Punji

Privacy

What we collect and why.

Punji is built and operated by an independent developer in Nepal. We collect only what we need to run the app, and we do not sell or rent your data to anyone.

Last updated · 16 May 2026

1. Who is responsible for your data

Punji ("we", "us") is an independent product operated from Nepal. The data controller for the purposes of this policy is the operator of the Punji mobile app. Contact: [email protected].

2. What we collect

Information you provide

  • Account: your email address and a password (we store a salted hash, never the plaintext).
  • Portfolio data: the holdings, transactions, watchlist entries and price alerts you enter inside the app.
  • Profile preferences: theme choice, notification preferences, default currency display.

Information collected automatically

  • Device and app metadata: app version, OS version, device model, language, and time zone — used for compatibility and debugging.
  • Crash reports: if the app crashes, a stack trace with redacted breadcrumbs is sent to our error-tracking tooling. We strip personal identifiers from crash payloads before transmission.
  • Push token: an anonymous device push token used solely to deliver price-alert notifications you've configured.
  • Server logs: request method, route, status code, latency, and IP address are retained in operational logs for up to 30 days. Logs are redacted of personal identifiers.

Information we do not collect

  • Your Mero Share or broker passwords, CRN or transaction PIN. When you use the optional Mero Share features (bulk IPO apply and results), these are kept only on your own device, in its secure storage, and are used only to sign in to Mero Share (operated by CDSC) to carry out the action you confirm. They are never transmitted to, collected by, or stored on Punji’s servers, and we cannot see them. Your portfolio holdings are what you type in.
  • Contact list, calendar, photos, microphone, or precise location.

3. How we use your data

  • To run the service: render your portfolio, evaluate price alerts on our servers, and deliver push notifications when alerts trigger.
  • To show ads that fund the free app: Punji shows banner ads on a small number of high-dwell screens. If you allow ad tracking on the iOS App Tracking Transparency prompt, the ad network receives your advertising identifier directly from the device (not via our servers) to personalise ads. Denying tracking shows non-personalised ads.
  • To debug and improve: crash reports and operational logs help us fix real bugs you've hit. We do not run product analytics on your portfolio contents.
  • To contact you: service messages (password reset, security notices). We do not send marketing emails.

4. Who we share data with

We use a small number of third-party service providers strictly to run Punji. Each one receives only the information needed for its role:

  • Supabase (Supabase Inc.) — authenticated storage of your account credentials (email + salted password hash) and portfolio data. Row-level security policies isolate each user's data so one user can never query another's.
  • Railway (Railway Corp.) — runs the API server that powers the app, including the price-alert evaluation cron.
  • Sentry (Functional Software, Inc.) — receives crash reports with personal identifiers redacted before transmission, used solely for debugging.
  • Expo Push (650 Industries, Inc.) and the platform push services (Apple APNs and Google FCM) — deliver price-alert notifications to your device. The payload contains the symbol, target price and your anonymous push token only.
  • Google AdMob (Google Ireland Limited / Google LLC) — delivers the banner ads shown in the app. AdMob receives standard mobile device signals (device type, OS version, coarse region, IP address) and, only if you grant tracking on the iOS ATT prompt, your advertising identifier. Your holdings, watchlist, alerts, email and any account-level data are never shared with AdMob.

We do not sell or rent personal data. The only advertising network we share data with is AdMob, as described above. We do not work with data brokers.

5. International transfers

Some of our service providers process data outside Nepal (typically in the United States or European Union). Each provider operates under the standard contractual data protections that apply to cross-border processing.

6. How long we keep your data

  • Account and portfolio data: for as long as your account is active.
  • After account deletion: data is removed from primary storage immediately; encrypted backups are purged within 30 days.
  • Server logs: up to 30 days, then deleted.
  • Crash reports: up to 90 days.
  • Payment records: retained for 5 years to meet tax and accounting requirements applicable to operations in Nepal.

7. Your rights (GDPR and equivalent laws)

Regardless of where you live, you can exercise the following rights at any time. EU, UK, California and similar jurisdictions name these rights explicitly in law; we extend them to every Punji user.

  • Access / portability — export your portfolio holdings as CSV from the portfolio tab.
  • Rectification — edit any holding, transaction or profile field in-app.
  • Erasure — delete your account in-app at Profile → Account & device security → Delete account, or use the delete-account guide if you can't sign in.
  • Object or restrict — write to [email protected] describing your concern; we respond within 30 days.
  • Lodge a complaint — if you believe we've mishandled your data, EU/EEA residents can complain to their local data-protection authority (find yours via the EDPB member list); UK residents can complain to the ICO; California residents have the rights described under the CCPA, including the right to know and the right to delete, which the controls above already fulfil. Punji does not sell or share personal information for cross-context behavioural advertising as defined by the CCPA.

8. Security

Data in transit is encrypted with HTTPS. Data at rest is encrypted by our database provider. Access to your holdings is restricted to your authenticated account; no other user — and no Punji employee outside of an explicit support request — can read them. Server logs and crash reports are redacted of personal identifiers before transmission.

9. Children

Punji is not directed at children under 16, and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us data, contact us and we will delete it.

10. Changes to this policy

When we make material changes we update the "Last updated" date at the top of this page and, where appropriate, notify you in-app at next login. Continued use of Punji after a change indicates acceptance.

11. This website (punji.app)

The marketing site at punji.app — the pages describing the app, the learn-NEPSE explainers, and the legal documents including this one — does not set tracking cookies, does not run product analytics, and does not embed third-party advertising or analytics scripts. Server access logs from the static hosting provider are retained for operational debugging only and contain no personal identifiers beyond short-lived IP addresses. The disclosures in this policy otherwise concern the Punji mobile app, not the website.

12. Contact

Questions, requests, or complaints about this policy: [email protected].