MyFolio360

DPDP Act 2023 · Compliant

Privacy Policy

Last updated: April 2026 · v1.0

1. Data We Collect

  • Identity: name & email, from your Google account
  • Financial data: transaction descriptions, amounts, merchant names, member details — only what you enter
  • Device info: to secure your login and prevent fraud (IP, user-agent, session timestamps)
  • AI planner context: your financial snapshot is sent to Claude Sonnet 4.5 only when you click Run
  • Payment data: processed by Stripe — we only see a confirmation, never your card details

2. Purpose of Collection

We collect this data solely to provide automated budgeting, expense tracking, and financial insights. We do not sell your data to third-party lenders or insurance companies without your explicit, separate consent.

3. Data Localisation

In compliance with RBI guidelines, all financial and personal data of Indian residents is stored on secure servers provided by our managed-infrastructure partner. We are actively confirming India-region residency with our hosting provider; this policy will be updated before general availability.

4. Your Rights (Data Principals)

Under the DPDP Act 2023, you have the right to:

  • Access a summary of your data — use Settings → Export my data.
  • Correct or update inaccurate info — edit any record in-app.
  • Right to be Forgotten — request permanent deletion of your account and all data via Settings → Delete Account. This takes effect immediately and is irreversible.
  • Revoke consent for optional processing (e.g. AI planner, analytics) — as easy as giving it, under Settings → Privacy.

5. Data Breach Protocol

In the unlikely event of a data breach, MyFolio360 will notify the Data Protection Board and affected users within 72 hours of discovery, per DPDP §8(6).

6. Grievance Officer

For any privacy concern, contact our Grievance Officer — we acknowledge within 24 hours and resolve within 15 days. See the Grievance page for full contact details.

7. Changes to this Policy

Material changes will be notified via email and an in-app banner. Continued use after the effective date constitutes acceptance.