FinSor FinSor Privacy first FINancial adviSOR
Sign in Get early access
← Back to home
★ Legal

Privacy Policy — FinSor

Effective date: 12-May-2026 Last updated: 30-May-2026

This Privacy Policy explains how Thulirr Technologies LLP ("we", "us", "our") handles your information when you use the FinSor mobile application ("FinSor", "the App") and the backend services that power it.

FinSor is a privacy-first personal finance application for the Indian market. The defining principle of FinSor's design is that your financial data lives on your device, not on our servers. This policy exists to tell you exactly what that means, what we do receive, and what we don't.

If anything in this policy is unclear, write to us at saithulirr@gmail.com before installing the App.

1 · Who we are

  • Operator: Thulirr Technologies LLP
  • Contact (privacy): saithulirr@gmail.com
  • Grievance Officer (per the DPDP Act 2023 and the IT Rules 2011): Akila Dhanasekaran

We are a data fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP Act") for the limited personal data we collect (see §3). We are not a data fiduciary for the financial data you store inside the App, because that data does not leave your device under normal operation.

2 · Plain-English summary

What Where it lives Who can see it
Your email address On our backend server You, our authorized personnel for support
Your hashed password On our backend server (bcrypt, irreversible) Nobody — not even us
Your usage counter (extractions / analyses per month) On our backend server You, our authorized personnel
Your financial documents (PDFs, statements, screenshots) On your phone only. Sent transiently to our server only to be processed and never saved to our disk or logs. You
Your extracted transactions, balances, account numbers On your phone only. You
Your backups In your own iCloud / Google Drive account You
Your expense summary* Post Data Anonymization stored at backend As not user specific data used for averaging region specific expenses
Your categorization rule* Post Data Anonymization sent to backend for standardization and further app improvement As not user specific data used for improving app categorization rules
Ads (free plan only) Served by Google AdMob. We store nothing; Google may use a device advertising identifier to display ads (we request non-personalized ads). Google (per its policies). The paid plan is ad-free.
Subscription purchase data (paid plan only) Held by the app store (Google Play / Apple) and our subscription manager RevenueCat. We store only your current tier and renewal date. Payment cards never reach us. The app store, RevenueCat (per its policies), and you.
Monthly report PDF (paid plan only) Built on your phone from your local data, then transiently routed through our server only to be attached to an email and delivered to your registered address. The PDF bytes live in our server's memory for the duration of the email send (seconds) and are not written to disk or to logs. You (in your inbox), our email-delivery vendor Brevo (per its policies), and you.

If you want the full version with every nuance, read on.

3 · Information we collect

3.1 · Account information you give us

  • Email address — used only to identify your account and to contact you for service notifications (e.g. payment receipts, security notices).
  • Password — never stored as you typed it. We hash your password with bcrypt (cost factor 12) and store only the hash. We cannot recover your original password; if you forget it, you reset it.
  • Subscription tier — whether your account is on the free or paid plan, and (for paid accounts) the renewal date. The free plan is ad-supported (see §3.5); the paid plan is ad-free. The purchase itself is handled by the app store and our subscription manager RevenueCat — see §4.6. We never see your card / UPI / wallet details.

3.2 · Usage counters

For quota enforcement on the free tier, we count:

  • The number of documents you uploaded for extraction in the current calendar month
  • The number of FinSor analyses you requested in the current calendar month

These counters reset on the first day of each month. They are not linked to specific documents or specific content — only the count.

For FinSor Plus subscribers, we additionally store a single timestamp indicating when the most recent monthly report email was sent. This is used only to avoid duplicate sends and to drive a single push-notification reminder if no report has gone out by the 5th of the new month. See §4.7.

3.3 · Device and diagnostic information

We collect crash reports (anonymized stack traces from the App) through Sentry (Functional Software, Inc.). Crash reports are scrubbed of personally identifiable information before transmission — we explicitly strip email addresses, passwords, transaction descriptions, amounts, account numbers, and any other content from your financial documents before the report is sent. (If crash reporting is not yet enabled in your version of the App, this section becomes effective when it is, and we will update the "Effective date" above accordingly.)

We (Thulirr) do not collect, on our own servers:

  • Your location
  • Your contact list
  • Your photo library
  • Advertising identifiers (IDFA / GAID) — but note that on the free plan the Google AdMob SDK on your device may access this identifier to serve ads; see §3.5
  • Any analytics that profile you across sessions

3.5 · Advertising (free plan only)

The free plan is supported by ads served through Google AdMob (Google LLC). Ads appear in a few places in the App, such as the statement-processing screen and the home screen.

