Privacy Policy

1. Information We Collect

When you use Easy Finance, we collect the following information:

• Account information: Your name, email address, and profile picture (when you sign up via Google or email).
• Financial data: Income, expense, investment, recurring payment, loan, insurance, budget, and planner records that you enter into the app.
• Family data: Family member names, relationships, dates of birth, PAN (stored masked), Aadhaar (stored masked), and financial details if you use the family feature.
• Documents: Financial documents you upload to the document vault (Form 16, PAN, Aadhaar, investment proofs, loan documents, etc.).
• Will & legacy data: Digital will content, nominee details, and associated documents if you use the Will feature.
• Scanned images: Payment screenshots or receipts you capture or upload for AI-based transaction extraction.
• Usage data: Pages visited, features used, and general interaction patterns to improve the app.
• Activity logs: All actions performed in the app are logged with timestamps and IP addresses for security auditing.

2. How We Use Your Information

We use your information to:

• Provide and maintain the Easy Finance service.
• Display your financial summaries, reports, and dashboards.
• Enable family finance features including shared expense tracking, fund management, and per-member tax calculations.
• Process receipt images through AI to extract transaction details (amount, merchant, date, category).
• Compute tax summaries under Indian Income Tax Act rules (Old vs New Regime).
• Send transactional emails such as family invitations, CA invitations, and member share requests.
• Provide daily financial tips and track gamification progress in Money Mantra.
• Improve the app based on aggregate usage patterns.

3. Data Storage and Security

Your data is stored securely on Supabase (backed by PostgreSQL) with Row Level Security (RLS) policies ensuring that only you (and your family admin, if applicable) can access your data. All data is transmitted over HTTPS with TLS 1.3 encryption and encrypted at rest using AES-256.

We do not store your passwords. Authentication is handled via Supabase Auth with secure session management. MPIN for page-level locks is hashed using bcryptjs and verified locally on your device.

Will and legacy documents receive additional AES-256 encryption at rest. Access to will data requires a separate email OTP verification with a 15-minute session time-to-live.

4. CA (Chartered Accountant) Data Sharing

If you use the CA Access feature, you may choose to share specific sections of your financial data with a Chartered Accountant. This sharing is:

• Consent-based: You explicitly invite a CA and select which data sections to share.
• Section-gated: The CA can only view sections you have granted access to (e.g., income, expenses, tax data, documents).
• Member-approved: If a family admin shares a member's data with a CA, that member must individually approve the request before any data is accessible.
• Revocable: You can revoke CA access at any time, immediately cutting off their ability to view your data.

5. AI & Image Processing

The Scan & Import feature uses Google Generative AI (Gemini) to analyse receipt and payment screenshots. When you scan a receipt:

• The image is sent to Google's Gemini API for processing.
• Only the image is transmitted — no other account or financial data is included.
• Google does not retain or use your images for model training (per Google's API terms of service).
• Extracted data (amount, merchant, date) is returned to your device for review before saving.

Your financial data is never used for AI model training by Easy Finance or any third party.

6. Planner & Udhar Data

The Planner feature stores shopping lists, expense plans, and udhar (lend/borrow) records. Udhar entries may include the names of people you lend to or borrow from. This data is stored with the same user-scoped RLS protections as all other data and is not shared with any third party.

7. Data Sharing with Third Parties

We do not sell, rent, or share your personal or financial data with third parties for marketing purposes. Your data is shared only with:

• Supabase: Our database, authentication, and file storage provider.
• Resend: For sending invitation and notification emails (only your email address is shared).
• We share your registered email address with Resend solely to deliver billing receipts and tax invoices. Resend processes this data under its own privacy policy and does not use it for any other purpose.
• Google Generative AI: When you use Scan & Import, receipt images are sent for AI extraction (see Section 5).
• Stripe: For subscription billing. Stripe receives your email and payment details; we do not store credit card numbers.
• If you pay via UPI Autopay, Stripe India collects your UPI Virtual Payment Address (VPA) to set up a recurring NACH mandate for subscription renewal. This mandate is stored by Stripe and governed by NPCI regulations. Easy Finance does not store your UPI VPA.
• Sentry: For error monitoring. Only stack traces and performance metrics are sent — no PII, financial data, or auth tokens.
• Vercel: Our hosting provider, which may collect anonymised analytics data.

8. MPIN & Local Security

Easy Finance offers optional page-level and item-level MPIN locks for sensitive sections of the app. Your MPIN is:

• Hashed using bcryptjs before storage.
• Verified locally on your device — the plain MPIN is never transmitted to our servers.
• Session-based — you re-enter it per session for locked pages.

9. Camera & Device Access

The Scan & Import feature may request access to your device camera to capture payment screenshots. Camera access is:

• Requested only when you initiate a scan.
• Used solely for capturing receipt/payment images.
• Never accessed in the background — the camera is active only while the scan page is open.

10. Cookies

We use cookies only where they are strictly necessary for the service to work:

We do not use advertising cookies, third-party tracking, or profiling cookies. Our analytics tool (Vercel Analytics) is cookieless — it never stores data in your browser.

Under the Digital Personal Data Protection Act, 2023, these cookies are classified as strictly necessary and do not require your prior consent. You can disable them in your browser settings, but the site will not function correctly without them.

11. Your Rights Under DPDPA 2023

Under the Digital Personal Data Protection Act, 2023 (India) and applicable privacy laws, you have the right to:

• Access: View all personal data stored in Easy Finance at any time through the app.
• Correction: Edit your profile, records, and financial data directly.
• Erasure: Delete your account and all associated data from Settings. Data is permanently removed within 30 days.
• Portability: Export your financial records as CSV files from Reports or Settings.
• Consent withdrawal: Revoke CA access, leave families, or disable features at any time.
• Grievance redressal: Contact us at the address below for any privacy concerns.

12. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal and financial data — including documents, will records, planner items, and activity logs — will be permanently removed within 30 days.

13. Children's Privacy

Easy Finance is not intended for children under the age of 18. We do not knowingly collect personal data from children. The family feature allows adding dependents (children) by name only, managed by the family admin.

14. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated “Last updated” date. Continued use of Easy Finance after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this privacy policy or your data, please contact us at privacy@easyfinance.app.