Privacy Policy – AQS Markets

1Introduction

AQS Markets ("the App", "we", "our", or "us") is an iPhone application developed by Seben Alumut that helps individual investors record trades, manage strategies, and analyze portfolio performance. We deeply value your privacy and operate in accordance with applicable privacy laws, including the Apple App Store Review Guidelines and relevant data-protection regulations.

This Privacy Policy explains what information we collect, why we collect it, how it is used and protected, and the choices available to you. Please read this document carefully before using the App. Continued use of the App constitutes your acceptance of this Policy.

      This policy applies solely to the AQS Markets application
      (com.seben.aqsmarket) distributed through the App Store. It does not apply
      to any third-party websites or services that may be linked from within the App.
    

2Information We Collect

We collect only the information necessary to provide the App's functionality and the single startup check described below.

Category	Examples	Source	Purpose
User-provided & on-device content	Trade records (stock code, quantity, price, dates), strategy configurations, notes, portfolio settings (initial cash, savings target). If you use the optional feature, a photo you take or pick may be attached to a record and stored only on your device (e.g. as a local file path).	You	Core app functionality – recording and analyzing investments; optional record attachments
Startup check (encrypted)	When you open the App, it makes a single encrypted request to our server with limited technical information (enough to operate the check and maintain a session). It does not include your trades, strategies, notes, or attached photos.	Automatic on launch	To decide whether to show optional in-app announcements—for example, posters or banners for activities/events or new-version highlights—often inside an in-app WebView. Not for profiling or targeted advertising.

We do not collect or ask for: real name, email address, phone number, precise GPS location, contacts, call logs, SMS, microphone input, or financial account credentials. Images you attach to records are kept on the device unless you later use a feature that explicitly transmits them (none does today). We do not operate third-party ad or analytics SDKs in this App (see Section 5).

If a future feature requires access to sensitive data categories, we will update this Policy and present a clear, in-app disclosure prior to requesting your consent.

3How We Use Information

Information we collect is used exclusively for the following purposes:

Provide core functionality – storing, displaying, and calculating trade records, strategy statistics, and portfolio analytics.
Improvements via App Store updates – we deliver new builds through the App Store; this App does not ship crash reporting or behavioural analytics to third-party services.
Security & integrity – detecting and preventing fraudulent or abusive use of the App and our backend services.
Startup check & in-app announcements – at each launch, the App sends one encrypted request as summarised in Section 2. The server uses this solely to decide whether to show optional material such as activity/event posters or new-version announcement posters (commonly in an in-app WebView). This is not used for user profiling, cross-app tracking, or targeted advertising.
Legal compliance – responding to lawful requests from regulatory or judicial authorities, only when legally required and limited to what is strictly necessary.

      We do not use your data for targeted advertising, user profiling, or any
      purpose beyond those explicitly listed above. We do not sell your personal
      information to any third party. The startup request described in Section 2 is used
      exclusively to decide whether to show optional activity, event, or new-version posters/banners (including via WebView when applicable), and
      for no other purpose.
    

4Data Storage & Security

Local storage (primary): All trade records, strategy data, portfolio settings, and user preferences are stored on your device using AsyncStorage (React Native). This data never leaves your device unless you explicitly use a feature that transmits it.

Server-side data: On each launch the App sends one encrypted startup request to our server, as described in Section 2. It does not include your trade records, strategies, or attached photos. The server uses this only to decide whether to return a URL for optional activity, event, or new-version poster/banner content (e.g. in an in-app WebView), not for profiling or advertising as stated elsewhere in this Policy. Transport is protected with HTTPS (TLS); the body is encrypted as implemented in the App.

Security measures we apply:

Encrypted startup request body plus HTTPS (TLS) for transport.
Session tokens issued by our server are stored in AsyncStorage in the App sandbox; they are not written to logs in production builds.
iOS sandboxes app data from other apps; deleting the App removes its container from the device subject to system behaviour (e.g. iCloud backups if you have enabled them at the system level).
Least-privilege permissions – only Camera, Photo Library access, and network use as described in Section 6.

While we take all reasonable precautions, no electronic system is 100% secure. We will notify users of any material data breach as required by applicable law.

