Privacy Policy
Last updated: March 14, 2026
1. Data Fiduciary
Finucity AI Pvt Ltd ("Finucity", "we", "us") is the Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act). We are responsible for the processing of your personal data as described in this policy.
2. Data Storage
All personal data is stored exclusively in India on servers located in the ap-south-1 (Mumbai) region through our infrastructure provider Supabase. We do not transfer personal data outside India unless required by law or with your explicit consent.
3. Data We Collect
- Account information (name, email, phone number, city)
- Financial queries and AI chat conversations
- Tax documents you upload to our platform
- Calculator inputs and results (anonymised)
- Usage analytics and device information
- Payment transaction details (processed by Razorpay)
4. Consent Types
Under the DPDP Act 2023, we collect the following consents:
- Data Processing (Required) — Process your data to provide financial services
- Marketing Communications (Optional) — Tax deadline reminders and financial tips
- Profile Sharing with CAs (Optional) — Share your profile with CAs you contact
- Third-Party Analytics (Optional) — Anonymised usage data for platform improvement
- Financial Advisory (Optional) — Personalised financial guidance based on your data
- Document Storage (Optional) — Store your uploaded tax documents securely
- AI Training Data (Optional) — Use anonymised data to improve AI responses
You can manage all consents in your account Settings > Privacy & Consent at any time.
5. Your Rights Under DPDP Act 2023
- Right to Access — Request a copy of all your personal data
- Right to Correction — Request correction of inaccurate data
- Right to Erasure — Request deletion of your data (subject to legal retention requirements)
- Right to Grievance Redressal — File a complaint with our Grievance Officer
- Right to Withdraw Consent — Withdraw any optional consent at any time
6. Data Retention
Financial correspondence is retained for 8 years as required by RBI guidelines. Non-financial data is retained as long as your account is active. Upon account deletion, all non-regulated data is permanently deleted within 30 days.
7. Grievance Officer
Name: Grievance Officer, Finucity AI Pvt Ltd
Email: grievance@finucity.com
Response Time: Within 72 hours of receipt
Resolution: Within 30 days as per DPDP Act requirements
8. Consent Withdrawal
You may withdraw any optional consent at any time by visiting Settings > Privacy & Consent. Withdrawal of the mandatory "Data Processing" consent will require account deletion, as we cannot provide services without processing your data.
9. Data Security
We use 256-bit AES encryption for data at rest and TLS 1.3 for data in transit. Access to personal data is restricted to authorised personnel only. We conduct regular security audits and penetration testing.
10. Changes to This Policy
We will notify you of significant changes via email and in-app notification at least 30 days before they take effect. Continued use of the platform after changes constitutes acceptance.