← Back to Saaras AI

🔒 Privacy Policy

Last updated: 15 April 2026  |  DPDP Act 2023 GDPR CCPA

This Privacy Policy describes how Saaras AI ("we", "us", "our") collects, uses, and protects your information when you use our personal finance management application ("Service"). We are committed to protecting your privacy and complying with applicable data protection laws, including India's Digital Personal Data Protection Act, 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

1. Data Controller

Name: Saaras AI
Registered in: India
Website: saarasai.com
Contact Email: system@saarasai.com
Grievance Officer (DPDP Act): system@saarasai.com

2. Information We Collect

2.1 Data Stored Locally & in the Cloud

Saaras AI is designed as a privacy-first, AI-powered personal finance management application. Your data is stored in your browser's localStorage on your device for fast access, and is also synced to Google Firebase Firestore to enable cross-device access and data backup. The following data is collected and stored:

• Account credentials: Username and hashed password (SHA-256, salted) — stored locally and in Firebase Firestore (collection: auth_accounts) for cross-device login
• Financial profile: Income, expenses, savings, city, financial goals
• Transactions: Income and expense records you manually enter
• Budgets & Goals: Budget limits and savings goals you create
• App settings: Currency preference, theme selection
• Subscription status: Plan type, trial dates, payment IDs

When you are signed in, the above data is automatically synced to Firebase Firestore (collection: user_data) to enable seamless access across your devices. Data is encrypted in transit via HTTPS/TLS.

2.2 Data Processed by Third Parties

When you make a payment, the following data is shared with Razorpay (our payment processor):

• Name and email (if provided during checkout)
• Payment card/UPI details (processed directly by Razorpay, never stored by us)
• Transaction amount and subscription plan selected

Razorpay is a PCI-DSS Level 1 certified payment gateway regulated by the Reserve Bank of India (RBI). See Razorpay Privacy Policy.

2.3 Google Sign-In

If you choose to sign in with Google, the following data is received from Google:

• Your Google email address
• Your display name
• Your Google profile picture URL (if available)

This data is used for account creation, authentication, and enabling cross-device sync. Your Google email and display name are stored locally and in Firebase Firestore to identify your account across devices. See Google Privacy Policy.

2.4 Cross-Device Sync & Cloud Storage

To provide seamless cross-device access, Saaras AI syncs your data to Google Firebase Firestore:

• What is synced: Transactions, budgets, goals, settings, subscription status, and account credentials (hashed)
• When it syncs: Automatically on login, on data changes, when your browser tab gains focus, and before the page closes
• How it's secured: Data is transmitted over HTTPS/TLS. Firestore security rules ensure each user can only access their own data
• Data isolation: Your data is stored under a unique key derived from your username or Google email, ensuring complete isolation

2.5 Data We Do NOT Collect

• We do NOT use cookies or tracking technologies
• We do NOT share, sell, or rent your personal data to third parties
• We do NOT use your data for advertising or profiling
• We do NOT store plaintext passwords — all passwords are hashed with SHA-256 and salted

2.6 Bank & Payment App Statement Uploads

Saaras AI allows you to upload bank statements and transaction exports from payment apps (such as PhonePe, Google Pay, and Paytm) to auto-fill your financial profile and import transactions.

• 100% Local Processing: All statement files (CSV and PDF) are read and parsed entirely within your browser using JavaScript. No file data is transmitted to any server, API, or third party at any time.
• Immediate Disposal: The uploaded file is read into browser memory, parsed for transaction data, and immediately discarded. It is never stored on disk, in localStorage, or in the cloud.
• Extracted Data: Only structured transaction data (dates, descriptions, amounts, categories) extracted from your statement is stored — in the same localStorage and Firebase Firestore storage used for manually entered transactions.
• User Consent: You must provide explicit consent before uploading any statement. You are under no obligation to use this feature.
• Deletion: Imported transactions can be deleted individually or via Settings → Clear All Data, just like manually entered transactions.
• No Account Access: Saaras AI does NOT connect to your bank account or payment app. You manually choose and upload a file from your device — we have no access to your banking credentials or live account data.

2.7 Mental Wellness AI Disclaimer

Saaras AI includes a Mental Wellness AI feature that provides AI-generated suggestions for managing financial stress and emotional wellbeing. Please note the following:

• Not Professional Advice: The suggestions, tips, and responses provided by Mental Wellness AI are AI-generated and may not always be accurate or appropriate for your specific situation. This feature is not a substitute for professional mental health care, therapy, or medical advice.
• General Support Only: Mental Wellness AI is designed to offer general wellness support and stress management techniques related to financial wellbeing. It does not diagnose, treat, or cure any mental health condition.
• Seek Professional Help: If you are experiencing serious mental health issues, emotional distress, or need personal therapy, we strongly recommend consulting a licensed therapist or mental health professional.
• National Mental Health Helpline: If you need immediate help, please contact the National Mental Health Helpline at 14416 (Toll-Free, 24/7). This service is provided by the Government of India's iCALL initiative.
• No Liability: Saaras AI, its developers, and affiliates are not liable for any decisions made or actions taken based on Mental Wellness AI suggestions. Use this feature at your own discretion.