  • No financial data is ever used for ads. Your transactions, balances, account numbers, document contents, and categories are never shared with AdMob or any ad network. They never leave your device for this or any other purpose.
  • To display and frequency-cap ads, the AdMob SDK running on your device may access your device's advertising identifier (IDFA on iOS, GAID on Android) and basic technical data (device type, OS, coarse region, IP-derived country). This is collected by Google, not by us — we do not receive or store it.
  • We configure AdMob to request non-personalized ads only, which limits the data Google uses for ad targeting.
  • On iOS, ads are shown without app-tracking-transparency tracking unless you separately grant permission.
  • The paid plan is entirely ad-free — no AdMob SDK calls are made for subscribers.

Google's handling of ad data is governed by the Google Ads / AdMob policies and Google Privacy Policy. You can reset or limit your advertising identifier in your device settings at any time.

3.4 · What we never collect

We have no record of and no access to, ever:

  • Your transactions, balances, account numbers, or any financial detail
  • The contents of any document you upload
  • Names of your banks, employers, payees, or counterparties
  • Your real name (unless you choose to put it in your email address)
  • Your phone number, address, or date of birth
  • Your biometric data (Face ID / fingerprint authentication happens entirely on your device)
  • Email message content, attachments, or OAuth tokens for connected email accounts — these are processed and stored only on your device (see §4.5)

3.4 · Expense category and Rules

  • To improve app categorization performance and to create expense benchmarking the Anonymized expense category and the categorization rules sent and stored in backend.

  • No user details or user relationship is stored.

4 · How financial data flows

This is the most important section. Read it carefully.

4.1 · Extracting a statement

When you tap Upload and pick a statement:

  1. The document bytes leave your phone over an encrypted HTTPS connection.
  2. They arrive at our backend gateway, where they live in memory only — never written to disk, never logged, never stored in any database.
  3. The structured result (transactions, balances) is returned to your phone.
  4. The original bytes are dropped from memory at the end of the request. They cannot be recovered after that point — by us or by anyone else.
  5. Your phone saves the extracted structured data to its on-device SQLite database. This database never leaves your phone except through backups you explicitly enable (see §7).

4.2 · Account numbers are masked at the boundary

Before the extracted data is returned to your phone, account numbers are masked to the last 4 digits on our server (e.g. "XXXXXXXX1234"). The unmasked digits never leave our server's RAM and are never persisted anywhere. The mobile app stores only the masked form.

4.3 · Password-protected PDFs

If you upload a password-protected PDF, your password is used to decrypt the file in our server's memory using the qpdf tool, and discarded immediately. The decrypted bytes are also discarded after extraction. Your PDF password is never stored, logged, or transmitted to any third party.

4.4 · FinSor analysis ("FinSor Insights")

When you tap Analyze on the Insights tab, the App builds a summary of your portfolio on your device (totals, allocation percentages, category breakdowns) and sends only that summary — not your raw transactions — to our backend, which forwards it to Google Gemini for analysis. The returned insight text is shown in-app. The summary is treated identically to document bytes: in memory only, not stored.

4.5 · Gmail (and other email) connections

Connecting an email account is entirely optional and voluntary. FinSor works fully without it — statement uploads, dashboards, insights and portfolio analysis all function normally if you never connect an inbox. You opt in only if you want FinSor to surface financial messages (e.g. credit-card alerts, broker confirmations) automatically, and you can disconnect at any time.

If you choose to connect your Gmail account (or another supported email provider) to FinSor, we request read-only access to your inbox using the standard OAuth 2.0 flow — we never see your email password.

  1. Email content is fetched directly to your device and processed entirely on your phone. The bytes of your messages never reach our servers.
  2. We do not store messages, attachments, headers, or metadata on our backend at any point.
  3. The refresh token issued by your email provider is held in your device's hardware-backed secure storage (iOS Keychain / Android Keystore). It is never transmitted to or stored by FinSor.
  4. When you disconnect the email account from More → Connections, the refresh token is revoked at the provider and removed from your device's secure storage in the same action.

You can revoke FinSor's access at any time from your email provider's security dashboard (e.g. Google Account → Third-party apps), without opening the FinSor app. Disconnecting does not affect any other FinSor feature.

4.6 · Subscription billing (FinSor Plus)

The paid FinSor Plus plan is sold via Google Play Billing on Android and Apple StoreKit on iOS, with RevenueCat (RevenueCat, Inc.) orchestrating receipt validation and entitlement tracking on our behalf.

