PRIVACY POLICY

Last updated April 10, 2026

This privacy notice for Kobumura LLC (doing business as SaveYour) (“we,” “us,” or “our”), describes how and why we might collect, store, use, and/or share (“process”) your information when you use our services (“Services”), such as when you:

  • Visit our website at https://www.saveyourtheapp.com, or any website of ours that links to this privacy notice
  • Download and use our mobile application (SaveYour), or any other application of ours that links to this privacy notice
  • Engage with us in other related ways, including any sales, marketing, or events

SaveYour is a grocery savings, deal-finding, and receipt-tracking mobile application for Android and iOS that helps users save money on groceries by comparing prices, tracking purchases, managing digital coupons, and discovering deals across multiple retailers.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at help@kobumura.com.

SUMMARY OF KEY POINTS

This summary provides key points from our privacy notice, but you can find out more details about any of these topics by clicking the link following each key point or by using our table of contents below to find the section you are looking for.

What personal information do we process? When you visit, use, or navigate our Services, we may process personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. This includes information you provide directly, purchase and receipt data, and information from retailer accounts you choose to link. Learn more about personal information you disclose to us.

Do we process any sensitive personal information? We process financial and purchase data (receipt details, transaction history, product prices) that you voluntarily provide or authorize us to access through linked retailer accounts. Loyalty card numbers and retailer session tokens are stored securely on your device using native hardware encryption and are never transmitted to our servers in plaintext.

Do we receive any information from third parties? We receive publicly available deal and pricing information from retail data aggregators. When you link a retailer account, we access your purchase data from that retailer through your authenticated session. We do not purchase personal information from data brokers.

How do we process your information? We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.

In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties, including cloud service providers for receipt processing. We do NOT sell, share, or redistribute retailer-sourced purchase data to third parties for commercial purposes. Learn more about when and with whom we share your personal information.

How do we keep your information safe? We employ OAuth 2.0 with PKCE (we never store passwords), hardware-level encryption for sensitive tokens stored on your device, and TLS encryption for all data in transit. Learn more about how we keep your information safe.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal information. You can unlink retailer accounts, delete synced data, and export your data at any time. Learn more about your privacy rights.

How do you exercise your rights? The easiest way to exercise your rights is by using the in-app settings, submitting a data subject access request, or by contacting us. We will consider and act upon any request in accordance with applicable data protection laws.

Want to learn more about what we do with any information we collect? Review the privacy notice in full.

TABLE OF CONTENTS

  1. WHAT INFORMATION DO WE COLLECT?
  2. HOW DO WE PROCESS YOUR INFORMATION?
  3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
  4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?
  5. RETAILER DATA ACCESS AND THIRD-PARTY INTEGRATIONS
  6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
  7. HOW LONG DO WE KEEP YOUR INFORMATION?
  8. HOW DO WE KEEP YOUR INFORMATION SAFE?
  9. DO WE COLLECT INFORMATION FROM MINORS?
  10. WHAT ARE YOUR PRIVACY RIGHTS?
  11. CONTROLS FOR DO-NOT-TRACK FEATURES
  12. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  13. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  14. DO COLORADO AND CONNECTICUT RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?
  15. DO WE MAKE UPDATES TO THIS NOTICE?
  16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?
  17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

1. WHAT INFORMATION DO WE COLLECT?

Personal information you disclose to us

In Short: We collect personal information that you provide to us, purchase and receipt data you authorize, and information from retailer accounts you choose to link.

We collect personal information that you voluntarily provide to us when you register on the Services, link retailer accounts, scan receipts, express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.

Personal Information Provided by You

The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:

  • Names
  • Email addresses
  • Google or Apple OAuth profile information (name, email, profile photo)
  • Contact preferences

No Password Storage. SaveYour uses OAuth 2.0 with PKCE for authentication through Google Sign-In and Apple Sign-In. We do not collect, store, or have access to any passwords. Your authentication credentials are managed entirely by Google or Apple.

