eaZSt ("the App") is developed by FRANCIS CACCAVALE ("we," "us," or "our"). We respect your privacy and are committed to protecting it through strict data minimization and edge-computing architectures.
This policy describes the types of information we collect when you use the eaZSt mobile application and our practices for maintaining, protecting, and disclosing that information.
1. Data Architecture (Cloud-Assisted Hybrid Model)
eaZSt utilizes a secure hybrid architecture to balance on-device privacy with real-time financial tracking.
- Local Device Storage (The Vault): We prioritize storing authentication tokens and chat history locally on your device's physical hardware using encrypted environments whenever possible.
- Secure Backend Processing: To provide 30-day income momentum tracking and real-time push notifications, our secure backend servers act as a processing bridge. Our servers securely handle initial OAuth connections, listen for third-party income events (webhooks), and process strict banking integrations.
2. Information We Collect and How We Use It
A. Google & YouTube API Services (Limited Use Disclosure)
eaZSt allows you to connect your YouTube and AdSense accounts to track video metrics and ad revenue. eaZSt's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
- Data Accessed: We request read-only access to your YouTube channel metadata, video statistics, estimated revenue, channel memberships, comment threads, and AdSense performance metrics (e.g., page views, clicks, RPM).
- Data Usage: This data is used exclusively to populate your personal financial dashboard, calculate your 30-day income momentum, trigger real-time push notifications for overnight earnings, and provide localized context for the on-device Gemma AI widget. We do not use this data for any other purpose.
- Data Sharing: We do not share, sell, or broker Google user data to any third parties, advertising networks, or data brokers. The data is retrieved solely for your personal visualization within the App.
- Data Storage & Protection: Authentication tokens (OAuth) are stored in a secure, encrypted PostgreSQL database on our backend. Financial and metrics data is fetched dynamically over encrypted connections (HTTPS/TLS) and is processed locally on your device.
- Data Retention & Deletion: Google data and authentication tokens are retained only as long as your eaZSt account remains active. You can revoke access at any time via your Google Account security settings, or by using the "Delete All Data" feature inside the App, which instantly and permanently deletes your OAuth tokens and database rows (See Section 3).
B. Third-Party Connections (Stripe, Shopify, Patreon, Twitch, Discord, Kraken, Streamlabs)
We request Read-Only permissions to your third-party platforms to aggregate passive income metrics.
- No PII Scraping: We do not fetch, store, or process the Personal Identifiable Information (PII) of your customers (e.g., credit card numbers, buyer addresses). We solely track aggregate revenue numbers and transaction IDs for deduplication.
- Live Event Processing: Our backend listens for live income events solely to trigger real-time push notifications to your device.
C. Discord Community Integration
To personalize your experience and connect you with our community, eaZSt offers an optional Discord integration.
- Profile Data: When you authorize Discord, we request access to your basic profile information (username and avatar). This data is used strictly to display your personalized profile header within the App's settings menu.
- Community Access: We request the permission to add your account to the official eaZSt Discord server automatically. We do not use this permission to join any other servers, send messages on your behalf, or modify your Discord account.
- Data Deletion: Your Discord profile data is removed instantly from your device and our servers when you long-press your Discord avatar in the app (triggering a severance), or when you trigger a full account deletion.
D. Banking Services (Plaid)
We use Plaid Inc. ("Plaid") to securely connect your bank accounts.
- Plaid collects your login credentials directly (we never see your bank username or password).
- We use Plaid's secure token system to fetch read-only transaction data (specifically deposits) to calculate your income flow. Information collected by Plaid is subject to the Plaid Privacy Policy.
E. On-Device AI Processing (Gemma Integration)
To provide advanced financial insights, eaZSt utilizes a localized version of the Gemma AI model, developed by Google.
- 100% Local Inference: The AI engine runs locally on your device's edge hardware (CPU/GPU). When you query your financial data or chat with the AI widget, your sensitive financial metrics never leave your phone. No cloud LLM APIs are used to process your chat prompts.
- No Model Training: Your private financial data, chat history, and third-party analytics are never used to train, fine-tune, or improve global AI models.
F. Subscriptions & Billing
Premium features are handled securely through Google Play Billing. We do not collect or store your credit card information. We only store anonymous receipt validation tokens to verify your active subscription tier.
G. Biometrics & Device Identifiers
The App uses your device's biometric capabilities (FaceID/Fingerprint) to secure your dashboard. Biometric authentication is handled entirely by your device's OS; we only receive a secure "Unlock" signal. To route push notifications, we store an anonymous FCM (Firebase Cloud Messaging) device token.
3. Data Retention & Instant Account Deletion
We believe your data belongs to you. You have the right to revoke our access and permanently delete your account data at any time.
- Individual Disconnects: You can disconnect any service within the App's Connections hub. Doing so immediately deletes local tokens and instructs our backend to sever the connection with that third party.
- Full Account Deletion: The App contains a hidden "Nuclear Wipe" feature to prevent accidental deletion. Triggering this instantly severs all active banking connections (Plaid), deletes your anonymous user data and device identifiers, and wipes all webhook routing maps from our servers. Any subsequent data sent by third parties to our servers will be permanently rejected.
How to permanently delete your data:
- Open the eaZSt app and navigate to the Settings screen (the gear icon).
- Scroll to bottom of Settings page
- Locate the App Version floating text.
- Tap the App Version floating text exactly four (4) times. A countdown toast will appear. On the fourth tap, the permanent data wipe will initiate, and you will be automatically signed out.
4. Crash Logs and Stability
We use crash reporting tools (e.g., Firebase Crashlytics) to identify bugs. If the App crashes, it sends an anonymous technical report. This data contains no financial tokens. Google Privacy Policy.
5. Children’s Privacy
The App is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13.
6. Your Consent
By using the App, you consent to our Privacy Policy.
7. Changes to This Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
8. Contact Us
If you have questions regarding this privacy policy, or wish to exercise your data rights, you may contact us at:
