Privacy Policy

Last updated: 17 April 2026

1. Who We Are

AlphaView (alphaview.in) is an AI-powered personal finance and market intelligence platform operated by Prince Singh ("we", "us", "our"). We are based in India and our data infrastructure is hosted exclusively in AWS Mumbai (ap-south-1).

2. Data We Collect

  • Account Information: Name, email address, and hashed password (bcrypt, cost factor 12). We never store plaintext passwords.
  • Financial Data (User-Uploaded): Bank statements, credit card statements, and mutual fund CAS reports that you voluntarily upload. These files are parsed in memory and deleted within 5 minutes of processing. Extracted transaction data is encrypted at rest using AES-256 (pgcrypto).
  • Portfolio Data: Stock holdings and mutual fund investments you add manually or via document upload.
  • Usage Data: Pages visited, features used, and AI queries made — used solely for improving the product and enforcing usage quotas.
  • We never collect: Aadhaar numbers, PAN numbers (beyond what appears in uploaded statements which is immediately discarded), SMS data, contacts, or location data.

3. How We Use Your Data

  • To provide AI-powered financial analysis, budgeting, and market intelligence features.
  • To categorize transactions and generate spending insights.
  • To send you account-related emails (verification, password reset, subscription confirmations).
  • To enforce subscription quotas and usage limits.

We never sell, rent, or share your financial data with third parties for advertising or marketing purposes.

4. AI Processing

When you use AI features, anonymized or minimal financial context is sent to Anthropic's Claude API for analysis. We never send full bank account numbers, Aadhaar numbers, or other sensitive identifiers to the AI. AI processing requires your explicit consent, which you can grant or revoke at any time from Settings > Privacy.

5. Data Security

  • All financial data is encrypted at rest using AES-256 via PostgreSQL pgcrypto.
  • All connections use HTTPS with HSTS headers.
  • Bank account numbers are stored as last 4 digits only.
  • JWT access tokens expire in 15 minutes; refresh tokens in 7 days.
  • Auth endpoints are rate-limited to 5 attempts per 15 minutes.
  • Data is hosted exclusively in AWS Mumbai (ap-south-1) for RBI compliance.

6. DPDPA 2023 Compliance

Under India's Digital Personal Data Protection Act 2023, you have the following rights:

  • Right to Consent: We collect financial data only with your explicit consent. You can manage consent settings from your account at any time.
  • Right to Access & Export: You can export all your data in JSON or CSV format from Settings > Privacy > Export Data.
  • Right to Erasure: You can delete your account and all associated data permanently from Settings > Privacy > Delete Account. Deletion is immediate and irreversible.
  • Right to Correction: You can edit your profile and financial data at any time through the dashboard.

7. Cookies & Local Storage

We use localStorage to store your authentication tokens and theme preference. We do not use third-party tracking cookies. No analytics data is shared with advertisers.

8. Third-Party Services

  • Anthropic (Claude API): AI processing — no financial data is stored by Anthropic.
  • Razorpay: Payment processing for subscriptions — we do not store card details.
  • AWS SES: Transactional emails only.
  • Google OAuth: Optional sign-in — we only receive your name and email.

9. Data Retention

  • Uploaded files (PDFs, CSVs): Deleted within 5 minutes of parsing.
  • Account data: Retained until you delete your account.
  • AI conversation history: Cached for up to 24 hours, then purged.

10. Changes to This Policy

We may update this policy from time to time. Significant changes will be communicated via email to registered users. Continued use of AlphaView after changes constitutes acceptance of the updated policy.

11. Contact

For privacy-related questions or to exercise your DPDPA rights, contact us at support@alphaview.in.