Purchase and Financial Data

When you use SaveYour's receipt scanning and purchase tracking features, we collect:

  • Receipt images and extracted receipt data (processed via AWS Textract OCR)
  • Purchase history, including product names, prices, quantities, and dates
  • Store and warehouse location information associated with purchases
  • Price history and savings calculations derived from your purchase data
  • Shopping lists and pantry inventory you create within the app

Retailer Account Data

When you choose to link retailer accounts (such as the third-party retailers whose accounts you link through the app), we collect:

  • Purchase history, receipt details, and transaction records from linked retailers
  • Product images and descriptions sourced from retailer systems
  • Coupon and deal information from your retailer accounts
  • Store or warehouse location information

What We Do NOT Collect from Retailer Accounts:

  • We do NOT collect, store, or have access to your retailer login credentials (username or password). Authentication occurs through the retailer's own login interface via a secure, in-app browser connection.
  • Retailer session tokens are stored securely on your device using native hardware encryption and are NEVER stored on our servers or transmitted in plaintext.

Loyalty Card Information

If you choose to store loyalty card numbers within the app, these are encrypted and stored securely on your device using native hardware encryption. Loyalty card data is never transmitted to or stored on our servers.

Sensitive Information. We process purchase and financial data as described above. Loyalty card numbers and retailer session tokens are treated as sensitive information and are stored securely on your device using native hardware encryption.

Application Data

If you use our application(s), we also may collect the following information if you choose to provide us with access or permission:

  • Geolocation Information. We may request access or permission to track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services such as finding nearby stores, searching for deals by location, and associating purchases with store locations. If you wish to change our access or permissions, you may do so in your device's settings.
  • Camera Access. We may request access to your device's camera for receipt scanning and barcode scanning features. Camera images are used for OCR processing and product identification. If you wish to change our access or permissions, you may do so in your device's settings.
  • Push Notifications. We may request to send you push notifications via Firebase Cloud Messaging (FCM) regarding deal alerts, price changes, expiring coupons, and other features of the application. If you wish to opt out from receiving these types of communications, you may turn them off in your device's settings.
  • Mobile Device Data. We automatically collect device information (such as your mobile device ID, model, and manufacturer), operating system, version information and system configuration information, device and application identification numbers, and Internet Protocol (IP) address. This information is collected through BugSnag for crash reporting and diagnostics purposes and is only collected in production and staging environments, not during development.
  • Session Recording. We partner with Microsoft Clarity to capture how you use and interact with our application through behavioral metrics, heatmaps, and session replay. This helps us improve our products and services. Session recording is automatically paused on sensitive screens such as payment, password, and vault screens to protect your personal information. Session recording is only active in production and staging environments, not during development.

This information is primarily needed to maintain the security and operation of our application, for troubleshooting, and for our internal analytics and reporting purposes.

All personal information that you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information.

Information automatically collected

In Short: Some information — such as your Internet Protocol (IP) address and/or browser and device characteristics — is collected automatically when you visit our Services.

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports, and hardware settings).
  • Device Data. We collect device data such as information about your phone or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services, such as nearby store finding and location-based deal search.
  • Crash and Diagnostic Data. We collect crash reports and diagnostic data through BugSnag to identify and fix application issues. This data may include device type, operating system version, application state at the time of a crash, and stack traces. This data is collected only in production and staging environments and is never collected during development builds.
  • Session Replay and Behavioral Data. We use Microsoft Clarity to collect session replay recordings, heatmaps, and behavioral metrics (such as tap patterns, scroll depth, and navigation paths). This data helps us understand how users interact with the application, identify usability issues (including rage clicks and dead clicks), and improve the user experience. Sensitive screens (payment, password entry, and vault screens) are excluded from session recording. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

