Privacy Policy

Finkoin ("we", "us", "our") is a personal finance analysis platform operated from India. Our website is located at finkoin.com.

For privacy-related queries, contact us at: privacy@finkoin.com

2.1 Data You Provide

When you use Finkoin, we collect:

• Account information: Name, email address, and password (encrypted) when you create an account.
• Financial numbers: Monthly income, expense amounts, loan EMI amounts, insurance premium amounts, savings balances, and investment values.
• Profile information: Age, city tier, life stage (single/married/etc), and financial goals.
• Payment information: For paid features, we process payments through Razorpay. We do not store your card or bank details. Razorpay handles all payment data.

2.2 What We Never Collect

2.3 Automatically Collected Data

• Usage data: Pages visited, features used, and time spent on the platform.
• Device information: Browser type, operating system, and IP address for security purposes.
• Cookies: Session cookies to keep you logged in. No advertising cookies.

We use your data to:

• Calculate your financial health score and analysis
• Generate your personalised financial plan
• Share with our AI system (Groq) to generate personalised explanations — only financial numbers, never identity data
• Send you important account notifications and updates
• Process payments for paid features
• Improve our product and fix bugs
• Comply with legal obligations

We never use your data for: advertising, selling to third parties, credit scoring, or any purpose beyond what is listed above.

Finkoin uses artificial intelligence to generate personalised financial plans. Here is how it works:

• Your financial numbers are sent to Groq AI (a US-based AI service) to generate personalised explanations.
• Only numerical financial data is shared — never your name, email, PAN, Aadhaar, or any identity information.
• Groq processes data under their privacy policy available at groq.com/privacy.
• AI-generated content is for educational purposes only and does not constitute SEBI-registered investment advice.

Your data is stored securely using industry-standard practices:

• Database: Supabase (PostgreSQL) hosted on AWS Singapore region — data stays within Asia Pacific.
• Encryption at rest: All data is encrypted using AES-256 encryption.
• Encryption in transit: All connections use TLS 1.3 / HTTPS.
• Authentication: Secure JWT tokens with automatic expiry and refresh rotation.
• Row Level Security: Database-level security ensures you can only access your own data.
• Access control: Only essential team members can access production systems, with audit logging enabled.

Despite our best efforts, no system is 100% secure. If you discover a security vulnerability, please report it to security@finkoin.com immediately.

We share your data only with:

• Groq AI: Financial numbers only (no identity data) for AI analysis.
• Razorpay: Payment processing for paid features. They handle payment data under their own privacy policy.
• Supabase: Infrastructure provider for database and authentication.
• Vercel: Hosting provider for our web application.

We never sell your data to advertisers, data brokers, insurance companies, banks, or any third party.

Under India's Digital Personal Data Protection Act 2023, you have the following rights:

• Right to access: Request a copy of all personal data we hold about you.
• Right to correction: Update incorrect or incomplete data in your account settings.
• Right to erasure: Request deletion of your account and all associated data. We will process deletion within 30 days.
• Right to withdraw consent: Withdraw your consent for data processing at any time by deleting your account.
• Right to grievance redressal: File a complaint with our Grievance Officer.

To exercise any of these rights, email us at privacy@finkoin.com with subject line "Data Rights Request".

Grievance Officer

As required under DPDP Act 2023 and IT Act 2000:
Name: Himanshu Kumar
Email: grievance@finkoin.com
Response time: Within 30 days

We use minimal cookies:

• Essential cookies: Authentication session cookies required for login to work. Cannot be disabled.
• Preference cookies: Save your form progress and calculator data locally.

We do not use: advertising cookies, cross-site tracking cookies, or social media tracking pixels.

We use Google Analytics to understand how users use Finkoin. This collects anonymous usage data including pages visited, time spent, and general location. No personal financial data is shared with Google Analytics.

• Active accounts: Data retained while your account is active.
• Deleted accounts: All personal data deleted within 30 days of account deletion request. Anonymised statistical data may be retained.
• Payment records: Retained for 7 years as required by Indian tax laws.
• Inactive accounts: Accounts with no activity for 3 years may be deleted after prior email notice.

Finkoin is not intended for users under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, please contact us at privacy@finkoin.com and we will delete it immediately.

We may update this Privacy Policy from time to time. When we make significant changes:

• We will update the "Last updated" date at the top of this page.
• We will notify you by email if the changes materially affect your rights.
• For significant changes requiring re-consent, you will see a consent prompt on your next login.

For any privacy-related questions or concerns: