Privacy Policy – AQS Markets

1Introduction

AQS Markets ("the App", "we", "our", or "us") is an Android application developed by Pawan Paudel that helps individual investors record trades, manage strategies, and analyze portfolio performance. We deeply value your privacy and operate in accordance with applicable privacy laws, including the Google Play Developer Program Policies (2026) and relevant data-protection regulations.

This Privacy Policy explains what information we collect, why we collect it, how it is used and protected, and the choices available to you. Please read this document carefully before using the App. Continued use of the App constitutes your acceptance of this Policy.

      This policy applies solely to the AQS Markets application
      (com.pawaTech.aqstracker) distributed through Google Play. It does not apply
      to any third-party websites or services that may be linked from within the App.
    

2Information We Collect

We collect only the information necessary to provide and improve the App's functionality.

Category	Examples	Source	Purpose
User-provided data	Trade records (stock code, quantity, price, dates), strategy configurations, notes, portfolio settings (initial cash, savings target)	You (manual entry)	Core app functionality – recording and analyzing investments
Device & technical info	Device model, OS version, screen resolution, language, timezone, network type, app version, crash/exception logs	Device automatically	App stability, performance optimization, security checks
Network request metadata	Request time, request path, basic device identifiers (screen size, OS string, timezone, language, network type), stored session token	Generated on startup	Startup check to determine whether to display promotional / campaign content (e.g. activity banners or landing pages) via an in-app WebView. Not used for any other purpose.

We do not collect: real name, email address, phone number, precise GPS location, contacts, call logs, SMS, photos, microphone input, financial account credentials, or any other sensitive personal information beyond what is listed above.

If a future feature requires access to sensitive data categories, we will update this Policy and present a clear, in-app disclosure prior to requesting your consent.

3How We Use Information

Information we collect is used exclusively for the following purposes:

Provide core functionality – storing, displaying, and calculating trade records, strategy statistics, and portfolio analytics.
App performance & stability – identifying bugs and exceptions, improving feature design based on anonymised usage patterns.
Security & integrity – detecting and preventing fraudulent or abusive use of the App and our backend services.
Startup check & promotional content delivery – at each launch, the App sends an encrypted request containing basic device metadata to our server. The server uses this solely to decide whether to display an in-app promotional screen (e.g. an activity banner or campaign landing page rendered in a WebView). This data is not used for any other purpose — it is not used for user profiling, behavioural tracking, or targeted advertising.
Legal compliance – responding to lawful requests from regulatory or judicial authorities, only when legally required and limited to what is strictly necessary.

      We do not use your data for targeted advertising, user profiling, or any
      purpose beyond those explicitly listed above. We do not sell your personal
      information to any third party. The device metadata collected at startup is used
      exclusively to determine whether promotional content should be shown, and
      for no other purpose.
    

4Data Storage & Security

Local storage (primary): All trade records, strategy data, portfolio settings, and user preferences are stored on your device using AsyncStorage (React Native). This data never leaves your device unless you explicitly use a feature that transmits it.

Server-side data: On each launch the App sends an encrypted startup request to our server. This request contains only basic device metadata (screen size, OS version, timezone, language, network type, and a session token) — no personally identifiable information is included. The server's sole purpose for this request is to determine whether to push promotional content (such as an activity banner or campaign page) to the in-app WebView. The data is not retained for profiling, advertising, or any other purpose. All transmission uses AES-256-GCM encryption; the payload is URL-safe Base64-encoded with a per-session nonce.

Security measures we apply:

AES-GCM authenticated encryption for all server communications.
HTTPS (TLS) for all network transport.
No plaintext storage of sensitive tokens; session tokens are stored in AsyncStorage with restricted access.
android:allowBackup="false" in the Android manifest – device backups cannot capture app data.
Least-privilege permissions model – only permissions genuinely required are declared.

While we take all reasonable precautions, no electronic system is 100% secure. We will notify users of any material data breach as required by applicable law.

