PayWatchSign in

Privacy Policy

Last updated: June 2026 · Written in plain English, because a privacy policy you can't read protects no one.

What we collect

  • Identity: mobile number, name, city, age — to run your account and personalise calculations.
  • Financial data you enter: income, assets, loans, insurance, tax inputs — the entire product runs on this.
  • Bank data via Account Aggregator: only with your explicit consent, only the scope you approve (balances, transactions, holdings — view only), fetched through the RBI-regulated AA framework. We never receive or store your bank credentials.
  • Usage data: which features you use, anonymised — to improve the product.

What we never do

  • We never sell your data. Our revenue is subscriptions and clearly disclosed referral commissions — not your data.
  • We never share individual financial data with employers (on employer-sponsored plans, employers see only anonymised aggregates with a minimum group size of 10).
  • We never share data with third parties without explicit, per-action consent shown to you before each share.
  • We never train shared AI models on your personal data. The personalisation layer (your private RAG memory) lives in our database, scoped to your account alone, and is deleted with your account.

Where your data lives

All data is stored on servers located in India (AWS Mumbai region, ap-south-1), encrypted at rest with AES-256 and in transit with TLS 1.3. Field-level encryption applies to sensitive identifiers. There is no cross-border transfer of your personal data.

Your rights (DPDP Act, 2023)

  • Access & portability: download your complete data as JSON from Settings, any time.
  • Correction: edit any data point in the app directly.
  • Erasure: delete your account from Settings — all personal data is permanently removed within 7 days. GST invoice records are retained in anonymised form for the statutory period, as required by law.
  • Consent withdrawal: revoke Account Aggregator consent in Settings; AA-sourced data is deleted within 24 hours.
  • Grievance: grievance@paywatch.in — acknowledged within 48 hours.

Retention

Active accounts: data retained while you use the service. Cancelled subscriptions: data retained 90 days so you can return, then queued for deletion. Deleted accounts: removed within 7 days of the request. Uploaded statement files are deleted within 24 hours of parsing.

Cookies & tracking

The web app uses only functional storage (your session tokens) on your own device. No advertising trackers, no third-party analytics cookies.