Privacy Policy

Finominee ("we", "us", or "our") is a personal finance nominee management application that helps Indian families track nominees across their financial accounts. This privacy policy explains how we collect, use, store, and protect your personal information when you use the Finominee mobile application and website.

Account information. When you create an account, we collect your full name, mobile phone number, email address, masked Aadhaar number (last 4 digits stored), and PAN number. Your phone number is used for OTP-based authentication.

Financial account data. You may voluntarily add information about your financial accounts including institution name, account type, masked account number, account balance, and nominee registration status. We do not have access to your actual bank accounts or transactions.

Family member data. You may add family member names, relationships, phone numbers, and masked Aadhaar numbers to track nominee assignments.

Vault documents. You may upload documents (passbooks, policy bonds, statements) to your encrypted vault. These documents are encrypted with AES-256 encryption before storage.

Usage data. We collect basic usage analytics such as app opens, feature usage, and crash reports to improve the application.

We use your information solely to provide and improve the Finominee service. Specifically, we use it to:

• Authenticate your identity via OTP
• Display your financial account and nominee information
• Store and retrieve your encrypted vault documents
• Send you notifications about nominee status
• Improve application performance and fix bugs

Infrastructure. Your data is stored on Supabase (powered by PostgreSQL) with servers hosted on AWS. All data is transmitted over HTTPS (TLS 1.2+).

Encryption. Vault documents are encrypted using AES-256 encryption with your personal MPIN-derived key. We cannot read your vault contents.

MPIN. Your MPIN is never stored in plaintext. We store only a salted SHA-256 hash. Even we cannot recover your MPIN.

Row level security. Database access is enforced using Supabase Row Level Security (RLS) policies, ensuring you can only access your own data.

We do not sell, trade, or rent your personal information to third parties. We do not share your data with advertisers. We may share data only in the following circumstances:

• With your explicit consent
• To comply with legal obligations or court orders
• To protect against fraud or security threats

We use the following third-party services, each with their own privacy policies:

• Supabase — Database and authentication
• MSG91 — OTP delivery via WhatsApp/SMS
• Google Play Services — App distribution

No financial data is shared with these services beyond what is necessary for their function.

You have the right to:

• Access all personal data we hold about you
• Correct any inaccurate information through the Profile page
• Export your data
• Delete your account and all associated data

To exercise any of these rights, contact us at the email address below.

We retain your data for as long as your account is active. If you delete your account, all personal data, financial account records, family member data, and vault documents are permanently deleted within 30 days. Anonymized usage analytics may be retained for service improvement.

Finominee is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we discover that a child under 18 has provided us with personal information, we will delete it immediately.

We may update this privacy policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the app after changes constitutes acceptance of the updated policy.