Privacy Policy

1. Who We Are

Laak is a portfolio visualization app operated by Olan ("we", "us", "our"). This Privacy Policy explains how we collect, use, and protect information when you use the Laak mobile application and website (collectively, "the Service").

2. Our Privacy Principles

Laak was built on three foundational privacy principles:

• Private by design. Your financial data stays on your device by default. It is only transmitted to our servers if you choose to enable cloud backup.
• Minimal collection. We collect only what is strictly necessary for the Service to function. If we don't need it, we don't ask for it.
• Full transparency. No hidden tracking, no surprise data sharing, no fine-print loopholes. This policy tells you everything.

3. Information We Do NOT Collect

To be absolutely clear, Laak does not collect:

• Your name, email address, or phone number (unless you opt into cloud backup)
• Your physical location or GPS coordinates
• Your device identifiers (IDFA, GAID, or fingerprints)
• Your contacts, photos, calendar, or other personal data
• Your browsing history or app usage patterns
• Your brokerage credentials or bank account details
• Any biometric data (Face ID / Touch ID is handled by your OS, not by us)

We do not embed any analytics SDKs (no Google Analytics, no Mixpanel, no Firebase Analytics, no Sentry, no Amplitude). We do not use tracking pixels or advertising identifiers.

4. Information Stored On Your Device

4.1 Portfolio Data (User Database)

When you add holdings and transactions, this data is stored in an encrypted SQLite database on your device. This includes:

• Asset names, symbols, and types (stocks, gold, sukuk, crypto, etc.)
• Transaction details (quantity, price, fees, date, notes)
• Portfolio calculations derived from your entries

This data never leaves your device unless you explicitly enable cloud backup.

4.2 App Preferences

Your settings are stored locally in encrypted key-value storage (MMKV):

• Theme preference (light, dark, or system)
• Language selection
• Country and default market
• Screening authority preference
• Dismissed learning nudges

4.3 Cached Content (App Database)

The App caches content from our servers for offline access:

• Educational articles and categories
• Stock metadata (names, exchange codes, sectors)
• Market prices (symbol, price, last fetched time)
• Compliance screening rules and thresholds
• UI translation bundles
• Affiliate platform information

This cached data contains no personal information and can be cleared at any time from Settings. It is automatically rebuilt when you reconnect to the internet.

5. Information We Receive From Our Servers

5.1 API Requests

When your device is online, the App makes requests to our API to fetch content updates (articles, prices, translations). These requests contain:

• Standard HTTP headers (User-Agent, Accept-Language)
• Your IP address (visible to our infrastructure provider as part of standard networking)

We do not associate API requests with user identities and do not build usage profiles from them.

5.2 No Required User Accounts

By default, the App does not require an account. You can use Laak without providing any personal information. API requests are not tied to individual users unless you opt into cloud backup.

6. Cloud Backup (Optional, User-Initiated)

If you choose to sign in with Apple or Google and enable cloud backup:

6.1 What We Store

• Your authentication identifier (provided by Apple or Google — typically an opaque ID or email)
• An encrypted copy of your portfolio database
• Sync metadata (last backup timestamp)

6.2 Where We Store It

Cloud backups are stored on Cloudflare R2 object storage. Data is encrypted in transit (TLS) and at rest.

6.3 Who Can Access It

Only you, through your authenticated session. Our team does not access, read, or analyze individual backup files.

6.4 How to Delete It

You can delete your cloud backup at any time through the App. Upon deletion, your backup data is permanently removed from our servers.

7. AI-Powered Features & Data Processing

7.1 When AI Is Used

Laak offers optional AI-generated portfolio summaries. This feature is never automatic — it only activates when you explicitly request it and spend credits.

7.2 Data Sent to AI Provider

When you request an AI summary, a portfolio snapshot is sent to Anthropic (our AI provider) via their API:

• Asset types and their percentage of your portfolio
• Approximate values by asset class
• A portfolio hash (to avoid redundant processing)

7.3 Data NOT Sent to AI Provider

• Your name, email, or any personal identifier
• Individual transaction details
• Your device information or IP address
• Your location or any other app data

7.4 AI Provider's Data Handling

Anthropic processes the data to generate a response and does not use API inputs to train its models. Refer to Anthropic's Privacy Policy for their full data handling practices.

7.5 AI Output Storage

The AI-generated summary is stored locally on your device. It is not stored on our servers.

8. In-App Purchases

Credit purchases are processed entirely by Apple App Store or Google Play Store. We receive:

• A purchase confirmation (product ID, transaction ID)
• No payment details (no credit card numbers, no billing addresses)

Apple and Google handle all payment processing. Refer to their respective privacy policies for how they handle payment data.

9. Affiliate Links

The App may display contextual links to third-party financial platforms. When you tap an affiliate link:

• You leave Laak and enter the third-party's website or app
• The link may contain a referral code identifying Laak as the source
• We do not track whether you completed a sign-up or made a purchase
• The third-party's own privacy policy governs from that point forward

10. Children's Privacy

Laak is not directed at children under 18. We do not knowingly collect information from minors. If you believe a child has provided data through the App, contact us and we will take steps to remove it.

11. Data Retention

• On-device data: Retained until you delete it (via "Reset All Data" or by uninstalling the App)
• Cloud backup: Retained until you delete it or request account deletion
• Server logs: We do not maintain user-identifiable server logs
• AI processing: Portfolio snapshots are not retained after the AI response is generated

12. Data Security

• On-device encryption: Portfolio data is stored in SQLite with OS-level encryption (iOS Data Protection, Android Keystore)
• Preferences encryption: MMKV provides encrypted key-value storage
• Transit encryption: All API communication uses HTTPS/TLS
• Cloud backup encryption: Encrypted at rest on Cloudflare R2
• No hardcoded secrets: API configuration is loaded from environment variables

13. Your Rights

Regardless of where you live, you have the right to:

• Access — view all data the App holds about you (it's all on your device)
• Delete — remove all your data via "Reset All Data" in Settings
• Export — export your portfolio data (feature in development)
• Withdraw consent — disable cloud backup or stop using AI features at any time
• Object — since we don't process your data for profiling or marketing, there's nothing to object to

For GDPR, CCPA, or other data protection requests, contact us at laak@olanai.tech.

14. International Users

Laak is designed for users across MENA, Southeast Asia, and Africa. Since your portfolio data stays on your device by default, there are no cross-border data transfers to worry about. If you enable cloud backup, your data is stored on Cloudflare's global infrastructure with data residency governed by Cloudflare's policies.

15. Third-Party Services We Use

For full transparency, these are the only third-party services that may process any data in connection with Laak:

• Cloudflare Workers — hosts our API (processes standard HTTP requests)
• Cloudflare R2 — stores cloud backups (only if you opt in)
• Anthropic Claude API — processes AI portfolio summaries (only when you request it)
• Apple App Store / Google Play — processes in-app purchases
• Apple / Google Sign-In — authenticates your identity (only if you opt in)

We do not use any advertising networks, analytics platforms, or data brokers.

16. Cookies & Website

The Laak website (laak.app) is a static site. It does not use cookies, does not set local storage, and does not run any tracking scripts. There is no analytics on the website.

17. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the App. The "Last updated" date at the top reflects the most recent revision. Your continued use of the Service after changes constitutes acceptance.

18. Contact

If you have questions or concerns about this Privacy Policy, contact us at:
Privacy inquiries: laak@olanai.tech
General support: laak@olanai.tech