2. HOW DO WE PROCESS YOUR INFORMATION?

In Short: We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account via Google Sign-In or Apple Sign-In (OAuth 2.0 with PKCE), as well as keep your account in working order.
  • To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service, including tracking purchases, finding deals, managing coupons, and providing savings insights.
  • To process receipt data. When you scan a receipt, the receipt image is sent to AWS Textract for OCR processing. The extracted text data (product names, prices, quantities, store information) is stored in our database and associated with your account to enable purchase tracking, savings calculations, and price history features.
  • To access retailer data on your behalf. When you link a retailer account, we act as your authorized agent to retrieve your purchase history, receipts, and deal information from that retailer using your authenticated session. This data is synced to our servers to provide you with a unified view of your purchases and savings.
  • To provide deal and price comparison services. We process your location data and purchase history to find relevant deals, compare prices across retailers, and provide personalized savings recommendations.
  • To manage subscriptions. We process subscription information through RevenueCat to manage your in-app purchases and premium features.
  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information, including push notifications about deal alerts and price changes via Firebase Cloud Messaging.
  • To fulfill and manage your orders. We may process your information to fulfill and manage your subscription purchases made through the Services.
  • To monitor application health. We use BugSnag to collect crash reports and diagnostic data (in production and staging environments only) to identify, diagnose, and fix application issues proactively.
  • To improve user experience. We use Microsoft Clarity to capture session replays, heatmaps, and behavioral metrics to understand how users interact with the application, identify usability issues, and improve our products and services. Sensitive screens are excluded from session recording.
  • To save or protect an individual's vital interest. We may process your information when necessary to save or protect an individual's vital interest, such as to prevent harm.

3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?

In Short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK, this section applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following legal bases to process your personal information:

  • Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. In particular, we rely on your consent when you link a retailer account, as this constitutes an explicit authorization to access your purchase data from that retailer. You can withdraw your consent at any time. Learn more about withdrawing your consent.
  • Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract with you.
  • Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.
  • Vital Interests. We may process your information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.

If you are located in Canada, this section applies to you.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in situations where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

In some exceptional cases, we may be legally permitted under applicable law to process your information without your consent, including, for example:

  • If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way
  • For investigations and fraud detection and prevention
  • For business transactions provided certain conditions are met
  • If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim
  • For identifying injured, ill, or deceased persons and communicating with next of kin
  • If we have reasonable grounds to believe an individual has been, is, or may be victim of financial abuse
  • If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province
  • If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records
  • If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced
  • If the collection is solely for journalistic, artistic, or literary purposes
  • If the information is publicly available and is specified by the regulations

4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?

In Short: We may share information in specific situations described in this section and/or with the following third parties.

We may need to share your personal information in the following situations:

  • Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Service Providers. We may share your information with third-party service providers who perform services on our behalf, as described below.

Third-Party Services We Use

We use the following third-party services in connection with the operation of our Services:

Service ProviderPurposeData Shared
Google (Google LLC)OAuth sign-in, Maps API for store location services, Firebase Cloud Messaging for push notificationsAuthentication data (OAuth flow), location queries, push notification tokens
Apple (Apple Inc.)OAuth sign-inAuthentication data (OAuth flow)
BugSnag (SmartBear Software)Crash reporting and diagnostics (production and staging only, NOT development builds)Device information, crash reports, diagnostic data, application state
RevenueCat (RevenueCat Inc.)Subscription and in-app purchase managementUser identifier, purchase/subscription data
AWS Textract (Amazon Web Services)Receipt OCR processing — receipt images are sent to AWS for text extractionReceipt images; extracted text is returned to our servers
Microsoft Clarity (Microsoft Corporation)Session recording, heatmaps, and behavioral analytics to improve user experienceAnonymized usage data, tap/scroll interactions, session replays (sensitive screens excluded). See Microsoft Privacy Statement
Third-party retail data aggregation servicesDeal and weekly ad data aggregationNo user data shared; we only consume publicly available deal and pricing information using location-based queries
Retailers you choose to linkPurchase history, receipt retrieval, coupon and deal information via user-authenticated account linkingRetailer session tokens (stored on device only); purchase data synced to our servers on your behalf

We do NOT sell, share, or redistribute your personal information or retailer-sourced purchase data to third parties for commercial or marketing purposes.

5. RETAILER DATA ACCESS AND THIRD-PARTY INTEGRATIONS

In Short: When you link a retailer account, SaveYour acts as your authorized agent to access your own purchase data. We never see or store your retailer credentials. Session tokens are stored securely on your device.

