Legal

Privacy Policy.

Your financial data is yours. Here's exactly how we handle it — with zero ambiguity.

Last updated: 23 March 2026 · INDDHAN FINANCE PVT LTD · Effective immediately

Contents

1. Overview

🔒 indDhan will never sell your data. Ever. Your financial information exists to serve you — not advertisers.

This Privacy Policy describes how INDDHAN FINANCE PVT LTD ("indDhan", "we", "us") collects, uses, and protects your personal and financial information when you use the indDhan mobile application and website (inddhan.com).

We are committed to compliance with India's Digital Personal Data Protection (DPDP) Act, 2023, and applicable RBI data residency guidelines. All data is stored in Indian data centers.

🇮🇳
Indian Data Centers Only
📋
DPDP Act Compliant
🔒
AES-256-GCM Encrypted
🚫
Zero Data Sales

2. Data We Collect

Information You Provide

  • Account information: name, email address, phone number
  • Financial data: assets, liabilities, income, expenses you manually enter
  • Family member information you choose to add
  • Nominee details for estate planning (stored encrypted)
  • Goals, budgets, and financial plans you create

Information Collected Automatically

  • SMS transaction data (with your explicit permission) — parsed locally on device
  • Device information for security purposes (model, OS version, root detection)
  • App usage analytics (screens visited, features used) via Firebase Analytics
  • Crash reports via Firebase Crashlytics

Information from Third Parties

  • Account Aggregator (AA) data — only with your explicit consent per RBI AA framework
  • Market data for portfolio valuations (prices only, not your identity)

3. How We Use Your Data

We use your data for the following 7 purposes, each requiring separate consent under DPDP Act:

  • Financial tracking — Computing net worth, IndDhan Score, and portfolio analytics
  • Personalisation — Customising insights and recommendations based on your profile
  • Security — Fraud detection, device integrity verification, biometric authentication
  • Product improvement — Anonymised usage analytics to improve the app
  • Communications — Transactional emails, security alerts, product updates (opt-out available)
  • Legal compliance — Regulatory requirements, tax reporting when legally mandated
  • Support — Responding to your queries and resolving issues

We do NOT use your data for advertising profiling or sell insights to third parties.

4. Storage & Security

indDhan implements bank-grade security across 6 layers:

  • AES-256-GCM encryption — All sensitive data encrypted with hardware-backed keys stored in Android's Trusted Execution Environment (TEE) or StrongBox. Keys never leave the secure element.
  • Certificate pinning — SHA-256 SPKI pins enforced at both OkHttp and system level. Man-in-the-middle attacks are blocked.
  • Root & tamper detection — 11 su binary paths, 9 root management apps, Frida port scanning, and Xposed class detection.
  • Biometric authentication — Class 3 biometric (fingerprint/face) with cryptographic key binding on Android 11+.
  • RBI data residency — IP-level validation ensures all data stays within Indian data centers.
  • Supabase PostgreSQL — Row-level security, encrypted at rest, automated backups.

5. Data Sharing

We share your data only in the following limited circumstances:

  • Service providers — Supabase (database hosting, India region), Firebase (analytics/crash reporting, Google India infrastructure)
  • Account Aggregators — Only when you initiate a data fetch, under explicit RBI-compliant consent
  • Legal requirements — When required by law, court order, or RBI/SEBI regulatory mandate
  • Business transfer — In the event of merger or acquisition, with advance notice to you

We never share your data with advertisers, data brokers, insurance companies, or banks without your explicit consent.

6. Your Rights (DPDP Act 2023)

Under India's Digital Personal Data Protection Act, you have the following rights:

  • Right to access — Request a copy of all data we hold about you
  • Right to correction — Request correction of inaccurate personal data
  • Right to erasure — Request deletion of your account and all associated data
  • Right to data portability — Export your financial data in machine-readable format
  • Right to withdraw consent — Withdraw consent for specific data processing purposes
  • Right to grievance redressal — Lodge a complaint with our Data Protection Officer

To exercise any right, email neha@inddhan.com with subject "Data Rights Request". We will respond within 30 days.

7. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

  • Personal and financial data is deleted within 30 days
  • Anonymised, aggregated analytics data may be retained indefinitely
  • Data required for legal or regulatory compliance is retained for the mandated period (typically 7 years for financial records under Indian law)
  • Backup copies are purged within 90 days of account deletion

8. Children's Privacy

indDhan is not intended for users under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us at neha@inddhan.com and we will delete the account immediately.

9. Contact & Grievances

For any privacy-related queries, data requests, or grievances:

  • Data Protection Officer: Neha Thorat
  • Email: neha@inddhan.com
  • Company: INDDHAN FINANCE PVT LTD, Pune, Maharashtra
  • Response time: Within 30 days of receiving your request

This Privacy Policy may be updated from time to time. Material changes will be notified via in-app notification or email. Continued use of indDhan after changes constitutes acceptance of the updated policy.

indDhan™
fuel your financial growth
Home About Contact Privacy Policy Delete Account
© 2026 INDDHAN FINANCE PVT LTD · All rights reserved · indDhan™ is a registered trademark