Privacy Policy

Your privacy matters to us

This policy explains what data RupeeTracker collects, how we use it, and your rights.

Effective: January 1, 2025·Last updated: June 4, 2026·Applies to: rupeetracker.com
Contents
1. Information We Collect2. How We Use Your Information3. Data Storage & Security4. Data Sharing5. Social Login (Google)5a. Portfolio Exports & Shared Links6. Payments & Subscriptions7. Data Retention8. Your Rights9. Cookies10. Children's Privacy11. Changes to This Policy12. Contact Us

1. Information We Collect

Information you provide directly

When you create an account or use RupeeTracker, we collect:

  • Account information — your full name, email address, and date of birth (used solely for age verification)
  • Investment data — details about your financial investments including amounts, interest rates, maturity dates, bank names, and account numbers that you choose to enter
  • Support messages — the subject and content of messages you send through our Contact Support feature
  • Subscription details — when you upgrade to RupeeTracker PRO, we record the Razorpay subscription identifier, plan status, and the next billing date. We do not receive or store your card number, CVV, or UPI PIN — those go directly to our payment processor (see §4 and §6).

Information collected automatically

  • Session data — a secure session cookie that keeps you logged in during your browsing session
  • Log data — server-side logs that may include your IP address, browser type, and pages visited, used only for security and debugging

Location information

When you first use RupeeTracker, we use your IP address to automatically detect your city so we can show you accurate, locally adjusted gold prices. This detection happens entirely server-side — your IP is not shared with third parties or stored. You can view, change, or remove your city at any time from your profile page.

Information from social login

If you choose to sign in with Google, we receive from Google:

  • Your name and email address
  • A unique identifier from the provider (used to recognise you on future logins)

We do not receive your social media posts, friends list, photos, or any data beyond name and email.

2. How We Use Your Information

We use your information only to provide and improve RupeeTracker:

  • To create and maintain your account
  • To display your investment portfolio, calculations, and analytics within the app
  • To send you OTP verification emails during registration
  • To respond to your support requests
  • To compute your portfolio health score and maturity calendar
  • To enforce our 18+ age requirement

We do not use your investment data for advertising, profiling, or any purpose other than displaying it back to you within the app.

3. Data Storage & Security

Your data is stored on servers in a secured infrastructure. We apply the following protections:

  • Encryption at rest — sensitive financial fields (investment amounts, interest rates, account numbers, bank names) are encrypted using AES-256-GCM before being stored in our database. The encryption key is never stored in the database itself.
  • Encryption in transit — all communication between your browser and our servers is encrypted via HTTPS/TLS.
  • Session security — your login session uses an HttpOnly, SameSite cookie that cannot be accessed by JavaScript.
  • Password hashing — passwords are hashed using BCrypt and are never stored in plaintext.

While we take these measures seriously, no system is 100% immune to security risks. We encourage you to use a strong password and to log out when using shared devices.

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We share data only in the following limited circumstances:

  • Email delivery — we use Resend (resend.com) to send OTP and support confirmation emails. Resend receives your email address only for the purpose of delivering these transactional emails.
  • Payment processing — when you upgrade to PRO, your payment is handled by Razorpay Software Pvt. Ltd. (razorpay.com). Razorpay receives your name, email, and the payment details you enter into their checkout form (card / UPI / netbanking). RupeeTracker never sees your card number, CVV, OTP, or UPI PIN. See §6 below for details.
  • Social login verification — when you sign in with Google, your token is verified with their API. No personal data is sent to them beyond what they already provided.
  • Legal requirements — we may disclose information if required to do so by law or in response to valid legal process.

5. Social Login (Google)

RupeeTracker offers "Sign in with Google" as a convenient alternative to email registration.

When you use social login:

  • Your browser communicates directly with Google to authenticate you
  • Google returns a secure token to your browser
  • Your browser sends that token to our server, which verifies it and creates or locates your account
  • We store your name, email, and a provider identifier — nothing else from your Google profile

You can review what data Google shares at myaccount.google.com/permissions.

To delete your RupeeTracker account and all associated data, visit our Data Deletion page.

5a. Portfolio Exports & Shared Links

RupeeTracker offers two ways to take your portfolio outside the app:

PDF and Excel exports (Pro)

You can download a PDF or Excel statement of your portfolio from the dashboard. Exports include the same investment fields you can see in the app — names, amounts, dates, returns. Account numbers and bank names are included in your own download because the file is yours; treat it as you would a bank statement.

Read-only share links

You can generate a public link at /portfolio/share/<token> to share a snapshot of your portfolio with a CA, a family member, or anyone else. The link is a random 32-character secret — anyone with the URL can view the snapshot, so treat it like a password.

The public payload strips the following before serving:

  • Bank names and account numbers
  • Notes you added to investments
  • Borrower names on LEND entries
  • Ticker symbols (could identify specific demat holdings)
  • Your email address — only your first name is shown

Each link tracks how many times it has been viewed. You can revoke any link at any time from the in-app Share dialog; revocation is immediate. Share pages send a noindex directive so they do not appear in search engines.

6. Payments & Subscriptions

RupeeTracker PRO is a paid monthly recurring subscription processed by Razorpay Software Pvt. Ltd. — a PCI-DSS Level 1 compliant payment processor licensed by the Reserve Bank of India. The current launch price is ₹49/month (until December 2026); the regular price is ₹99/month thereafter.

What Razorpay receives

  • Your full name and email address (so Razorpay can email receipts and handle disputes)
  • The plan amount and currency (INR)
  • The payment details you enter into the Razorpay Checkout form — card number, CVV, expiry, OTP, UPI ID, netbanking credentials, etc.
  • A reference identifier we generate to link the subscription back to your RupeeTracker account

What RupeeTracker receives back

  • A Razorpay subscription identifier (e.g. sub_xxxxxxxxxxxxxx) — encrypted at rest in our database using AES-256-GCM
  • The subscription status (active, cancelled, expired, etc.) and the next billing date
  • Webhook notifications when a charge succeeds, fails, or the subscription state changes

We never see or store your card number, CVV, OTP, UPI PIN, or netbanking password. These values go directly from your browser to Razorpay over an encrypted (TLS) channel.

Razorpay's privacy practices are governed by their own privacy policy, available at razorpay.com/privacy.

Cancellation & renewal

You may cancel your subscription at any time from the Profile page. Cancellation is scheduled at the end of the current billing cycle — you keep PRO access until then, and we do not bill you again. Cancellation is idempotent: if you have already cancelled, a second attempt is silently ignored and no further action is taken with Razorpay. We do not issue pro-rated refunds for the unused portion of the current cycle; see our Terms of Service for the full refund policy.

7. Data Retention

We retain your personal data for as long as your account is active. Additional rules apply to investment records and subscription history:

Account & investments — active accounts

  • All your investment data remains visible to you as long as you are on the PRO plan
  • If your PRO plan expires (or your trial ends) and you have more than 5 investments, only the first 5 you added remain visible. The remainder are held privately in our database for 60 days after your plan expiry date — invisible to you in the app, never shared, never used for any purpose other than restoring them if you renew within that window.
  • If you do not renew within 60 days, the held investments are permanently and irreversibly deleted by our automated retention job. Only the first 5 remain.
  • Free accounts that have never been on PRO are capped at 5 investments by design — there is nothing to hold or purge.

Subscription & payment records

  • Your Razorpay subscription identifier and status mirror are retained for as long as your account exists — they may be required for renewal, support, and reconciliation
  • If you cancel and your subscription lapses, we retain the identifier in case you want to resubscribe; you can request its removal via support
  • Razorpay independently retains transaction records as required by RBI regulations (typically 7 years) — those are not under our control

When you delete your account

  • All your investment data — visible and held — is permanently deleted immediately
  • Your account record (name, email, date of birth) is permanently deleted
  • Your Razorpay subscription is automatically cancelled if it was still active
  • Server logs may retain anonymised access records for up to 30 days for security purposes

8. Your Rights

You have the following rights regarding your personal data:

  • Access — you can view all your investment data directly within the RupeeTracker app at any time
  • Correction — you can edit your investment details and profile information within the app
  • Deletion — you can delete your account and all associated data from the Profile page, or by contacting us
  • Export — contact us to request a copy of your data

To exercise any of these rights, use the in-app options or contact us at support@rupeetracker.com.

9. Cookies & Analytics

RupeeTracker uses a single session cookie (RT_SESSION) to keep you logged in during your session. This cookie:

  • Is set only after you log in
  • Is HttpOnly — not accessible to JavaScript
  • Is SameSite=Strict — not sent on cross-site requests
  • Expires after 30 minutes of inactivity

We also use Google Analytics 4 to understand how visitors use the site (pages visited, navigation paths). Google Analytics is configured with IP anonymisation enabled — your full IP address is never stored or processed by Google. No advertising or remarketing features are active. You can opt out at any time using the Google Analytics Opt-out Browser Add-on.

We do not use advertising cookies, tracking pixels, or any other third-party analytics beyond Google Analytics 4.

10. Children's Privacy

RupeeTracker is not intended for anyone under the age of 18. We verify age at registration and do not knowingly collect data from minors. If you believe a minor has created an account, please contact us at support@rupeetracker.com and we will delete the account promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of RupeeTracker after changes are posted constitutes your acceptance of the updated policy. For significant changes, we will notify you via email.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

© 2026 RupeeTracker  ·  Not SEBI registered  ·  For personal tracking only

byGraybrains
···