This section provides a detailed and transparent explanation of how SaveYour accesses, collects, stores, and uses data from retailer accounts you choose to link.

How We Access Retailer Data

  • SaveYour accesses retailer data through user-initiated, user-authenticated login sessions.
  • When you link a retailer account, you log in directly on the retailer's website within our app using a secure, in-app browser connection. SaveYour does not see, intercept, or store your retailer login credentials (username or password). The login occurs entirely within the retailer's own authentication interface.
  • After you authenticate with the retailer, a session token or cookie is created by the retailer. This token is stored securely on your device using native hardware encryption. To provide continuous savings insights and price tracking, SaveYour uses this secure, authenticated session to automatically synchronize live pricing, inventory, and purchase data from the retailer on your behalf.
  • SaveYour acts as your authorized agent and tool to access your own data from retailers you have chosen to link — similar to how financial aggregation services (such as Plaid or Mint) operate on behalf of their users.

What Retailer Data We Collect

Through your authenticated retailer sessions, we may collect the following types of data:

  • Purchase history (items purchased, prices paid, quantities, transaction dates)
  • Receipt details and transaction records
  • Product images and descriptions (as sourced from retailer product catalogs)
  • Coupon and deal information available through your retailer account
  • Store or warehouse location information associated with your transactions
  • Real-time pricing, product availability, and local warehouse inventory data

How Retailer Data Is Stored

  • Session tokens: Stored securely on your device only, using native hardware encryption. Session tokens are never transmitted to our servers, never stored in plaintext, and never stored in server-side databases.
  • Purchase history and receipts: Synced to our PostgreSQL database, encrypted in transit via TLS, and associated with your authenticated user account.
  • Product images: May be cached server-side for performance to reduce repeated requests to retailer systems.
  • All server-side data is encrypted in transit (TLS) and associated with your authenticated account. Access to your data requires your authenticated session.

How Retailer Data Is Used

  • To display your purchase history and receipts within the app
  • To calculate savings, track price changes over time, and provide deal recommendations
  • To power shopping list suggestions based on your purchase patterns
  • To compare prices across retailers for products you buy
  • Product images and descriptions are used solely to enhance your personal shopping experience within the app

We do NOT sell, share, or redistribute retailer-sourced data to third parties for commercial purposes. Your retailer purchase data is used exclusively to provide services to you, the user who authorized the data access.

Data Flow Transparency

Here is exactly how retailer data flows through SaveYour:

  1. You authenticate: You log in to the retailer's website within our secure, in-app browser. SaveYour never sees your username or password.
  2. Session token created: The retailer creates a session token upon successful login. This token is stored securely on your device using native hardware encryption.
  3. Data retrieval: SaveYour uses your active device session to securely request your purchase history, receipts, and live pricing data from the retailer on your behalf.
  4. Data synced: Retrieved purchase data is synced to our servers (encrypted in transit via TLS) and stored in our database, associated with your SaveYour account.
  5. Services provided: The synced data powers your purchase history view, savings calculations, deal recommendations, and other features within the app.

Important: No official API partnership or data-sharing agreement exists between SaveYour and these retailers. Data is accessed through your own authenticated session, acting on your behalf and at your direction. This is analogous to how financial aggregation services access bank account data on behalf of their users.

User Control Over Retailer Data

  • Unlink any time: You can unlink any retailer account at any time through the app's settings.
  • Token deletion: Upon unlinking, the session token is immediately deleted from your device's secure storage.
  • Data deletion: You can request deletion of all synced retailer data through the app or by contacting us at help@kobumura.com.
  • Data export: You can export your data at any time using the built-in data export feature.
  • Granular control: You choose which retailers to link and can manage each connection independently.

6. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?

In Short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information when you visit our website. Our mobile application does not use traditional browser cookies but may use local storage mechanisms for application functionality.

Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

7. HOW LONG DO WE KEEP YOUR INFORMATION?

In Short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal information for longer than the period of time in which users have an account with us.

