Privacy Policy

Last updated: April 12, 2026 • Version 1.0

DhanRakh ("we", "our", "us") is committed to protecting your privacy. This policy explains how we collect, use, store, and protect your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and Google Play Store requirements.

1. Data We Collect

Data Type	What	Why
Account info	Google account email, display name, profile photo	Authentication & account identification
Financial transactions	Amount, category, date, payment method, notes, merchant	Core expense tracking functionality
UPI notifications	Payment notification text from major Indian payment apps	Auto-import of digital transactions (with your permission)
Voice recordings	Audio processed on-device via speech-to-text	Voice expense entry. Audio is NEVER uploaded to our servers.
Device info	Device model, OS version, app version	Crash reporting (anonymized) and support troubleshooting
Financial documents	Receipts (photos), scanned notebooks	Receipt attachment, OCR scan features

2. How We Use Your Data

Expense tracking, budgeting, and financial reporting
AI-generated financial health narratives (Pro plan — processed securely on edge servers, never stored)
Tax estimation and CA export generation
Push notifications for bill reminders, budget alerts, and nudges
Anonymized, aggregated analytics to improve the product (no individual tracking)

3. Data Storage & Security

Server: Core user, financial, and payment-related persistent data is stored in India-hosted infrastructure only. Data encrypted at rest (AES-256) and in transit (TLS 1.3).
Local device: Encrypted local database accessible only within the app sandbox.
Access control: Database-level security policies ensure you can only access your own data, verified by your authentication token.
PIN & Biometric: Local app lock via 4-digit PIN + optional fingerprint/face unlock. PIN verified server-side without storing plaintext.
Cloud backups: Optional backup to your own Google account storage is user-controlled. DhanRakh does not maintain an independent non-India backup copy of your regulated financial dataset.
Cross-border processing (limited): Some AI inference requests may be processed transiently outside India for feature delivery. These flows are designed for transient processing only and not for persistent storage of your regulated financial records.

4. Data Sharing

We never sell your data. We share data only with these service providers, strictly for functionality:

Service	Purpose	Data Shared
Edge AI Service	AI financial narrative generation	Minimized request payloads for transient processing; no persistent storage of regulated financial records in this flow
PCI-DSS Certified Payment Gateway	Subscription payments	Payment details processed via PCI-DSS compliant gateway
Privacy-first Analytics	Website analytics	Anonymous page views — no cookies, no tracking

5. Your Rights (DPDPA 2023)

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

Right to Access: Export all your data anytime via Settings → Export Data (CSV/PDF).
Right to Correction: Edit any transaction, budget, or personal information directly in the app.
Right to Erasure: Delete your entire account via Settings → Delete Account. All data is cascade-deleted within 48 hours. This is irreversible.
Right to Data Portability: Full CSV and PDF export of all financial data.
Right to Nominate: Designate a trusted contact for emergency access (Pro plan).

6. Data Retention

Active account: Data retained indefinitely while your account is active.
Deleted account: All personal data cascade-deleted within 48 hours of account deletion.
Audit logs: Retained for 90 days for security purposes, then permanently deleted.
Backups: Server backups may contain deleted data for up to 7 days (point-in-time recovery), after which it is purged.

7. Consent

We collect explicit, informed consent at signup (DPDPA Section 6). The consent version is tracked in our database. You can withdraw consent at any time by deleting your account. Consent is required for:

Financial data collection and processing
Notification access for auto-import (separate opt-in)
Camera access for receipts/OCR (granted per-use by Android)

8. Children

DhanRakh is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we discover a user is under 18, we will delete their account and data.

9. Cookies

The DhanRakh website (dhanrakh.in) uses Cloudflare Web Analytics, which is privacy-respecting and does not use cookies. No advertising cookies, no tracking cookies, no third-party cookies.

10. Breach Notification

In the event of a data breach affecting your personal data, we will notify you within 72 hours per DPDPA 2023 requirements, via push notification and email.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be communicated via an in-app notification and updated on this page. The "Last updated" date at the top reflects the latest revision.

12. Contact

For privacy concerns, data requests, or questions:

Email: support@dhanrakh.in
Response time: Within 48 business hours

Data Protection Officer: support@dhanrakh.in

13. India Data Residency Statement

Persistent storage of regulated personal, financial, and payment-related data is restricted to India-hosted systems. Where transient cross-border processing is used for limited feature execution (for example, AI inference), it is handled under controlled processing rules and not used for persistent storage of regulated records.

14. Languages

This privacy policy is available in English (legally binding). A Hindi translation is available in the app for convenience — in case of conflict, the English version prevails.