Privacy Policy

Your privacy matters to us

This policy explains what data RupeeTracker collects, how we use it, and your rights.

Effective: January 1, 2025·Last updated: January 1, 2025·Applies to: rupeetracker.com
Contents
1. Information We Collect2. How We Use Your Information3. Data Storage & Security4. Data Sharing5. Social Login (Google & Facebook)6. Data Retention7. Your Rights8. Cookies9. Children's Privacy10. Changes to This Policy11. Contact Us

1. Information We Collect

Information you provide directly

When you create an account or use RupeeTracker, we collect:

  • Account information — your full name, email address, and date of birth (used solely for age verification)
  • Investment data — details about your financial investments including amounts, interest rates, maturity dates, bank names, and account numbers that you choose to enter
  • Support messages — the subject and content of messages you send through our Contact Support feature

Information collected automatically

  • Session data — a secure session cookie that keeps you logged in during your browsing session
  • Log data — server-side logs that may include your IP address, browser type, and pages visited, used only for security and debugging

Information from social login

If you choose to sign in with Google or Facebook, we receive from those providers:

  • Your name and email address
  • A unique identifier from the provider (used to recognise you on future logins)

We do not receive your social media posts, friends list, photos, or any data beyond name and email.

2. How We Use Your Information

We use your information only to provide and improve RupeeTracker:

  • To create and maintain your account
  • To display your investment portfolio, calculations, and analytics within the app
  • To send you OTP verification emails during registration
  • To respond to your support requests
  • To compute your portfolio health score and maturity calendar
  • To enforce our 18+ age requirement

We do not use your investment data for advertising, profiling, or any purpose other than displaying it back to you within the app.

3. Data Storage & Security

Your data is stored on servers in a secured infrastructure. We apply the following protections:

  • Encryption at rest — sensitive financial fields (investment amounts, interest rates, account numbers, bank names) are encrypted using AES-256-GCM before being stored in our database. The encryption key is never stored in the database itself.
  • Encryption in transit — all communication between your browser and our servers is encrypted via HTTPS/TLS.
  • Session security — your login session uses an HttpOnly, SameSite cookie that cannot be accessed by JavaScript.
  • Password hashing — passwords are hashed using BCrypt and are never stored in plaintext.

While we take these measures seriously, no system is 100% immune to security risks. We encourage you to use a strong password and to log out when using shared devices.

4. Data Sharing

We do not sell, rent, or trade your personal information to third parties.

We share data only in the following limited circumstances:

  • Email delivery — we use Resend (resend.com) to send OTP and support confirmation emails. Resend receives your email address only for the purpose of delivering these transactional emails.
  • Social login verification — when you sign in with Google or Facebook, your token is verified with their API. No personal data is sent to them beyond what they already provided.
  • Legal requirements — we may disclose information if required to do so by law or in response to valid legal process.

5. Social Login (Google & Facebook)

RupeeTracker offers "Sign in with Google" and "Sign in with Facebook" as convenient alternatives to email registration.

When you use social login:

  • Your browser communicates directly with Google or Facebook to authenticate you
  • Google or Facebook returns a secure token to your browser
  • Your browser sends that token to our server, which verifies it and creates or locates your account
  • We store your name, email, and a provider identifier — nothing else from your social profile

You can review what data Google shares at myaccount.google.com/permissions and Facebook at facebook.com/settings.

To delete your RupeeTracker account and all associated data, visit our Data Deletion page.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account:

  • All your investment data is permanently deleted immediately
  • Your account record (name, email, date of birth) is permanently deleted
  • Server logs may retain anonymised access records for up to 30 days for security purposes

7. Your Rights

You have the following rights regarding your personal data:

  • Access — you can view all your investment data directly within the RupeeTracker app at any time
  • Correction — you can edit your investment details and profile information within the app
  • Deletion — you can delete your account and all associated data from the Profile page, or by contacting us
  • Export — contact us to request a copy of your data

To exercise any of these rights, use the in-app options or contact us at support@rupeetracker.com.

8. Cookies & Analytics

RupeeTracker uses a single session cookie (RT_SESSION) to keep you logged in during your session. This cookie:

  • Is set only after you log in
  • Is HttpOnly — not accessible to JavaScript
  • Is SameSite=Strict — not sent on cross-site requests
  • Expires after 30 minutes of inactivity

We also use Google Analytics 4 to understand how visitors use the site (pages visited, navigation paths). Google Analytics is configured with IP anonymisation enabled — your full IP address is never stored or processed by Google. No advertising or remarketing features are active. You can opt out at any time using the Google Analytics Opt-out Browser Add-on.

We do not use advertising cookies, tracking pixels, or any other third-party analytics beyond Google Analytics 4.

9. Children's Privacy

RupeeTracker is not intended for anyone under the age of 18. We verify age at registration and do not knowingly collect data from minors. If you believe a minor has created an account, please contact us at support@rupeetracker.com and we will delete the account promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of RupeeTracker after changes are posted constitutes your acceptance of the updated policy. For significant changes, we will notify you via email.

11. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

© 2026 RupeeTracker  ·  Not SEBI registered  ·  For personal tracking only

··