Cointify

Privacy Policy

Effective Date: 2 March 2026 · Last Updated: 2 March 2026

1. Introduction

Cointify ("we", "our", or "us") is a personal finance tracking application operated by Cointify. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the Cointify mobile application and related services (collectively, the "Service").

By using Cointify, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name
  • Email address
  • Phone number (if used for OTP login)
  • Currency preference and monthly income (optional, user-provided)

2.2 Financial Data

To provide finance tracking features, we store the following data in your account (secured with Row Level Security):

  • Financial accounts (name, type, last four digits of account/card number)
  • Transactions (amount, type, description, date, category)
  • Budgets and spending categories
  • Lending and debtor records (personal record-keeping only)
  • Kameti/chit fund records

2.3 SMS Data

With your explicit permission, Cointify reads SMS messages on your device to automatically detect and parse bank transaction notifications (credits, debits, UPI payments, balance alerts).

  • SMS data is processed and stored locally on your device using IndexedDB (Dexie.js). Raw SMS content is NOT transmitted to our servers.
  • Only extracted transaction metadata (amount, type, date, merchant name) may be stored in your account if you choose to process an SMS into a transaction.
  • We do NOT read personal messages, OTPs, passwords, or non-financial SMS.
  • You may deny or revoke SMS permission at any time via your device settings without affecting other app functionality.

2.4 AI Chat Data

Cointify includes an AI-powered financial assistant. Messages you send to the AI assistant are transmitted to Anthropic's Claude API for processing. We store your chat history in your account for continuity. Anthropic processes messages per their privacy policy and does not use your data for AI model training.

2.5 Voice Data

Speech-to-text functionality is processed locally on your device using the Web Speech API or Android SpeechRecognition. Raw audio is NOT transmitted to Cointify servers. The resulting text transcript may be sent to the AI assistant as described in Section 2.4.

2.6 Biometric Data

If you enable biometric lock, fingerprint or face authentication is processed entirely on your device using the Android BiometricPrompt API. No biometric data is ever stored, transmitted to, or accessible by Cointify servers or any third party.

2.7 Device Information

We do not collect device identifiers (IMEI, IMSI), precise location data, contacts, photos, calendar data, or any other device information beyond what is necessary to operate the Service.

3. How We Use Your Information

We use the information we collect to:

  • Provide and maintain finance tracking, budgeting, and reporting features
  • Power the AI financial assistant with context-aware responses
  • Sync your data securely across devices
  • Improve the app experience and fix issues
  • Communicate important updates about the Service

We do not use your data for targeted advertising, credit scoring, or profiling.

4. Data Storage & Security

  • Cloud storage: Your account and financial data is stored in an encrypted SQLite database with access controls ensuring only you can access your data.
  • Encryption in transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS.
  • Encryption at rest: Data stored on our cloud infrastructure is encrypted at rest (AES-256).
  • Local storage: SMS data and offline-first data are stored in IndexedDB on your device, secured by your device's own security mechanisms.
  • Biometric data: Processed on-device only; never stored or transmitted.

While we implement industry-standard security measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security of your data.

5. Data Sharing

We do not sell, rent, or trade your personal data to any third party.

We share data only with the following service providers, solely to operate the Service:

  • NextAuth.js — authentication
  • Anthropic — AI chat processing (chat messages only)
  • Google — authentication (if you sign in with Google)

Each third party is bound by their own privacy policy and data protection obligations.

We may disclose your data if required by law, regulation, or legal process.

6. Data Retention

Your data is retained for as long as your account is active. Upon account deletion (available in app Settings), all your data — including profile, transactions, accounts, budgets, lending records, chat history, and categories — is permanently deleted from our servers within 30 days.

Local data (SMS records, offline cache) is removed immediately from your device upon account deletion or app uninstallation.

7. Your Rights

You have the right to:

  • Access your personal data stored in the app
  • Delete your account and all associated data (Settings → Delete Account)
  • Withdraw consent for SMS reading at any time via device settings
  • Withdraw consent for data collection by deleting your account
  • Correct your profile information via the Edit Profile feature

To exercise any of these rights or make a data-related request, contact us at support@cointify.in.

8. SMS Permission Disclosure

Cointify requests the READ_SMS and RECEIVE_SMS Android permissions solely to automatically detect and parse bank transaction messages for expense tracking.

  • SMS data is processed locally on your device.
  • Raw SMS content is never uploaded to our servers.
  • Only transaction metadata extracted from bank SMS may be stored in your account.
  • You can deny or revoke this permission at any time without losing access to other app features.
  • The app is fully functional without SMS permission — you can enter transactions manually.

9. Children's Privacy

Cointify is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If you are under 18, please do not use this Service. If we become aware that we have collected data from a minor, we will promptly delete it.

10. Grievance Officer

In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the designated Grievance Officer for Cointify is:

  • Name: Nitin Bansal
  • Email: grievance@cointify.in
  • Response time: Acknowledgement within 48 hours; resolution within 30 days

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date at the top and notify you via an in-app notice. Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: