Privacy Policy
1. Information we collect
We collect only what we need to build your spending and credit dashboard and to run the app.
Account & identity
- Sign-in details — your name and email address, via Google sign-in.
- Identity details — your PAN and date of birth, which you provide so we can unlock password-protected bank/card statements and request your credit report.
Financial data from your inbox
- With your permission, we connect your Gmail (read-only) and/or Outlook mailbox and read only transaction, statement, and bill emails from banks, card issuers, UPI apps, lenders, and billers.
- From those emails we extract transactions, balances, EMIs, subscriptions, and statement details to build your dashboard.
Credit information
- With your consent, we obtain your credit report and score (e.g. CIBIL) from a credit bureau to show your score, the factors affecting it, and issues you can act on.
Usage, device & diagnostics
- Product analytics — events such as screens viewed, syncs, and features used, to understand and improve the app (via PostHog and Mixpanel).
- Device & push — platform, app version, and a push notification token so we can send you alerts you’ve opted into.
- Diagnostics — performance and error traces to keep the service reliable.
2. How we use your information
- Build and show your spending, subscriptions, EMIs, and credit dashboard.
- Power the in-app AI assistants that explain your score and discuss your spending.
- Send notifications you’ve enabled, and respond to your requests.
- Maintain security, prevent abuse, debug, and improve the product.
- Comply with applicable law.
We process this data based on your consent (which you can withdraw) and to provide the service you asked for, consistent with India’s Digital Personal Data Protection Act, 2023. We do not sell your personal data. We do not use the contents of your emails or your financial data for advertising.
3. Google & Microsoft user data (Limited Use)
Kaapi’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We access your Gmail with the read-only scope solely to identify and read financial emails needed to build your dashboard.
- We do not transfer or sell this data, and we do not use it for advertising.
- We do not allow humans to read your email data except where you give explicit consent for support, where required for security or to comply with law, or in aggregated/anonymized form for internal operations.
- We use limited AI/ML processing to extract structured financial facts from these emails to power the app.
The same principles apply to mailbox data accessed via Microsoft (Outlook). You can disconnect any mailbox at any time from the app; new syncs stop immediately.
4. How we share information
We share personal data only with service providers who process it on our behalf, under contract, to run Kaapi:
- Cloud hosting & database — to store and process your data.
- Google / Microsoft — mailbox access and sign-in.
- Credit bureau — to fetch your credit report at your request.
- AI processing — to extract data from statements and power the assistants (e.g. Microsoft Azure OpenAI).
- Notifications — to deliver push alerts (Expo push service → Apple/Google).
- Analytics & diagnostics — PostHog, Mixpanel, and error/performance tooling.
We may also disclose information if required by law, to enforce our terms, or to protect the rights and safety of our users. If Kaapi is involved in a merger or acquisition, we will notify you before your data becomes subject to a different policy.
5. Data retention
We keep your data for as long as your account is active. When you delete your account or disconnect a mailbox, we delete or de-identify the associated data within a reasonable period, except where we must retain it to comply with legal obligations or resolve disputes. You can ask us to clear your spending or credit data at any time.
6. Security
We use reasonable technical and organizational measures to protect your data, including encrypted connections (HTTPS/TLS), access controls, and OAuth tokens rather than storing your passwords. No method of transmission or storage is 100% secure, but we work to protect your information and to limit access to it.
7. Your rights & choices
- Access & correction — request a copy of your data or ask us to correct it.
- Deletion — delete your account, or clear your spending/credit data, from the app or by contacting us.
- Withdraw consent — disconnect a mailbox, turn off notifications, or revoke Kaapi’s access from your Google/Microsoft account settings.
- Grievance redressal — under the DPDP Act, contact our Grievance Officer below.
8. Children
Kaapi is intended for users aged 18 and over and is not directed to children. We do not knowingly collect data from anyone under 18.
9. Changes to this policy
We may update this policy from time to time. We’ll revise the “Last updated” date above and, for material changes, notify you in the app or by email.
10. Contact & grievances
Questions or requests: hello@kaapi.money
Grievance Officer: [Name], [email/address] — as required under the Digital Personal Data Protection Act, 2023 and applicable rules.