Privacy Policy

Last updated: 16 June 2026 | Effective from: 16 June 2026

This Privacy Policy explains how FinXure ("FinXure", "we", "us", or "our") collects, uses, stores, shares, and protects your personal data when you use our website, application, and related services (together, the "Service").

FinXure is a personal finance tracking and management application built for individuals and households in India. We take your privacy seriously, and this policy is written to be read and understood — not to hide behind legal jargon.

For the purposes of India's Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025, FinXure is the Data Fiduciary and you (the user) are the Data Principal. Where the EU/UK General Data Protection Regulation (GDPR) applies to you, FinXure acts as the Data Controller for your account data.

By creating an account or using the Service, you acknowledge that you have read and understood this Privacy Policy.

1. Who We Are

FinXure is a personal finance service operated from Chennai, Tamil Nadu, India ("the Operator").

Website: https://finxure.space
Privacy / Grievance contact: team@finxure.space
Contact form: finxure.space/contact.php

If you have any questions, requests, or complaints about your data, you can reach us using the details above.

2. The Data We Collect

We only collect data that is necessary to operate the Service. We do not connect to your bank, and we never ask for your banking credentials, card PINs, internet-banking passwords, or OTPs. Everything in your financial record is information you choose to enter yourself.

2.1 Account data

Username / display name
Email address (used for login recovery and notifications)
Phone number (optional)
Your numeric login PIN — stored only as a bcrypt hash, never in plain text and never recoverable by us

2.2 Profile and "Financial DNA" data

Information you enter to personalise your dashboard, which may include your name, date of birth, age, employment type, employer name, salary range, city, and household/family details.

2.3 Financial data (entered by you)

Income, expenses, budgets, investments (FD, MF, PPF, EPF, NPS, LIC, stocks, bonds, gold, RBI Bonds, etc.), loans and EMIs, insurance policies, savings goals, tax entries (80C / 80D / 80CCD, HRA, old vs new regime inputs), and related notes.

2.4 Uploaded documents

Any files you upload to the Documents section are stored on our servers and associated with your account.

2.5 Payment data (Pro plan only)

If you subscribe to FinXure Pro, payment is processed by Razorpay. We receive and store only a payment ID and order ID to confirm your subscription. We never receive or store your card number, CVV, UPI PIN, or bank credentials — those are handled entirely by Razorpay.

2.6 Contact form data

If you use our contact form, we collect the name, email address, and message you submit, solely to respond to you.

2.7 Technical and usage data

Session information and last-login timestamp (for security and session management)
Server logs that may include IP address, browser type, and timestamps, generated automatically for security, debugging, and abuse prevention
A single essential session cookie (see Section 7)

We do not use Google Analytics, Meta/Facebook Pixel, advertising trackers, or any third-party behavioural tracking scripts.

2.8 Demo account

The live demo uses a shared account preloaded with fictional sample data. Please do not enter real personal or financial information into the demo, as it is accessible to anyone trying it.

3. How and Why We Use Your Data

We use your data only for the following purposes:

Purpose	Examples
To provide the Service	Storing and displaying your finances, calculating net worth, cash flow, tax estimates, and health scores
To secure your account	Authenticating logins, hashing PINs, rate-limiting, detecting abuse
To communicate with you	EMI due dates, insurance expiry, budget alerts, goal milestones, and service notices — notification alerts are sent only where you have opted in
To process payments	Confirming and managing Pro subscriptions via Razorpay
To respond to you	Replying to contact-form messages and support requests
To improve the Service	Diagnosing errors and understanding usage through aggregated, anonymised patterns that cannot identify you
To comply with law	Meeting legal, tax, and regulatory obligations

We do not sell your personal data. We do not use your financial data for advertising or profiling for marketing.

4. Legal Basis for Processing

We process your data on the following bases:

Consent (DPDP Act / GDPR Art. 6(1)(a)): You provide consent when you register and enter data. This consent is free, specific, informed, and unambiguous, and you may withdraw it at any time.
Performance of a contract (GDPR Art. 6(1)(b)): Processing necessary to deliver the Service you signed up for.
Legitimate interests (GDPR Art. 6(1)(f)): Limited processing for security, fraud prevention, and service improvement, balanced against your rights.
Legal obligation (GDPR Art. 6(1)(c)): Where we must retain or disclose data to comply with applicable law.

Withdrawing consent does not affect processing already carried out, and may mean we can no longer provide some or all of the Service.

5. Where Your Data Is Stored and How We Protect It

Your data is stored in a MySQL database on managed cloud hosting infrastructure (Hostinger). We rely on our hosting provider's physical and network security and process data on their servers as our data processor.