  1. When you tap Subscribe, the App opens the native Play / StoreKit purchase sheet. The card / UPI / wallet details you enter go directly to Google or Apple — they never touch our servers, and they never touch RevenueCat.
  2. Google / Apple charge you, return a purchase receipt to your device, and the App forwards the receipt to RevenueCat for validation.
  3. RevenueCat validates the receipt with the store, then notifies our backend via a signed webhook that your account is now entitled to FinSor Plus.
  4. Our backend updates only your subscription tier and paid-until date. No purchase amount, currency, payment method, transaction id, or last-4-of-card is stored on our side.
  5. We send to RevenueCat only your FinSor user id. RevenueCat sees: that user id, the store-issued receipt, and the resulting subscription state. It does not see any of your financial or document data, and we send it nothing about your transactions, balances, or accounts.

RevenueCat's handling of this data is governed by its own Privacy Policy. Cancellations and refunds are handled by the app store directly — manage your subscription via Google Play → Payments & subscriptions on Android or Settings → [your name] → Subscriptions on iOS.

4.7 · Monthly report by email (FinSor Plus only)

FinSor Plus subscribers receive a monthly PDF report by email — net-worth trend, asset allocation, expense category split, and the insights surfaced in the App. You can also trigger one manually from More → Monthly report, or turn the automatic monthly send off from the same screen. The free plan does not have this feature.

  1. The PDF is built entirely on your phone from the on-device SQLite database. The numbers inside the PDF are never sent to our server as data — only the finished PDF bytes leave your phone.
  2. The PDF bytes travel over an encrypted HTTPS connection to our backend, where they live in memory only — never written to disk, never logged.
  3. Our backend hands the PDF directly to our email-delivery vendor Brevo (Sendinblue SAS) as an attachment, with the recipient address pinned to your registered FinSor email. You cannot send the report to anyone else.
  4. Once the email is queued for delivery (typically within a few seconds), the PDF buffer is dropped from memory. We do not retain a server-side copy.
  5. The only record we keep is a timestamp on your account row indicating when the most recent monthly report was sent — used to avoid sending duplicates and to nudge you (via a push notification on day 5) if no report was sent that month.

Brevo handles the email-to-inbox delivery and may retain delivery-status records (sent / delivered / bounced) under its own retention rules. We do not pass Brevo your transactions, balances, account numbers, or any data about the contents of the PDF other than the PDF itself and the recipient address. Brevo's privacy handling is described at https://www.brevo.com/legal/privacypolicy/.

If you do not want a monthly report at all, turn off "Send automatically each month" in More → Monthly report. The manual button on the same screen stops working only if you also cancel your FinSor Plus subscription.

5 · Local data on your device

The bulk of your financial data lives in an encrypted-at-rest SQLite database managed by the App on your phone. This includes:

  • Uploads (file names, hashes, document types, dates)
  • Accounts (institution, masked account number, account type)
  • Transactions (date, description, amount, category)
  • Assets and liabilities (balances)
  • Net-worth snapshots
  • Manually entered physical assets (real estate, vehicles, gold)
  • Your categorization rules
  • Cached FinSor analysis results

This database is accessible only through the App and only on your unlocked device. We have no remote access to it. If you change phones without restoring from your own backup (see §7), the data does not come with you — there is no server-side copy to download.

5.1 · Biometric / PIN unlock

If you enable Face ID, fingerprint unlock, or a 6-digit PIN to open the App, the underlying secret is stored in your device's secure hardware enclave (iOS Keychain / Android Keystore) and is never transmitted to us. The PIN, when used, is hashed before storage; we cannot recover a PIN you've forgotten.

6 · Third-party services

The App relies on a small number of third-party services, listed in full here.

Service Purpose What we send Their privacy policy
Google Gemini API (Google LLC) Classify and extract data from your uploaded documents Document bytes (transient, in memory only), or portfolio summaries for FinSor insights https://policies.google.com/privacy and https://ai.google.dev/gemini-api/terms
Apple App Store / Google Play Distribute the App, process subscription payments if you opt in Their standard purchase metadata. We don't see your card number; the stores handle that. Apple: https://www.apple.com/legal/privacy/ — Google: https://policies.google.com/privacy
Sentry (Functional Software, Inc.) — if enabled Crash reporting PII-scrubbed crash traces only https://sentry.io/privacy/
Apple iCloud / Google Driveif you opt into backup Store an encrypted backup of your on-device database in your own cloud account The encrypted database file Apple iCloud: https://www.apple.com/legal/privacy/ — Google Drive: https://policies.google.com/privacy
Gmail API / Google OAuth (Google LLC) — if you connect an email account Read-only access to your inbox so the App can identify financial messages on your device OAuth authorization request only. Email content and OAuth tokens never reach our servers — both stay on your device. https://policies.google.com/privacy
Google AdMob (Google LLC) — free plan only Display ads to free-plan users (see §3.5) No financial data, ever. The on-device SDK may access your device advertising identifier and basic technical data; we request non-personalized ads. We don't receive or store any of it. https://policies.google.com/technologies/adshttps://policies.google.com/privacy
RevenueCat (RevenueCat, Inc.) — if you subscribe to FinSor Plus Validate store receipts and track subscription state on our behalf (see §4.6) Your FinSor user id and the store-issued purchase receipt. No card / UPI / wallet details, no transactions, no balances, no document content. https://www.revenuecat.com/privacy
Brevo (Sendinblue SAS) Deliver transactional emails — account verification OTPs, password-reset OTPs, and (for FinSor Plus subscribers) the monthly report PDF as an attachment (see §4.7) Your registered email address; the OTP code or the report PDF bytes. No transactions, balances, account numbers, or other content beyond the email body and any attached PDF. https://www.brevo.com/legal/privacypolicy/