5Data Sharing & Third Parties

We do not share, sell, rent, or trade your personal information with third parties except in the following limited circumstances:

With your explicit consent – where you have directly authorised a specific disclosure.
Service providers – technical vendors (e.g., hosting infrastructure) who process data strictly on our behalf, bound by confidentiality obligations, and only to the extent necessary to deliver our services.
Legal obligations – when required by applicable law, court order, or governmental authority, limited to the minimum necessary scope.
Safety & fraud prevention – to protect the rights, property, or safety of users, Seben Alumut, or the public, in compliance with applicable law.

Third-party SDKs currently integrated:

SDK / Library	Purpose	Data accessed
React Native (Meta)	Core framework	No independent data collection
AsyncStorage	Local persistence	Local device only, no external transmission
Axios	HTTP client	Used only for our own backend endpoints
react-native-quick-crypto	AES-GCM encryption	In-memory only, no external data collection
react-native-webview	Dynamic content container	Loads HTTPS (or HTTP) URLs returned by our backend when an activity, event, or new-version poster should be shown; that page may set its own cookies—see Section 1
react-native-image-picker	Optional photos for trade records	Local device only; images are not uploaded by this App
react-native-permissions	Runtime prompts for Camera / Photo Library	No data sent to the library vendor
@react-native-community/datetimepicker	Date selection in forms	On-device UI only
@react-native-clipboard/clipboard	Copy support email to clipboard (e.g. Contact screen)	Writes to system pasteboard when you tap copy; does not read your clipboard

We do not integrate any third-party advertising, analytics (e.g., Firebase Analytics, Crashlytics), or social-login SDKs. If this changes, we will update this Policy and provide advance in-app notice.

6iOS Permissions

The App requests only the permissions required for its stated features:

Permission	Reason	Required?
`Network Access`	Communicate with our backend for the startup check and optional activity or new-version poster URLs.	Yes
`Camera`	Used only when you choose to take photos for records. We request access at runtime.	Optional
`Photo Library`	Used only when you choose existing images from your library for records. We request access at runtime.	Optional

You can revoke any granted permission at any time via Settings > Privacy & Security. Revoking a permission may disable the corresponding feature.

7Data Retention

On-device data (trade records, strategies, settings) is retained until you delete it within the App or uninstall the App. Uninstalling the App removes all locally stored data from your device.

Server-side data from the startup check (Section 2) is retained only as long as necessary for security and operational purposes, and no longer than 90 days from the date of collection, after which it is automatically deleted or anonymised.

If you would like your server-side data deleted earlier, please contact us at [email protected] with the subject line "Data Deletion Request".

8Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access – view all data you have entered via the Records, Strategies, and About screens.
Correction – edit any record or setting directly inside the App.
Deletion – delete individual records or all data through the App's interface. Uninstalling the App also removes all on-device data.
Withdraw consent / revoke permissions – disable any granted permission in your device's system settings at any time.
Data portability – the App does not currently offer a built-in export file. Your records and settings live in the App's sandbox storage on iOS; deleting or migrating that data outside the App is not a feature we provide today—contact us if you need assistance.
Opt-out of server-side data collection – you may request deletion of server-side records by emailing us (see Section 11).

To exercise any right not supported directly within the App, contact us using the details in Section 11. We will respond within 30 days of receiving a verifiable request.

9Children's Privacy

AQS Markets is designed for adults (18 years and older) who engage in financial investment activities. The App is not directed at children under the age of 13 (or the relevant age of digital consent in your jurisdiction).

We do not knowingly collect personal information from children. If a parent or guardian believes we have inadvertently collected information from a child, please contact us immediately at [email protected]. Upon verification, we will promptly delete the relevant data.

10Policy Updates

We may update this Privacy Policy to reflect changes in our practices, applicable laws, or App Store requirements. When material changes are made, we will:

Update the "Last updated" date at the top of this page.
Display a prominent in-app notice on the next App launch after the policy takes effect.
For significant changes, seek renewed consent where legally required.

Your continued use of the App after the effective date constitutes acceptance of the revised Policy. We encourage you to review this page periodically.

      The most current version of this Privacy Policy is always available at the URL provided on
      our App Store listing and within the App under About → Privacy Policy.
    

11Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out through the following channel. We aim to respond within 2 business days.

Developer Seben Alumut

Email [email protected]

Bundle Identifier com.seben.aqsmarket

Effective Date April 1, 2026