FinDrishti

Privacy Policy

Effective 10 July 2026

1. Who we are

FinDrishti is a data-preparation aid that reads your foreign bank and brokerage statements and pre-fills Schedule FA and related schedules for your India Income Tax Return. We are the data fiduciary for the personal data you provide, under the Digital Personal Data Protection (DPDP) Act, 2023. FinDrishti is not a tax advisor, chartered accountant, or filing service.

2. Data we collect

  • Account data: your name and email address, received from Google when you sign in.
  • Documents you upload: bank and brokerage statements and the financial data extracted from them (holdings, transactions, balances, dividends).
  • Tax profile: details you enter, such as residential status and asset flags.
  • Usage & billing: AI-credit balance and payment records (payments are processed by Razorpay; we do not store card details).

3. Why we process it (purpose & consent)

We process your data solely to extract information from your documents and generate your tax schedules, on the basis of the consent you give at signup. We do not sell your data or use it for advertising. You may withdraw consent at any time by deleting your data or your account (see “Your rights”).

4. AI processing and sub-processors

To read your documents we use third-party large-language-model providers (currently Anthropic’s Claude) and cloud infrastructure (Google Cloud, Supabase, Netlify, Cloudflare). Document content is sent to these processors only to perform the extraction you requested. We choose providers that do not train their models on data submitted through their business APIs.

5. Data sharing

We share data only with the sub-processors above to run the service, and where required by law. We do not otherwise disclose your personal or financial data to third parties.

6. Data retention

We retain your documents and extracted data until you delete them or close your account. When you delete your account we permanently erase your personal and financial content — your documents, extractions, accounts, corrections and tax schedules — from our active systems; residual copies in encrypted backups age out on our normal backup cycle.

The one exception is purchase records. Indian tax and accounting law requires us to keep a record of the payments you made (typically for up to eight years). After you delete your account we retain only a minimal, de-identified record of each purchase — the amount, date and the payment reference held by our payment processor (Razorpay). It contains no documents, no financial data, and no account identifier linking it back to you within our systems.

7. Security

Data is encrypted in transit (TLS) and at rest. Access is protected by row-level security so each account can reach only its own data, and by authenticated, least-privilege backend access. No system is perfectly secure, but we work to protect your information.

8. Your rights

Under the DPDP Act, 2023 you may access, correct, and erase your personal data, withdraw consent, and nominate another person to exercise your rights. You can delete individual documents or your entire account from within the app, or contact us using the details below.

9. Grievances

For any privacy question, request, or complaint, contact our grievance officer at findrishti.app@gmail.com. We will respond within the timelines required by law.

10. Changes to this policy

We may update this policy as the service evolves. Material changes will be notified in-app or by email, and the “Effective” date above will be revised.

Questions? Email findrishti.app@gmail.com. Back to sign up →