🔒 InFin4U

Privacy Policy

Last updated: April 2025  |  Effective from: April 2025

InFin4U is a personal finance management application. We take your privacy seriously. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

• Account data: Username, hashed PIN (never stored in plain text), email address, phone number (optional).
• Financial data: Income, expenses, investments, loans, bank accounts, goals, tax entries, insurance — all entered by you.
• Profile data: Name, date of birth, employer name, salary details — entered voluntarily by you.
• Uploaded documents: Files you upload to the Documents section are stored on our server.
• Usage data: Session information, last login timestamp — used only for security and session management.

2. How We Use Your Data

• To provide and operate the InFin4U service.
• To send you in-app and email notifications about EMI due dates, insurance expiry, budget alerts, and goal milestones — only if you opt in.
• To process subscription payments via Razorpay.
• To improve the app based on aggregated, anonymised usage patterns.

We do not sell your data to third parties. We do not use your financial data for advertising.

3. Data Storage and Security

• All data is stored in a MySQL database hosted on Hostinger servers (India/EU data centres).
• All connections are encrypted via HTTPS/TLS.
• PINs are hashed using bcrypt and are never stored or transmitted in plain text.
• Session cookies are marked HttpOnly and Secure, preventing JavaScript access and HTTP transmission.
• Login rate limiting is enforced to prevent brute-force attacks.

4. Third-Party Services

• Razorpay: Payment processing for Pro subscriptions. Razorpay's own privacy policy applies to payment data. We store only the payment ID and order ID — never your card details.
• We do not use Google Analytics, Facebook Pixel, or any external tracking scripts.

5. Data Retention

Your data is retained as long as your account is active. You can delete your account and all associated data at any time (see Section 7). After deletion, data is removed within 7 days.

6. Cookies

InFin4U uses a single session cookie for authentication. This cookie is essential for the app to function and does not track you across websites. We do not use advertising cookies or third-party tracking cookies.

7. Your Rights (GDPR / DPDP Act)

• Right to access: Export all your data as CSV from the Export page.
• Right to erasure: Delete your account and all data from Profile → Danger Zone.
• Right to correction: Edit any data directly within the app at any time.
• Right to portability: Export your data in CSV format.

8. Children

InFin4U is not intended for users under 18 years of age. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via in-app notification. Continued use after changes constitutes acceptance.

10. Contact

For privacy-related queries, email us at: contact us here. We aim to respond within 7 business days.