7 · Backups

The App supports backups to your own iCloud Drive or Google Drive account, not ours. (Backup is a Phase-2 feature; this section becomes effective when backups ship.)

When backup is enabled:

  • The App produces an encrypted snapshot of your on-device SQLite database.
  • The snapshot is written to a folder inside your own iCloud Drive or Google Drive account.
  • We do not have access to your iCloud or Drive account, the backup folder, or the snapshot file.
  • We do not maintain server-side backups of your data at any point.

You can disable backups at any time from More → Privacy in the App.

8 · Your rights under the DPDP Act 2023

As a Data Principal under India's Digital Personal Data Protection Act, 2023, you have the right to:

  • Access the personal data we hold about you (email, hashed password, subscription tier, usage counters). Email support@thulirr.in to request a copy.
  • Correct inaccurate or outdated personal data. You can change your email from inside the App; password resets are self-service.
  • Erase all personal data we hold by deleting your account from More → Privacy → Delete account. Deletion is immediate and irreversible. You may also email us to request deletion if you cannot use the in-app option.
  • Withdraw consent at any time by deleting the App and your account.
  • Grievance redressal — write to our Grievance Officer at the address in §1. We will respond within 30 days as required by the DPDP Act.

If you are dissatisfied with our response, you may complain to the Data Protection Board of India once it is operational.

9 · Account deletion

You can delete your account at any time from More → Privacy → Delete account inside the App. Doing so will:

  • Permanently delete your email, hashed password, subscription tier record, and all usage counters from our backend within 24 hours.
  • Disconnect any device on which you are signed in.
  • Revoke any active authentication tokens.

This does not delete the on-device database on your phone — that data is yours and is removed only when you delete the App or clear its storage. The cloud backup, if you enabled one, lives in your own iCloud / Drive account and is removed only when you delete it there.

10 · Data retention

  • Account information (email, hashed password, tier, usage counters): retained as long as your account is active. Deleted within 24 hours after you delete your account.
  • Document bytes sent for extraction: discarded at end of request, never retained.
  • Email content and OAuth tokens for connected mail accounts: never retained on our servers. Tokens live in your device's hardware-backed secure storage and are revoked when you disconnect.
  • Crash reports: retained by Sentry for 90 days then auto-purged.
  • Ad data (free plan): we retain none. Any advertising identifier / technical data is collected and retained by Google under its own policies, not ours.
  • Subscription state (paid plan): retained as long as your account is active; deleted within 24 hours of account deletion. The store receipt itself lives with the app store and RevenueCat under their own retention policies (not ours).

11 · Security

  • All traffic between the App and our backend is encrypted in transit (HTTPS / TLS 1.2+).
  • Passwords are stored as bcrypt hashes with cost factor 12.
  • Our backend has no production database storing financial information of any kind — this is enforced by the architecture, not just by policy.
  • We follow industry-standard practices for server hardening, secret rotation, and access logging.

No system is impossible to compromise. If we ever experience a security incident affecting your personal data, we will notify you and the Data Protection Board of India within the timelines required by law.

12 · Children

FinSor is not directed at children. We do not knowingly create accounts for users under the age of 18. If you believe a minor has registered, write to saithulirr@gmail.com and we will delete the account.

13 · International users

FinSor is built for the Indian market. Our backend runs in India (Mumbai region). If you use the App from outside India, your data will still be processed in India and subject to Indian law.

14 · Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified in-app on next launch (a "What's new" notice) and via email to your registered address at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

15 · Contact

For any privacy question, request, or complaint:

We aim to respond within 7 business days for general queries and within 30 days for formal DPDP requests.

This document is plain English by design and is not a substitute for legal advice. If you need to understand how this policy interacts with your specific situation, consult a lawyer.