Specific retention periods include:

  • Account information: Retained as long as you maintain an active account.
  • Purchase history and receipt data: Retained as long as you maintain an active account or until you request deletion.
  • Retailer session tokens: Stored on your device only; automatically expire per the retailer's session policy and are deleted upon unlinking.
  • Crash and diagnostic data (BugSnag): Retained per BugSnag's data retention policies (typically 1 year).
  • Session recording data (Microsoft Clarity): Retained per Microsoft Clarity's data retention policies (up to 30 days for session recordings). See Clarity Data Retention.
  • Receipt images processed by AWS Textract: Images are processed and text is extracted; images are not retained by AWS after processing is complete.

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

8. HOW DO WE KEEP YOUR INFORMATION SAFE?

In Short: We aim to protect your personal information through a comprehensive system of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. Our security measures include:

  • OAuth 2.0 with PKCE: We use industry-standard OAuth 2.0 with Proof Key for Code Exchange (PKCE) for user authentication through Google and Apple. We never collect, store, or have access to user passwords.
  • Hardware-Level On-Device Encryption: Sensitive tokens, including retailer session tokens and loyalty card numbers, are stored securely on your device using native hardware encryption. These tokens never touch plaintext storage or our servers.
  • TLS Encryption: All data transmitted between your device and our servers is encrypted in transit using TLS (Transport Layer Security).
  • Database Encryption: Our PostgreSQL database employs encryption for data at rest, and access is restricted to authenticated and authorized requests.
  • Proactive Crash Monitoring: BugSnag provides real-time crash reporting and diagnostics in production and staging environments, enabling us to identify and resolve security and stability issues promptly.
  • No Credential Storage: We do not store retailer credentials. Authentication with retailers occurs entirely within the retailer's own interface via a secure, in-app browser connection.

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.

9. DO WE COLLECT INFORMATION FROM MINORS?

In Short: We do not knowingly collect data from or market to individuals under 18 years of age.

We do not knowingly solicit data from or market to individuals under 18 years of age. By using the Services, you represent that you are at least 18 years of age. SaveYour is designed for adult users who make their own purchasing decisions. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from individuals under age 18, please contact us at help@kobumura.com.

10. WHAT ARE YOUR PRIVACY RIGHTS?

In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.

We will consider and act upon any request in accordance with applicable data protection laws.

If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority.

If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.

Withdrawing your consent: If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below, unlinking retailer accounts through the app, or updating your preferences.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Log in to your account settings and update your user account
  • Unlink any retailer account through the app's settings
  • Export your data using the built-in data export feature
  • Request deletion of specific retailer data or all account data

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

Cookies and similar technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our website.

If you have questions or comments about your privacy rights, you may email us at help@kobumura.com.

11. CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this privacy notice.

12. DO CALIFORNIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal of such data, please contact us using the contact information provided below and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Services, but please be aware that the data may not be completely or comprehensively removed from all our systems (e.g., backups, etc.).

CCPA Privacy Notice

The California Code of Regulations defines a “resident” as:

  1. every individual who is in the State of California for other than a temporary or transitory purpose and
  2. every individual who is domiciled in the State of California who is outside the State of California for a temporary or transitory purpose

All other individuals are defined as “non-residents.”

If this definition of “resident” applies to you, we must adhere to certain rights and obligations regarding your personal information.

What categories of personal information do we collect?

We have collected the following categories of personal information in the past twelve (12) months:

CategoryExamplesCollected
A. IdentifiersContact details, such as real name, alias, email address, unique personal identifier, online identifier, Internet Protocol address, and account nameYES
B. Personal information categories listed in the California Customer Records statuteName, contact information, and financial information (purchase history)YES
C. Protected classification characteristics under California or federal lawGender and date of birthNO
D. Commercial informationTransaction information, purchase history, receipt details, product prices and quantities, financial details, and payment informationYES
E. Biometric informationFingerprints and voiceprintsNO
F. Internet or other similar network activityBrowsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisementsNO
G. Geolocation dataDevice location (for nearby store finding and deal search)YES
H. Audio, electronic, visual, thermal, olfactory, or similar informationReceipt images captured via camera for OCR processingYES
I. Professional or employment-related informationBusiness contact details, job title, work historyNO
J. Education InformationStudent records and directory informationNO
K. Inferences drawn from other personal informationInferences drawn from purchase history to create shopping preferences, deal recommendations, and savings insightsYES
L. Sensitive Personal InformationLoyalty card numbers (stored on device only, encrypted — not on servers)YES (device only)

