personal information from them. If we become aware of such collection, we will delete it immediately.
7. Policy Changes
Material changes will be posted on this page and the "Last updated" date will be revised. Continued use of Orua constitutes acceptance of the updated terms.
8. Contact
Developer: Kepler Jhih
Email: [email protected]
For issues or deletion requests, please email us. We typically respond within 7 business days.