🔒 PrivacyPrivacy Policy
Last updated: 18 July 2026
1. Introduction
This Privacy Policy explains how Every Rupee Spent ("we", "us", "our") collects, uses, shares and protects your personal data when you use everyrupeespent.com and the services offered on it — our free financial calculators, the AI Advisor, the Reminders application, and the SEO Optimization Service (together, the "Services").
We are the data fiduciary for the personal data described here, and we handle it in accordance with India's Digital Personal Data Protection Act, 2023 (the "DPDP Act") and other applicable law. By using the Services, you agree to the practices described in this Policy.
2. What data we collect
We aim to collect as little personal data as possible, and only what a feature actually needs to work. The data we collect depends on how you use the Services:
- Calculators and AI Advisor: the financial figures you type (loan amount, interest rate, income, etc.) are processed to produce a result. These calculations happen in your browser and are not stored on our servers or linked to your identity. When you use the AI Advisor, the relevant figures are sent to our AI provider to generate the observations shown.
- Account data (Reminders): your email address and a securely hashed password when you register, plus the reminders, categories and settings you create in the app.
- Payment data: when you pay for a subscription or the SEO service, our payment processor (Razorpay) collects and processes your payment details. We never see or store your full card, UPI or bank credentials — we only receive a payment confirmation and reference ID.
- SEO Optimization Service: the website URL and business details you submit for an audit.
- Contact form: your name, email and message when you write to us.
- Push notifications: if you opt in, a browser push subscription token so we can send reminder alerts.
- Usage analytics: privacy-friendly, cookie-less analytics (GoatCounter) that record aggregate page views and referrers. This does not use cookies, does not track you across sites, and does not build an individual profile of you.
3. How we use your data
We use personal data only for the purposes for which you provided it, namely:
- To operate and deliver the Services you request — run calculations, maintain your account, send your reminders, process payments and deliver SEO reports.
- To respond to your enquiries and provide customer support.
- To send you service-related communications (for example, a reminder alert you asked for, a payment receipt, or an important change to the Services).
- To keep the Services secure, prevent fraud and abuse, and debug problems.
- To understand, in aggregate, how the Services are used so we can improve them.
4. Our lawful basis for processing
Under the DPDP Act we process your personal data on the basis of the consent you give when you choose to use a feature (for example, creating an account or opting in to push notifications), and for certain legitimate uses permitted by law such as fulfilling a service you have requested and complying with legal obligations.
Where processing relies on consent, you may withdraw that consent at any time (see Section 8). Withdrawing consent does not affect processing carried out before the withdrawal.
5. When we share data, and with whom
We do not sell your personal data, and we do not share it with third parties for their own marketing. We share data only with the service providers ("data processors") we rely on to run the Services, and only to the extent needed:
- Razorpay — to process payments and subscriptions securely.
- Our AI provider — to generate AI Advisor observations and to assist the SEO audit analysis, based on the inputs you submit.
- Email delivery provider — to send transactional emails such as receipts, verification and reminder alerts.
- Cloud hosting and storage (AWS) — where the Services are hosted and account data is stored.
- Cloudflare Turnstile — to verify that the contact form is submitted by a human and block spam.
- Where required by law, a court order, or to protect our rights, safety or the safety of others.
6. Cookies and tracking
We keep tracking to a minimum. We do not use advertising or cross-site tracking cookies. We use a small number of strictly necessary items — for example, a token stored in your browser to keep you logged in to the Reminders app. Our analytics (GoatCounter) is cookie-less and counts page views without identifying you.
7. How long we keep your data
We keep personal data only for as long as needed for the purpose it was collected, or as required by law (for example, tax and accounting records for payments).
Account and reminder data is kept for as long as your account is active. If you delete your account, we delete or anonymise your personal data within a reasonable period, except where we must retain certain records to meet legal, tax or fraud-prevention obligations. Calculator inputs are not stored at all.
8. Your rights
Under the DPDP Act, you have the right to:
- Access — request a summary of the personal data we hold about you and how we process it.
- Correction — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your personal data where it is no longer needed.
- Withdraw consent — withdraw consent for processing that relies on it, as easily as you gave it.
- Grievance redressal — raise a complaint about how we handle your data (see Section 12).
- Nominate — nominate another individual to exercise your rights in the event of death or incapacity.
9. How we protect your data
We take reasonable security safeguards to protect your data, including encryption in transit (HTTPS/TLS), hashing of passwords, a strict Content Security Policy, access controls, and processing payments through a PCI-DSS compliant processor so we never store card details.
No method of transmission or storage is completely secure, but we work to protect your data and will notify you and the Data Protection Board of India of a personal data breach where the law requires it.
10. Children
The Services are intended for adults managing their own finances and are not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.
11. Changes to this Policy
We may update this Privacy Policy as the Services or the law change. We will revise the "Last updated" date above, and for significant changes we will take reasonable steps to notify you. Continuing to use the Services after an update means you accept the revised Policy.
12. Contact and grievance officer
For any question about this Policy, to exercise your rights, or to raise a grievance about how we handle your personal data, write to us at [email protected]. We will acknowledge and respond within the timelines required by the DPDP Act.