We will use and retain the collected personal information as needed to provide the Services or for:

  • Category A — As long as the user has an account with us
  • Category B — As long as the user has an account with us
  • Category D — As long as the user has an account with us, or until the user requests deletion of specific purchase data
  • Category G — Collected in real time for service delivery; historical location data is not retained beyond the associated transaction
  • Category H — Receipt images are processed for text extraction; images may be retained as long as the user has an account
  • Category K — As long as the user has an account with us; regenerated from current purchase data
  • Category L — Stored on device only; deleted upon app uninstall or manual removal

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:

  • Receiving help through our customer support channels;
  • Participation in customer surveys or contests; and
  • Facilitation in the delivery of our Services and to respond to your inquiries.

How do we use and share your personal information?

More information about our data collection and sharing practices can be found in this privacy notice.

You may contact us by email at help@kobumura.com, by visiting saveyourtheapp.com, or by referring to the contact details at the bottom of this document.

If you are using an authorized agent to exercise your right to opt out we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Will your information be shared with anyone else?

We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Each service provider is a for-profit entity that processes the information on our behalf, following the same strict privacy protection obligations mandated by the CCPA.

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of your personal information.

We have not disclosed, sold, or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We will not sell or share personal information in the future belonging to website visitors, users, and other consumers.

Your rights with respect to your personal data

Right to request deletion of the data — Request to delete

You can ask for the deletion of your personal information. If you ask us to delete your personal information, we will respect your request and delete your personal information, subject to certain exceptions provided by law, such as (but not limited to) the exercise by another consumer of his or her right to free speech, our compliance requirements resulting from a legal obligation, or any processing that may be required to protect against illegal activities.

Right to be informed — Request to know

Depending on the circumstances, you have a right to know:

  • whether we collect and use your personal information;
  • the categories of personal information that we collect;
  • the purposes for which the collected personal information is used;
  • whether we sell or share personal information to third parties;
  • the categories of personal information that we sold, shared, or disclosed for a business purpose;
  • the categories of third parties to whom the personal information was sold, shared, or disclosed for a business purpose;
  • the business or commercial purpose for collecting, selling, or sharing personal information; and
  • the specific pieces of personal information we collected about you.

In accordance with applicable law, we are not obligated to provide or delete consumer information that is de-identified in response to a consumer request or to re-identify individual data to verify a consumer request.

Right to Non-Discrimination for the Exercise of a Consumer's Privacy Rights

We will not discriminate against you if you exercise your privacy rights.

Right to Limit Use and Disclosure of Sensitive Personal Information

Sensitive personal information (loyalty card numbers, retailer session tokens) is stored securely on your device using native hardware encryption and is not processed on our servers. You may delete this information at any time by unlinking retailer accounts or removing loyalty cards within the app.

Verification process

Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us. For instance, depending on the type of request you submit, we may ask you to provide certain information so that we can match the information you provide with the information we already have on file, or we may contact you through a communication method (e.g., phone or email) that you have previously provided to us. We may also use other verification methods as the circumstances dictate.

We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for the purposes of verification. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Other privacy rights

  • You may object to the processing of your personal information.
  • You may request correction of your personal data if it is incorrect or no longer relevant, or ask to restrict the processing of the information.
  • You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
  • You may request to opt out from future selling or sharing of your personal information to third parties. Upon receiving an opt-out request, we will act upon the request as soon as feasibly possible, but no later than fifteen (15) days from the date of the request submission.

To exercise these rights, you can contact us by email at help@kobumura.com, or by referring to the contact details at the bottom of this document. If you have a complaint about how we handle your data, we would like to hear from you.

