Privacy Policy
Last updated: April 27, 2026 · Pinegrass Technologies Private Limited
Ari is a personal-finance coaching app for Indian users. We
take your financial data seriously. This page tells you what we
collect, why we collect it, who we share it with, and how to delete it.
This policy complies with the Digital Personal Data Protection Act,
2023 (DPDP Act) and the Information Technology Act, 2000.
1. Categories of personal data we collect
- Account info: name, email, optional phone, age group, income bracket, primary financial goal — collected at sign-up.
- Expense data: amount, category, merchant, date, free-text notes you type or speak.
- Voice transcription: transcribed on-device via Android/iOS speech recognition. Audio is never uploaded to our servers.
- Push token: an opaque Expo push token, only if you grant notification permission.
- UPI VPA: only if you choose to set one in Settings, used to compose UPI payment links for shared expenses.
- Bank transactions: only if you explicitly link a bank via the RBI Account Aggregator framework. Read-only, consent-revocable, never stored beyond what you authorise.
- Crash + performance telemetry: stack traces and request timings via Sentry. Personally-identifiable fields are stripped server-side before transmission.
- Anonymous usage analytics: screen names, button taps, and retention cohorts via PostHog. No transaction amounts, descriptions, or merchant data are sent.
2. What we don't collect
- We do not collect your bank account number, debit/credit card number, OTPs, passwords, or PIN.
- If you accidentally type any of those into the AI chat, our client-side PII filter strips them before the message leaves your device.
- We do not sell your data. We do not share it with advertisers.
3. Purpose of processing
We process the data above strictly for these purposes (DPDP §6 — purpose limitation):
- Authenticate you and let you access your own data across devices.
- Show your transactions, budgets, savings goals, and tax summary.
- Generate AI-assisted coaching messages and weekly briefs about your spending.
- Send you reminders and nudges only with your explicit notification consent.
- Diagnose crashes and improve performance (telemetry only).
- Comply with applicable legal, tax, and audit obligations.
We will not repurpose your data for advertising, profiling for resale, or training third-party AI models.
4. Consent
By creating an account, you give free, specific, informed, and
unambiguous consent (DPDP §6) to the processing described above.
Optional features (push notifications, voice input, biometric lock,
Account Aggregator bank linking) require their own separate consent at
the moment of use, and you can withdraw any of them in Settings without
affecting the rest of the app.
5. Who processes your data on our behalf
We use the following data processors. All are bound by data-processing
agreements that limit them to the purposes listed above. Some are
located outside India; by using Ari you consent to this
cross-border transfer (DPDP §16):
- Supabase (Singapore / United States, AWS) — primary database + authentication.
- Google Gemini API (United States) — natural-language expense parsing and weekly coaching brief generation. The PII filter runs before any text is sent to Gemini.
- Google OAuth (United States) — only if you choose Google Sign-In.
- Expo Push Service (United States) — delivers push notifications to your device. Notification body never includes amounts or merchants beyond what's already in your wallet's notification shade.
- Sentry (United States / European Union) — crash and performance telemetry, with PII auto-redacted.
- PostHog (United States) — anonymous product analytics (only if enabled).
- Razorpay (India) — subscription billing, when paid tiers are enabled. Payment cards are entered directly into Razorpay's interface; we never see card numbers.
- Setu / RBI-licensed Account Aggregator (India) — only if you opt in to bank linking.
- Railway (United States, asia-southeast1 region for compute) — application hosting (server-side compute only; no user data persisted on the application server beyond request lifetime).
6. How long we keep your data — retention schedule
| Data category | Retention |
|---|
| Account profile | Until account deletion |
| Transactions, budgets, goals, tax profile | Until account deletion |
| AI coaching cache (briefs, anomaly detections) | 90 days rolling, then purged |
| Sentry crash + perf telemetry | 90 days |
| PostHog product analytics | 12 months |
| Database backup snapshots | 30 days |
| Records we must keep for legal / tax / fraud | As required by law (typically 7 years for tax) |
When you delete your account from Settings → Delete
Account, every row tied to your user id is cascade-deleted
from our primary database within 24 hours. Backups roll over within 30
days.
7. Your rights as a Data Principal (DPDP §11–§14)
- Right to access (§11): view all your data in the app, or request a CSV export from Settings → Export Data.
- Right to correction + erasure (§12): edit any expense, budget, goal, or profile field directly in the app; delete your account anytime via Settings → Delete Account.
- Right to grievance redressal (§13): contact our Grievance Officer (see §10 below). We respond within 30 days.
- Right to nominate (§14): you may nominate another individual to exercise these rights on your behalf in the event of your death or incapacity. Email the Grievance Officer with the nominee's name and verifiable contact details to register a nomination.
- Withdrawal of consent (§6): revoke push notification permission, voice/mic permission, or Account Aggregator consent at any time without affecting the rest of the app. You may also delete your account to withdraw all consent.
- Right to escalate: if our response is unsatisfactory, you may complain to the Data Protection Board of India under §27 of the DPDP Act (www.dpb.gov.in).
8. Security
- All data in transit is TLS 1.2+. All data at rest is encrypted by Supabase.
- Row-Level Security policies in our database enforce that you can only read or write your own data, even if a backend route had a bug.
- Authentication tokens are short-lived (1 hour) and auto-rotated. You can sign out from any device by logging out.
- Optional biometric (fingerprint / face) lock for app reopen.
- We will notify affected users and the Data Protection Board within 72 hours of becoming aware of a personal-data breach (DPDP §8(6)).
9. Children
Ari is not directed at children under 18. We do not knowingly
process data of anyone under 18 without verifiable parental consent
(DPDP §9). If you believe a minor has signed up without consent, email
the Grievance Officer and we will delete the account.
10. Grievance Officer
In compliance with the Digital Personal Data Protection Act, 2023
(§13) and the Information Technology Rules, 2011, we have designated a
Grievance Officer:
Grievance Officer, Pinegrass Technologies
Email: starhunter7@gmail.com
Postal: Pinegrass Technologies Private Limited, India
We acknowledge grievances within 48 hours and respond within 30 days
of receipt.
11. Changes to this policy
We'll update the "Last updated" date when material changes happen.
Substantive changes (new third-party processors, new categories of
data) will be flagged in-app with a one-time notice.
12. Governing law
This policy is governed by the laws of India, including the Digital
Personal Data Protection Act, 2023 and the Information Technology Act,
2000 with applicable rules.
13. Contact
Pinegrass Technologies Private Limited
Email: starhunter7@gmail.com