Legal

Privacy Policy

Last updated: March 25, 2026

Effective Date: March 25, 2026

WealthMutant ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal and financial information when you use WealthMutant ("the Service"). By using the Service, you agree to the practices described in this policy.

1. Data We Collect

Account Information

When you create an account, we collect:

  • Email address — used for authentication, transactional emails, and account recovery
  • Name (optional) — used for personalization within the app
  • Password — stored as a salted cryptographic hash; we never store plaintext passwords

Financial Data

All financial data you enter is yours alone. We collect:

  • Transaction records — payee names, amounts, dates, categories you enter manually
  • Bank accounts and asset accounts — names, balances, and types you define
  • Budgets — budget categories, limits, and rollover settings
  • Goals and targets — emergency fund targets, debt payoff amounts, investment milestones
  • Net worth snapshots — computed from your accounts at the time of calculation

WealthMutant does not connect to your bank, does not use Plaid or any bank aggregator, and does not import transactions automatically. All data is entered manually by you.

Usage Analytics

We collect anonymized, aggregated usage data including:

  • Pages visited and features used
  • Session duration and frequency
  • Device type and browser (no fingerprinting)
  • Error events for debugging

This data cannot be linked back to your financial records and is used solely to improve the product.

2. Third-Party Services

We use the following services to operate WealthMutant. Each is contractually bound to protect your data:

| Service | Purpose | Data Shared | |---------|---------|-------------| | Supabase | Database, authentication, and file storage | All app data stored encrypted in their infrastructure (AWS US East) | | Razorpay | Payment processing | Name, email, purchase amount at checkout only. PCI DSS SAQ A compliant — we never see your card number | | Resend | Transactional email delivery | Email address and message content (receipts, OTPs, account alerts) | | Loops.so | Marketing email | Email address, opt-in status. Unsubscribe at any time | | Vercel | Hosting and CDN | Server access logs (IP, timestamp, URL) — retained 30 days |

We do not sell your data to any third party. We do not share financial data with any service beyond what is required to operate the platform.

3. How We Use Your Data

We use your data exclusively to:

  • Provide the Service — store, compute, and display your financial data within the app
  • Send transactional communications — payment receipts, password reset emails, trial expiry notices, and account alerts
  • Improve the product — analyze anonymized usage patterns to prioritize features and fix bugs
  • Prevent fraud and abuse — detect account sharing, unauthorized access, and policy violations
  • Comply with legal obligations — respond to lawful requests from Indian regulatory authorities when legally required

4. Data Security

Your security is built into the architecture:

  • Encryption at rest — All data is encrypted at rest by Supabase using AES-256
  • Encryption in transit — All connections use TLS 1.2 or higher; HTTP is redirected to HTTPS
  • Row-Level Security (RLS) — Database policies ensure users can only access their own data; no shared data access is possible at the database layer
  • No staff access — WealthMutant staff do not have access to your financial data in normal operations. Support requests are handled without viewing transaction-level data
  • Authentication — Supabase Auth with bcrypt password hashing. OAuth (Google) does not expose your password to us
  • Payment security — Razorpay handles all card processing with 3D Secure / OTP authentication. We store only a Razorpay payment ID — never card details

5. Your Rights

You have the following rights regarding your data:

Access and Correction

You can view and edit all your data directly within the app at any time. Account information can be updated in Settings.

Data Export (Portability)

You can export your transactions, budgets, and account history as a CSV file from the app. This export contains all your financial data in a portable format.

Account Deletion

You can deactivate your account from Settings → Account → Deactivate. Upon deactivation:

  • Your account is immediately locked
  • All personal and financial data is permanently deleted after 60 days
  • After the 60-day window, deletion is irreversible and we cannot recover your data
  • Anonymized, aggregate data (e.g. total number of users) may be retained

To request immediate deletion, email privacy@wealthmutant.com with the subject line "Immediate Data Deletion Request."

Opt-Out of Marketing Email

All marketing emails include an unsubscribe link. You can also email privacy@wealthmutant.com to opt out. Transactional emails (receipts, security alerts) cannot be disabled while your account is active.

6. Cookies

We use the following cookies:

| Cookie | Purpose | Type | |--------|---------|------| | sb-auth-token | Supabase authentication session | httpOnly, Secure, SameSite=Lax | | wm-region | Pricing region detection for checkout | httpOnly, Secure | | wm-intent | Purchase intent signal (pre-checkout) | httpOnly, Secure, 30-day expiry |

We do not use third-party advertising cookies or tracking pixels.

7. Children

WealthMutant is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact privacy@wealthmutant.com and we will delete it immediately.

8. International Users (GDPR and CCPA)

GDPR (European Users)

If you are located in the European Economic Area (EEA), you have rights under the General Data Protection Regulation including: the right to access, rectification, erasure ("right to be forgotten"), restriction of processing, data portability, and the right to object. Our legal basis for processing your data is performance of a contract (providing the Service you signed up for).

To exercise GDPR rights, email privacy@wealthmutant.com. We will respond within 30 days.

CCPA (California Users)

California residents have the right to know what personal information we collect, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information. To submit a CCPA request, email privacy@wealthmutant.com.

9. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email at least 30 days before the changes take effect. The updated date will be reflected at the top of this document. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, data requests, or concerns:

Email: privacy@wealthmutant.com Response time: Within 5 business days

WealthMutant operates under the laws of India. Data processing is subject to the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (India).