13. DO VIRGINIA RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of Virginia, you may be granted specific rights regarding access to and use of your personal information.

Virginia CDPA Privacy Notice

Under the Virginia Consumer Data Protection Act (CDPA):

“Consumer” means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

“Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. “Personal data” does not include de-identified data or publicly available information.

“Sale of personal data” means the exchange of personal data for monetary consideration.

If this definition “consumer” applies to you, we must adhere to certain rights and obligations regarding your personal data.

The information we collect, use, and disclose about you will vary depending on how you interact with us and our Services. To find out more, please visit the following sections:

Your rights with respect to your personal data

  • Right to be informed whether or not we are processing your personal data
  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a copy of the personal data you previously shared with us
  • Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”)

We have not sold any personal data to third parties for business or commercial purposes. We will not sell personal data in the future belonging to website visitors, users, and other consumers.

Exercise your rights provided under the Virginia CDPA

More information about our data collection and sharing practices can be found in this privacy notice.

You may contact us by email at help@kobumura.com, by submitting a data subject access request, or by referring to the contact details at the bottom of this document.

If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.

Verification process

We may request that you provide additional information reasonably necessary to verify you and your consumer's request. If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request.

Upon receiving your request, we will respond without undue delay, but in all cases, within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. We will inform you of any such extension within the initial 45-day response period, together with the reason for the extension.

Right to appeal

If we decline to take action regarding your request, we will inform you of our decision and reasoning behind it. If you wish to appeal our decision, please email us at help@kobumura.com. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may contact the Attorney General to submit a complaint.

14. DO COLORADO AND CONNECTICUT RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?

In Short: Yes, if you are a resident of Colorado or Connecticut, you may be granted specific rights regarding access to and use of your personal information.

Colorado Privacy Act (CPA) Notice

Under the Colorado Privacy Act (CPA), Colorado residents have the following rights regarding their personal data:

  • Right to access your personal data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a portable copy of your personal data
  • Right to opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

We have not sold any personal data to third parties for business or commercial purposes. We will not sell personal data in the future belonging to website visitors, users, and other consumers.

To exercise your rights under the CPA, you may contact us by email at help@kobumura.com or by referring to the contact details at the bottom of this document. We will respond to your request within forty-five (45) days of receipt. If we decline to take action, you may appeal our decision by contacting us, and we will respond to your appeal within forty-five (45) days. If your appeal is denied, you may contact the Colorado Attorney General to submit a complaint.

Connecticut Data Privacy Act (CTDPA) Notice

Under the Connecticut Data Privacy Act (CTDPA), Connecticut residents have the following rights regarding their personal data:

  • Right to confirm whether we are processing your personal data and to access such data
  • Right to correct inaccuracies in your personal data
  • Right to request deletion of your personal data
  • Right to obtain a portable copy of your personal data
  • Right to opt out of the processing of your personal data for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects

We have not sold any personal data to third parties for business or commercial purposes. We will not sell personal data in the future belonging to website visitors, users, and other consumers.

To exercise your rights under the CTDPA, you may contact us by email at help@kobumura.com or by referring to the contact details at the bottom of this document. We will respond to your request within forty-five (45) days of receipt. The response period may be extended once by forty-five (45) additional days when reasonably necessary. If we decline to take action, you may appeal our decision by contacting us, and we will respond to your appeal within sixty (60) days. If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint.

15. DO WE MAKE UPDATES TO THIS NOTICE?

In Short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Last updated” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

16. HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may email us at help@kobumura.com or contact us by post at:

Kobumura LLC
2631 Housley Road #1212
Annapolis, MD 21401
United States

Website: saveyourtheapp.com

17. HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

You have the right to request access to the personal information we collect from you, change that information, or delete it.

You may exercise these rights in the following ways:

  • In-App Controls: Use the app's settings to review your account information, unlink retailer accounts, delete synced purchase data, or export your data.
  • Data Export: Use the built-in data export feature to obtain a copy of your data.
  • Contact Us: Submit a data subject access request by emailing us at help@kobumura.com or by writing to us at the address listed above.

We will respond to your request in accordance with applicable data protection laws.