Privacy Policy

Last updated: March 24, 2026

1. Overview

My Finances (“we”, “us”, or “our”) is a personal finance tracking application available at https://www.my-finances.site. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

By using My Finances, you agree to the practices described in this policy.

2. Information We Collect

Account information

When you sign up, we collect your name and email address. These are used solely to identify your account.

Financial data you enter

All investment transactions (stocks, mutual funds, gold, crypto, EPF, FD, RD), expense records, and goals are entered by you and stored in your account. This data is never shared with third parties.

Profile information

You may optionally provide your phone number and PAN number to enable PDF password derivation for email imports. Your PAN number is encrypted using AES-256-GCM before being stored and is never logged or transmitted in plain text.

Gmail access (optional)

If you choose to connect your Gmail account, we request read-only access (gmail.readonly scope) to search for specific financial statement emails from CDSL (eCAS@cdslstatement.com) and SafeGold (estatements@safegold.in).

  • We only access emails matching those specific senders.
  • We only download PDF attachments from those emails.
  • We do not read, store, or process the body or subject of your emails.
  • We do not access any other emails in your inbox.
  • Your Gmail OAuth refresh token is encrypted with AES-256-GCM before being stored in our database.
  • You can disconnect Gmail at any time from the Integrations page, which permanently deletes the stored token.

Our use of data obtained via Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

3. How We Use Your Data

  • To display your financial portfolio, transactions, and analytics within the app.
  • To parse financial statement PDFs and populate your transaction records.
  • To authenticate your account securely.
  • To calculate portfolio metrics (XIRR, P&L, net worth, savings rate).

We do not use your data for advertising, profiling, or any purpose beyond operating the app for you.

4. Data Storage & Security

  • All data is stored in a private MongoDB database.
  • Sensitive fields (PAN number, Gmail refresh token) are AES-256-GCM encrypted.
  • Authentication uses JWT tokens stored in httpOnly cookies.
  • All communication between client and server uses HTTPS.
  • The application backend is hosted on Render; the database is hosted on MongoDB Atlas.

5. Data Sharing

We do not sell, rent, or share your personal or financial data with any third party. The only external services we communicate with are:

  • Yahoo Finance — to fetch live stock prices (your data is not sent; only stock symbols are queried).
  • MFAPI — to fetch mutual fund NAV history (scheme numbers only).
  • CoinDCX — to fetch crypto prices (coin symbols only).
  • SafeGold API — to fetch gold rates (no user data sent).
  • Google (Gmail API) — only if you explicitly connect your Gmail account.

6. Data Retention & Deletion

Your data is retained as long as your account exists. You can delete individual transaction types at any time from the Profile page (Data Management section). To permanently delete your account and all associated data, contact us at the email below.

7. Your Rights

  • You can view and edit all your data within the app at any time.
  • You can disconnect Gmail integration at any time from the Integrations page.
  • You can delete all data for any asset type from the Profile page.
  • You can request full account deletion by contacting us.

8. Changes to This Policy

We may update this policy from time to time. The “Last updated” date at the top of this page will reflect any changes. Continued use of the app after changes constitutes acceptance of the updated policy.

9. Contact

If you have questions about this privacy policy or how your data is handled, contact us at: mharshvardhan1681@gmail.com