Effective Date: 14/10/2025
Last Updated: 14/10/2025

This Privacy Policy explains how Ethio Remit (“we”, “us”, or “our”) collects, uses, stores, and protects personal information when you access our mobile application or website. By using our services, you acknowledge and accept the practices described below.

What Information We Collect

When you register or log in to our mobile app using Google, Apple, or Magic Link  (via Supabase), we collect the following personal data:

• Name
• Email address

We do not collect passwords, payment information, or sensitive personal data during registration. Any additional data (e.g., receiver details, account preferences, service logs) is generated only during active use of our services and is treated with the same level of protection.

How We Use Your Information

We use your personal data for the following purposes:

• To create and authenticate your account
• To identify you within the app and personalize your experience
• To communicate service-related updates or support messages
• To improve our services and develop new features
• To comply with legal obligations

We do not use your data for advertising, profiling, or tracking across other apps or websites.

Legal Basis for Processing (GDPR Compliance)

Under the General Data Protection Regulation (GDPR), we process your personal data based on:

• Consent: You provide consent when you register or log in using third-party authentication.
• Contractual necessity: We need your data to provide the services you request.
• Legal obligation: We may process data to comply with applicable laws or law enforcement requests.

Data Sharing and Disclosure

We do not sell, rent, or share your personal data with third parties for marketing purposes. We may disclose your data only:

• With your explicit consent
• To comply with legal obligations or law enforcement requests
• To maintain the security and integrity of our services

Data Security

We implement physical, technological, and administrative safeguards to protect your data against unauthorized access, loss, alteration, or misuse. These include:

• Encrypted transmission of login credentials
• Secure storage of user identifiers
• Access controls and audit logs

Third-Party Authentication

Google Sign-In: When you log in using Google, we receive your name, email address, and optionally your profile picture. Google may collect additional metadata (e.g., IP address, device info) for its own security and analytics purposes, but this is not shared with us. Learn more: Google Privacy Policy

Apple Sign-In: When you log in using Apple, we receive your name (only once, at initial login) and email address. If you choose to hide your email, Apple provides a private relay email. Apple does not share additional personal data or track users across apps. Learn more: Apple Privacy Policy

Supabase (Magic Link Login): We use Supabase to manage Magic Link authentication. Supabase processes your email address and related metadata (e.g., timestamp, IP address) solely for the purpose of secure login. Supabase acts as a data processor on our behalf and does not use your data for its own purposes. Supabase complies with GDPR and implements strong security measures. Learn more: Supabase Privacy Policy

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described above or to comply with legal obligations. You may request deletion of your account and associated data at any time.

Your Rights Under GDPR

You have the right to:

• Access your personal data
• Correct inaccurate or incomplete data
• Request deletion of your data (“right to be forgotten”)
• Withdraw consent at any time
• Lodge a complaint with a supervisory authority

To exercise these rights, contact us at info@ethioremit.com.

Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted within the app and on our website, with the effective date clearly indicated.