1.Scope
This Privacy Policy applies to information processed by Raha Account when you create or use an account, authenticate with a Raha product or connected application, manage your profile or security settings, or contact support.
Connected applications and other Raha products may have their own privacy policies for information they process outside Raha Account. Review those policies to understand their practices.
2.Information we collect
The information handled depends on the features you use and may include:
- Account identifiers, such as a user ID, username, email address, and phone number, together with verification status.
- Profile information, such as your name, avatar, date of birth, and gender when you choose to provide it.
- Authentication and security information, such as protected password records, multi-factor methods, recovery status, security events, and verification attempts. Raha Account does not need to display your password to operate authentication.
- Session and device information, such as IP address, browser or user-agent details, sign-in times, activity times, expiration times, and session status.
- Connected-application and consent information, such as client identifiers, requested or approved permissions, and when an application was connected or last used.
- Support communications and diagnostic information you provide when seeking assistance or reporting a problem.
3.How we receive information
Raha Account receives information from the following sources:
- Directly from you when you register, update your profile, configure security, approve permissions, or contact support.
- Automatically from your browser, device, and interactions with the service, including session and security logs.
- From Raha products and connected applications when they start authentication, request permission, or exchange information you have authorized.
4.How we use information
Information may be used to:
- Create, identify, authenticate, recover, and manage your account.
- Provide profile, session, consent, and connected-application features.
- Send verification codes, security notices, and service communications.
- Detect, investigate, prevent, and respond to fraud, abuse, security incidents, and unauthorized access.
- Maintain, troubleshoot, measure, and improve reliability, accessibility, and user experience.
- Comply with applicable obligations and enforce agreements that govern the service.
5.When information may be shared
Raha Account may disclose relevant information in these circumstances:
- With a Raha product or connected application when you approve requested access or direct Raha Account to complete authentication.
- With service providers that process information to host, secure, communicate, monitor, or support the service under appropriate obligations.
- When reasonably necessary to comply with applicable legal process, protect rights and safety, investigate misuse, or secure the service.
- As part of a reorganization, financing, acquisition, or transfer of the relevant service, subject to appropriate protection of the information.
6.Retention and deletion
Information is retained for as long as reasonably needed to provide and secure Raha Account, maintain necessary records, resolve disputes, enforce agreements, and meet applicable obligations. Retention depends on the type of information, why it is used, and relevant operational or legal requirements.
When information is no longer needed, it may be deleted, anonymized, or isolated from active use. Account deletion may not immediately remove information from backups, security records, connected applications, or records that must be retained for legitimate purposes.
7.Cookies and browser storage
Raha Account uses cookies and similar browser storage needed for authentication, interaction state, security, language selection, theme preference, and continuity of account flows. Some temporary information may be stored only for the current browser session.
Blocking required cookies or browser storage may prevent sign-in, account recovery, language preferences, or other essential features from working correctly.
8.Security
Raha Account uses technical and organizational safeguards intended to protect information, including access controls, protected authentication processes, session management, and multi-factor security options.
No system can guarantee absolute security. You can reduce risk by protecting your credentials and recovery codes, enabling suitable multi-factor authentication, reviewing sessions and connected applications, and reporting suspected misuse promptly.
9.Your choices and rights
Depending on available account controls and applicable law, you may be able to:
- Review and update profile and contact information.
- Manage security methods, active sessions, and connected-application permissions.
- Request account deletion or ask for access, correction, restriction, or another available privacy action.
- Change language and theme preferences stored by the browser.
10.International processing
Raha Account and the providers supporting it may process information in locations other than where you live. Where required, reasonable measures are used to protect information during such processing in accordance with applicable requirements.
11.Children's privacy
Raha Account is not intended for a child who cannot legally consent to an account under applicable law unless an authorized parent, guardian, institution, or connected service provides the permissions and supervision that the law requires. Contact the relevant official Raha support channel if you believe a child's information was provided improperly.
12.Policy changes and privacy requests
This policy may be updated to reflect changes in features, security practices, or applicable requirements. Material updates will be published on this page and the effective date will be revised.
To ask a privacy question or make an available privacy request, use the official Raha support channel for the product through which you access Raha Account. Provide enough information to identify the relevant account and request; identity verification may be required before action is taken.