Skip to content
Features Pricing Security Coming Soon About Get Early Access

Privacy Policy

Your data is yours.

Last updated · 2026-05-01

This Privacy Policy describes how Fincard (operated via localhost, hereafter "Fincard", "we", "us") collects, uses, stores, and protects information about you when you use our website and product. It is aligned with the requirements of India's Digital Personal Data Protection Act, 2023 ("DPDP Act").

1. Who we are

Fincard is a personal financial health tracker that computes 8 financial health ratios from data entered by you. We are an educational tool — we are not a SEBI-registered investment adviser, and we do not provide investment advice or earn commissions from financial institutions.

2. What we collect

We collect only what is necessary to provide the service:

  • Account data: your name, email address, and city.
  • Financial figures you enter: income, expenses, assets, liabilities, insurance coverage, and similar inputs used to compute your ratios. We do not connect to your bank, broker, or any other financial account. We do not "screen-scrape" or use account-aggregator integrations.
  • Usage data: pages you visit, features you use, time spent, and similar product-analytics data. We use this in aggregate to improve the product.
  • Device data: browser type, OS, screen size, IP address (stored only as a salted, one-way hash for security purposes).
  • Communications: emails you send to support, and the contents of any feedback you submit.

3. How we use it

  • To compute your financial health ratios and generate AI explanations.
  • To track your progress over time and produce monthly trend reports.
  • To improve the product — fix bugs, prioritise features, benchmark ratios for Indian salaried professionals (in aggregate, never tied to you individually).
  • To send you transactional emails (account, password reset, payment receipts) and, if you opt in, occasional product updates.
  • To detect and prevent abuse, fraud, and security incidents.

4. Never sold to third parties

We do not sell, rent, or trade your personal data — including your financial inputs — to advertisers, data brokers, financial institutions, or any other third party. Period.

5. Data storage and security

  • Encryption at rest: all personal data and financial inputs are encrypted at rest using industry-standard AES-256.
  • Encryption in transit: all traffic between your browser and our servers is encrypted via TLS 1.2+.
  • Hosting location: our production data is hosted in data centres located in India and the European Union. We do not transfer your personal data to jurisdictions that do not provide an adequate level of protection.
  • Access controls: only a small set of authorised engineers can access production systems, and access is logged.
  • Backups: encrypted, time-bounded, and rotated.

6. Your rights under India's DPDP Act, 2023

You have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Erase your account and the personal data associated with it;
  • Grievance redressal — to nominate a person to exercise these rights on your behalf, and to raise a grievance with our Data Protection Officer;
  • Withdraw consent at any time for processing based on consent.

To exercise any of these rights, email privacy@fincard.ai. We will respond within the timelines required by the DPDP Act.

7. Cookies and analytics

We use a small number of first-party cookies for essential functions (session management, security, CSRF protection). We use PostHog for product analytics in a privacy-respecting configuration: IP addresses are anonymised before storage, and we do not enable session-replay on the marketing site.

You can disable cookies in your browser; some features will not work without them.

8. Third-party services

We rely on a small set of trusted vendors to operate the service:

  • Razorpay — payment processing for subscriptions. Your card details are entered directly with Razorpay; we never see or store them.
  • PostHog — product analytics (anonymised).
  • An email-delivery provider (e.g., Postmark, Resend, or AWS SES) — for transactional emails. We share only the minimum data required to deliver the email.

None of these vendors are permitted to use your data for their own marketing purposes.

9. SEBI-related note

Because we are not a SEBI-registered investment adviser, and because we do not need to share data with any financial institution to operate the product, we do not share your financial data with any bank, broker, insurance company, mutual fund house, NBFC, or other financial institution. Not even with the local professionals listed on the future Fincard Advisor Network — they receive only the contact information you explicitly choose to share with them.

10. Children

Fincard is not intended for individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please email privacy@fincard.ai and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be announced via email and via an in-product notification. The "Last updated" date above always reflects the most recent change.

12. Contact

For privacy questions, data-access requests, or grievances, email privacy@fincard.ai or hello@fincard.ai.