Privacy Policy
Last Updated: January 31, 2026 | Version 1.0
1. Introduction
Welcome to FINNCAL ("we," "our," or "us"). We are committed to protecting your personal data and your right to privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our financial planning platform at finncal.com.
This policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.
2. Who We Are
FINNCAL is a financial planning platform designed for Indian users to help calculate retirement "Freedom Numbers" and plan for financial independence.
Contact Information:
- Website: https://finncal.com
- Email: freedom@finncal.com
3. What Personal Data We Collect
We collect the following categories of personal data:
3.1 Account Information
- Email address (required for authentication)
- Name (optional)
- Password (stored in encrypted form, if applicable)
3.2 Financial Planning Data
This is data you voluntarily enter to use our planning tools:
- Current age and retirement age goals
- Annual income details
- Monthly expense details
- Current savings and investments
- Investment allocation preferences
- City/location preferences for retirement
- Risk tolerance preferences
- Portfolio holdings (stocks, mutual funds, etc.)
3.3 Technical/Usage Data
- Device information (browser type, operating system)
- IP address
- Pages visited and features used
- Time spent on platform
- Cookies and similar technologies
4. How We Collect Your Data
We collect personal data in the following ways:
- Directly from you: When you create an account, enter financial data, or contact us
- Automatically: Through cookies and analytics when you use our platform
- From authentication providers: If you sign in using Google or other OAuth providers
5. Purpose of Data Collection
We use your personal data for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Create and manage your account | Email, name | Consent |
| Provide retirement planning calculations | Financial data | Consent |
| Save your financial plans | All entered data | Consent |
| Send service-related emails | Email address | Consent / Legitimate Interest |
| Improve our platform | Usage data | Legitimate Interest |
| Prevent fraud and ensure security | Technical data | Legitimate Interest |
| Comply with legal obligations | As required | Legal Obligation |
6. Consent
6.1 Obtaining Consent
We obtain your explicit consent before collecting your personal data. When you sign up for FINNCAL, you are asked to agree to this Privacy Policy and consent to data processing.
6.2 Withdrawing Consent
You have the right to withdraw your consent at any time. You can do this by:
- Going to Settings > Consent Management in your account
- Emailing us at freedom@finncal.com
Note: Withdrawing consent may limit your ability to use certain features of FINNCAL.
7. Your Rights as a Data Principal
Under the DPDP Act 2023, you have the following rights:
7.1 Right to Access
You can request a summary of your personal data and information about how it is being processed.
7.2 Right to Correction
You can request correction of inaccurate or incomplete personal data.
7.3 Right to Erasure (Right to be Forgotten)
You can request deletion of your personal data. We will delete your data within 30 days unless retention is required by law.
How to exercise: Use the "Delete My Data" option in your account menu or email freedom@finncal.com
7.4 Right to Withdraw Consent
You can withdraw consent at any time (see Section 6.2).
7.5 Right to Grievance Redressal
You have the right to file a grievance about how your data is handled (see Section 12).
7.6 Right to Nominate
You can nominate another individual to exercise your rights on your behalf in case of your death or incapacity.
Response Time: We will respond to your requests within 90 days as required by the DPDP Act.
8. Data Security
We implement reasonable security safeguards to protect your personal data:
- Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
- Access Controls: Only authorized personnel can access your data
- Secure Infrastructure: We use Supabase, which provides enterprise-grade security (SOC 2 Type II certified)
- Regular Audits: We regularly review our security measures
- Password Protection: Your password is stored using secure hashing
9. Data Storage and Transfer
9.1 Where Data is Stored
Your data is stored on cloud servers operated by Supabase (our database provider). Supabase uses Amazon Web Services (AWS) infrastructure.
9.2 Data Processors
We use the following third-party data processors:
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | Cloud (AWS) |
| Netlify | Website hosting | Cloud |
| OAuth authentication | Cloud |
We have Data Processing Agreements with our processors to ensure your data is protected.
9.3 International Transfers
Your data may be transferred to servers located outside India. We ensure appropriate safeguards are in place for such transfers as per the DPDP Act.
10. Data Retention
We retain your personal data for the following periods:
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Financial planning data | Until you delete your account |
| Usage/Analytics data | 2 years |
| Support communications | 3 years |
| Legal/Compliance records | As required by law |
After your account is deleted, we will erase your personal data within 30 days, unless retention is required for legal purposes.
11. Children's Data
FINNCAL is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.
12. Grievance Redressal
If you have any concerns about how your data is handled:
Step 1: Contact Us
Email: freedom@finncal.com
We will acknowledge your grievance and work to resolve it within 90 days.
Step 2: Data Protection Board
If your grievance is not resolved satisfactorily, you may approach the Data Protection Board of India:
Website: https://dpdpa.gov.in (when operational)
13. Cookies and Tracking
We use cookies and similar technologies for:
- Essential cookies: Required for the platform to function (authentication, preferences)
- Analytics cookies: To understand how users interact with our platform
You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.
14. Third-Party Links
Our platform may contain links to third-party websites. We are not responsible for the privacy practices of these websites. Please review their privacy policies.
15. Changes to This Policy
We may update this Privacy Policy from time to time. We will:
- Update the "Last Updated" date at the top
- Notify you via email for significant changes
- Request fresh consent if required by law
Continued use of FINNCAL after changes constitutes acceptance of the updated policy.
16. Contact Us
For any questions about this Privacy Policy or your personal data:
Email: freedom@finncal.com
General Inquiries: Contact Page
17. Language
This Privacy Policy is available in English. As per DPDP Act requirements, we will make it available in Hindi and other scheduled languages upon request.