5Data Sharing & Third Parties

We do not share, sell, rent, or trade your personal information with third parties except in the following limited circumstances:

With your explicit consent – where you have directly authorised a specific disclosure.
Service providers – technical vendors (e.g., hosting infrastructure) who process data strictly on our behalf, bound by confidentiality obligations, and only to the extent necessary to deliver our services.
Legal obligations – when required by applicable law, court order, or governmental authority, limited to the minimum necessary scope.
Safety & fraud prevention – to protect the rights, property, or safety of users, Pawan Paudel, or the public, in compliance with applicable law.

Third-party SDKs currently integrated:

SDK / Library	Purpose	Data accessed
React Native (Meta)	Core framework	No independent data collection
AsyncStorage	Local persistence	Local device only, no external transmission
Axios	HTTP client	Used only for our own backend endpoints
react-native-quick-crypto	AES-GCM encryption	In-memory only, no external data collection
react-native-webview	Dynamic content container	Loads URLs returned by our own backend (when applicable)

We do not integrate any third-party advertising, analytics (e.g., Firebase Analytics, Crashlytics), or social-login SDKs. If this changes, we will update this Policy and provide advance in-app notice.

6Android Permissions

The App requests only the permissions required for its stated features:

Permission	Reason	Required?
`INTERNET`	Communicate with our backend for startup verification and optional content delivery.	Yes
`CAMERA`	Available for future features (e.g., scanning barcodes / QR codes for quick stock entry). Not actively used in the current version – the permission is declared but only prompted if/when the relevant feature is activated.	No (not yet prompted)
`READ_EXTERNAL_STORAGE` (maxSdkVersion 32)	Legacy storage access on Android 12 and below, intended for potential future file import/export. Not actively requested at runtime in the current version.	No (not yet prompted)

You can revoke any granted permission at any time via Settings > Apps > AQS Markets > Permissions. Revoking a permission may disable the corresponding feature.

7Data Retention

On-device data (trade records, strategies, settings) is retained until you delete it within the App or uninstall the App. Uninstalling the App removes all locally stored data from your device.

Server-side data collected during the startup monitoring request (encrypted device metadata and session token) is retained only as long as necessary for security and operational purposes, and no longer than 90 days from the date of collection, after which it is automatically deleted or anonymised.

If you would like your server-side data deleted earlier, please contact us at [email protected] with the subject line "Data Deletion Request".

8Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access – view all data you have entered via the Records, Strategies, and About screens.
Correction – edit any record or setting directly inside the App.
Deletion – delete individual records or all data through the App's interface. Uninstalling the App also removes all on-device data.
Withdraw consent / revoke permissions – disable any granted permission in your device's system settings at any time.
Data portability – while the App does not currently provide an explicit export feature, all data is stored in human-readable JSON format via AsyncStorage, accessible through Android developer tools.
Opt-out of server-side data collection – you may request deletion of server-side records by emailing us (see Section 11).

To exercise any right not supported directly within the App, contact us using the details in Section 11. We will respond within 30 days of receiving a verifiable request.

9Children's Privacy

AQS Markets is designed for adults (18 years and older) who engage in financial investment activities. The App is not directed at children under the age of 13 (or the relevant age of digital consent in your jurisdiction).

We do not knowingly collect personal information from children. If a parent or guardian believes we have inadvertently collected information from a child, please contact us immediately at [email protected]. Upon verification, we will promptly delete the relevant data.

10Policy Updates

We may update this Privacy Policy to reflect changes in our practices, applicable laws, or Google Play requirements. When material changes are made, we will:

Update the "Last updated" date at the top of this page.
Display a prominent in-app notice on the next App launch after the policy takes effect.
For significant changes, seek renewed consent where legally required.

Your continued use of the App after the effective date constitutes acceptance of the revised Policy. We encourage you to review this page periodically.

      The most current version of this Privacy Policy is always available at the URL provided on
      our Google Play Store listing and within the App under About → Privacy Policy.
    

11Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out through the following channel. We aim to respond within 2 business days.

Developer Pawan Paudel

Email [email protected]

App Package com.pawaTech.aqstracker

Effective Date March 31, 2026