3. Purpose of Data Processing

Purpose	Legal Basis (GDPR)	DPDP Act Basis
Providing the Service (financial tracking, insights)	Contract performance	Lawful purpose — service delivery
Account authentication	Contract performance	Lawful purpose — security
Processing payments (via Razorpay)	Contract performance	Lawful purpose — transaction
Local AI-based financial analysis	Legitimate interest	Consent (user-initiated)
Cross-device data sync (Firebase Firestore)	Contract performance	Lawful purpose — service delivery
Cloud backup & data recovery	Legitimate interest	Lawful purpose — data integrity

4. Data Storage & Security

• Hybrid storage model: Your financial data is stored locally in your browser's localStorage for fast access, and synced to Google Firebase Firestore for cross-device access and backup.
• Per-user namespacing: Data is isolated per user account. Each user's cloud data is stored under a unique identifier derived from their username or Google email.
• Password security: Passwords are hashed using SHA-256 with salt before storage. Plaintext passwords are never stored locally or in the cloud.
• Cloud backup: Your data is automatically synced to Firebase Firestore. If you clear browser data, your data can be restored by signing in again on any device.
• Encryption in transit: All data transmitted to Firebase is encrypted via HTTPS/TLS.
• Firestore security rules: Server-side rules ensure users can only read and write their own data.

5. Your Rights

Under India's DPDP Act 2023

• Right to Access: View all your data within the app (Settings → Export Data)
• Right to Correction: Edit any data directly in the app
• Right to Erasure: Delete all data via Settings → Clear All Data, or clear browser storage
• Right to Grievance Redressal: Contact our Grievance Officer at system@saarasai.com
• Right to Nominate: As data is local, nomination provisions are not applicable

Under GDPR (EU/EEA Users)

• Right to Access (Article 15)
• Right to Rectification (Article 16)
• Right to Erasure / "Right to be Forgotten" (Article 17)
• Right to Data Portability (Article 20) — Export your data as JSON via Settings
• Right to Object (Article 21)
• Right to Lodge a Complaint with your local Data Protection Authority

Under CCPA (California Users)

• Right to Know: We disclose all categories of data collected above
• Right to Delete: Clear All Data in Settings
• Right to Opt-Out of Sale: We do NOT sell your personal information
• Non-Discrimination: We do not discriminate based on privacy right exercise

6. Children's Privacy

Saaras AI is not intended for children under the age of 18. We do not knowingly collect data from minors. If a parent or guardian discovers that a child has used the Service, they can delete all data by clearing browser storage. Under the DPDP Act, processing of a child's personal data requires verifiable parental consent.

7. Data Retention

• Local data: Persists until you explicitly delete it (Settings → Clear All Data) or clear browser storage
• Cloud data: Your data in Firebase Firestore persists until you delete your account or request data erasure. Signing in from a new device will restore your cloud data.
• Account deletion: When you delete your account, both local and cloud data are removed. You may also request deletion by contacting system@saarasai.com
• Payment records in Razorpay's system are retained per Razorpay's data retention policy

8. International Data Transfers

Your financial data is synced to Google Firebase Firestore, which may store data on servers located in various regions globally.
Google Firebase complies with major data protection frameworks including GDPR and maintains SOC 1, SOC 2, and ISO 27001 certifications. See Firebase Privacy & Security.
Payment data processed by Razorpay may be stored on servers in India.

9. Third-Party Services

Service	Purpose	Data Shared
Google Firebase Firestore	Cross-device data sync & cloud backup	All user data (transactions, budgets, goals, settings, hashed credentials)
Google Firebase Authentication	User authentication (Google Sign-In)	Email, name, profile picture, auth tokens
Razorpay	Payment processing	Name, email, payment details
Google Identity Services	Google Sign-In authentication	Email, name, profile picture (from Google)
Google Fonts	Typography (Inter font)	IP address (standard CDN request)
Anthropic / OpenRouter (optional, BYOK)	Advanced AI chat (Claude) — only if you provide your own API key	Your financial context (transactions, budgets, goals) is sent to the AI model for generating advice. No data is sent unless you configure an API key.
Cloudflare CDN (cdnjs)	PDF.js library for local PDF parsing	IP address (standard CDN request — no user data sent)

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy. For material changes, we will provide a prominent notice within the app.

11. Governing Law

This Privacy Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000. Any disputes shall be subject to the exclusive jurisdiction of the courts in India.

12. Contact Us

For any privacy-related queries or to exercise your data rights:

• Email: system@saarasai.com
• Grievance Officer: system@saarasai.com
• Website: saarasai.com
• Response time: Within 72 hours (DPDP Act requirement)

© 2026 Saaras AI. All rights reserved.  |  Terms of Service  |  Refund Policy