Back to home

Privacy Policy

Last updated: April 26, 2026

This Privacy Policy explains how Purse ("we", "our", or "us") collects, uses, and protects information about you when you use our platform at purse.aevr.co and related services (collectively, the "Service").

By using the Service, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Your email address (used for magic-link authentication and notifications)
  • Your name (first and last, if provided during onboarding)
  • Your unique tag (generated automatically, used for public pay links)
  • Your PIN (stored as a bcrypt hash — we never store your raw PIN)
  • Your passkey credentials (public-key only; private keys never leave your device)

1.2 Financial Information

We process and store:

  • Wallet balances and transaction records
  • Purse and space membership and contribution history
  • Currency preferences and conversion metadata
  • Payment provider references (e.g. Paystack or 100Pay transaction IDs)

We do not store raw card numbers, bank account numbers, or payment credentials. Payment processing is handled by third-party providers (Paystack and 100Pay), each with their own privacy policies.

1.3 Usage and Technical Data

We may automatically collect:

  • Browser type and device information
  • IP address (used for geo-currency inference, not stored permanently)
  • Service worker push subscription tokens (for optional push notifications)
  • Server-side logs for debugging and security purposes

1.4 Communications

If you contact us for support, we retain the content of your message to respond and improve the Service.

2. How We Use Your Information

We use the information we collect to:

  • Authenticate your identity and maintain secure sessions
  • Process deposits, transfers, withdrawals, and purse operations
  • Send transactional notifications (payment confirmations, purse invites, milestone updates)
  • Infer a default currency based on your region (using IP geolocation at account creation)
  • Detect and prevent fraud and abuse
  • Comply with applicable legal obligations

We do not sell your personal information to third parties.

3. Sharing Your Information

We share information only in limited circumstances:

  • Payment providers (Paystack, 100Pay): to process payments you initiate
  • Email providers: to deliver transactional emails on your behalf
  • Push services: to deliver optional push notifications via your browser
  • Legal requirements: if required by law, court order, or regulatory authority

When you use a public pay link (/pay/[tag]), your display name and tag are visible to anyone accessing that link. No other account details are exposed.

4. Data Retention

We retain your account data for as long as your account is active. If you close your account, we retain transaction records for a reasonable period to satisfy legal, audit, and dispute-resolution requirements.

You may request deletion of your account by contacting us at the email below.

5. Security

We protect your data with:

  • HTTP-only JWT cookies for session management (not accessible to client-side scripts)
  • bcrypt hashing for PINs
  • WebAuthn (passkey) for passwordless authentication — private keys stay on your device
  • Rate limiting on sensitive actions (transfers, withdrawals, PIN changes)
  • HMAC signature verification on all incoming payment webhooks

No system is perfectly secure. If you become aware of a security concern, please contact us immediately.

6. Cookies and Storage

We use a single HTTP-only cookie to manage your authenticated session. We do not use advertising cookies or tracking pixels.

7. Your Rights

Depending on your location, you may have rights to:

  • Access the personal information we hold about you
  • Correct inaccurate information
  • Request deletion of your account and data
  • Object to or restrict certain processing

To exercise any of these rights, contact us at the address below.

8. Children

The Service is not directed to children under 18. We do not knowingly collect information from minors. If you believe a minor has created an account, contact us and we will remove the data.

9. Changes to This Policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact

For questions or requests related to this Privacy Policy, contact us at:

Purse / Aevr
hello@aevr.co

Privacy PolicyTerms of Service