Security measures we apply include:

Encryption in transit: All connections use HTTPS / TLS.
PIN hashing: Login PINs are hashed with bcrypt and are never stored, logged, or transmitted in plain text.
Session protection: Session cookies are set with HttpOnly and Secure flags, preventing JavaScript access and transmission over insecure connections.
Brute-force protection: Login attempts are rate-limited.
Access control: Each user — including each member of a family account — can access only their own data.

No method of transmission or storage is ever 100% secure. While we take reasonable and appropriate technical and organisational safeguards, we cannot guarantee absolute security, and we encourage you to keep your PIN confidential and to maintain your own backups of important financial information (you can export your data at any time).

A note on "your data stays on your server": Some FinXure marketing uses the phrase "your data stays on your server." In the standard hosted version of FinXure, your data is stored on our managed hosting infrastructure described above, not on a server you personally own. This policy reflects how the hosted Service actually works.

6. Sharing and Disclosure

We do not sell, rent, or trade your personal data. We share data only in these limited situations:

Service providers (data processors): Our hosting provider (Hostinger) and payment processor (Razorpay) process data strictly to operate the Service on our behalf. Razorpay's handling of payment data is governed by Razorpay's own privacy policy.
Legal requirements: Where required by valid law, court order, or government request, or to protect the rights, safety, and security of users and the Service.
Business transfer: If the Service is ever transferred to another operator, your data may be transferred as part of that, subject to this policy.

We do not transfer your data to any third party for their own marketing.

7. Cookies

FinXure uses a single essential session cookie for authentication and to keep you logged in. It is strictly necessary for the Service to function and does not track you across other websites. We do not use advertising or third-party tracking cookies.

8. Data Retention and Erasure

We retain your data for as long as your account remains active.
When you delete your account, your personal and financial data is permanently removed from our active systems within 7 days. Residual copies in encrypted backups are overwritten in the ordinary backup rotation.
In line with the DPDP Rules, 2025, we erase personal data once the purpose for which it was collected is no longer being served, unless we are required to retain it to comply with law.
We may retain minimal records (such as a payment/order ID) for the period required by tax and accounting law.

9. Your Rights

Depending on where you live, you have rights under the DPDP Act, 2023 / DPDP Rules, 2025 (India) and/or the GDPR. FinXure honours the following rights for all users:

Right to access / data portability: Download a complete JSON export of your data at any time (always free). Pro users can additionally export as CSV.
Right to correction: Edit or update any of your data directly within the app at any time.
Right to erasure: Delete your account and all associated data from Profile → Danger Zone.
Right to withdraw consent: Withdraw consent for processing or for optional notifications at any time.
Right to grievance redressal: Raise a complaint with us and receive a response (see Section 11).
Right to nominate (DPDP Act): You may nominate another individual to exercise your rights in the event of your death or incapacity. Contact us to record a nomination.
GDPR-specific rights (for users in the EU/UK): the right to restrict or object to processing, and the right to lodge a complaint with your local supervisory authority.

To exercise any right that isn't self-service in the app, contact us at team@finxure.space. We aim to respond within 7 business days and in any case within the timeframes required by applicable law.

10. Data Breach Notification

If a personal data breach occurs that affects you, we will act promptly to contain it and will notify affected users and the Data Protection Board of India in accordance with the timelines set out in the DPDP Rules, 2025. Our notice will describe, in plain language, the nature of the breach, the data involved, the measures we are taking, and steps you can take to protect yourself.

11. Grievance Redressal

If you have a complaint about how your data is handled, you can contact our grievance point of contact:

Grievance Officer: FinXure
Email: team@finxure.space
Contact form: finxure.space/contact.php

We will acknowledge your complaint and respond within the timelines required under applicable Indian law. If you are not satisfied with our response, you may escalate to the Data Protection Board of India.

12. Children

FinXure is open to users aged 13 and above. Users under 18 should have the consent of a parent or guardian before registering. We do not knowingly collect personal data from children under 13. If we learn that we have collected data from a person under 13, we will delete it promptly. If you believe a child under 13 has provided us data, please contact us at team@finxure.space.

13. International Users and Transfers

FinXure is built for and operated from India, and your data is primarily processed in India. If you access the Service from outside India, you understand that your data will be processed in India and on our hosting provider's infrastructure. Cross-border transfers, where they occur, are made in accordance with applicable law, including the transfer provisions of the DPDP Rules, 2025.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will always reflect the latest version. Significant changes will be communicated through an in-app notification or by email. Your continued use of the Service after a change takes effect constitutes acceptance of the updated policy.

15. Contact

For any privacy-related query or request:

Email: team@finxure.space
Contact form: finxure.space/contact.php

We aim to respond within 7 business days.

FinXure — Smart personal finance for Indian households. Private, secure, and built for the way India manages money.