Privacy Policy

This policy covers the Service available at wealth.dhiram.com and its related subdomains. The Service is intended for private use by a household and is not directed at children under 18.

We collect only what is needed to run the Service:

• Account & identity: your email address, and — if you sign in with Google — your name and basic Google profile information (see §3). Passwords are not used; sign-in is by magic link or Google.
• Financial data you provide: transactions you enter or import, account labels and the last four digits of cards, who-paid attribution, categories, notes, budgets, savings goals, and statement files (PDF/CSV) you upload.
• Statement passwords you choose to provide are used in memory to open a file and are stored only in encrypted form, never in plain text.
• Technical data: a secure session cookie to keep you signed in, and minimal server logs for security and reliability. We do not use advertising or third-party tracking cookies.

If you choose “Continue with Google”, we receive your name, email address, and basic profile details solely to create and authenticate your account. We request only the basic email and profile scopes. We do not access Gmail, Google Drive, Contacts, Calendar, or any other Google service, and we do not request restricted or sensitive scopes.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. Google profile data is used only to provide the sign-in and account feature you requested, is never sold, and is never used for advertising.

• Authenticate you and keep you signed in.
• Store, categorize, reconcile, and visualize your household finances.
• Send transactional messages you enable — magic-link sign-in emails, and optional push notifications (large charges, budget alerts, a weekly summary).
• Keep the Service secure, debug issues, and prevent abuse.

We do not sell your data, and we do not use it for advertising or profiling.

To clean up cryptic statement descriptions into readable merchant names, to read receipt or SMS screenshots you upload, and to suggest categories you can approve, short snippets of transaction text may be sent to a third-party large-language-model provider (Groq, running open-weight models). This processing is advisory and display-only — it never makes a payment or finalizes a category by itself, and your data is not used to train models. If this provider is not configured, the Service falls back to deterministic, on-device logic.

We don’t sell or rent your data. We share it only with vetted providers that help us run the Service, each limited to that purpose:

• Supabase — database, authentication, and encrypted file storage. Your data is isolated per household with row-level security.
• Vercel — application hosting and delivery.
• Google — sign-in (only if you use “Continue with Google”).
• Groq — the AI processing described in §5.
• Email & push providers — to deliver the sign-in emails and notifications you request.

We may also disclose data if required by law, or to protect the rights, safety, and security of our users and the Service.

Every record is scoped to your household by row-level security, so one household can never read another’s data. Files are kept in a private store and served only through short-lived signed links. Statement passwords are encrypted and never logged. Traffic is encrypted in transit. No system is perfectly secure, but we take reasonable, industry-standard measures to protect your information.

We keep your data for as long as your account is active so the Service works as expected. When you ask us to delete your account, we remove your personal data and financial records within a reasonable period, except where we must retain limited information to comply with law or resolve disputes.

You can access, correct, export, or delete your data at any time from within the app or by contacting us. To request account deletion, email wealth@dhiram.com from your registered address. Consistent with India’s Digital Personal Data Protection Act and other applicable laws, you may also withdraw consent and ask how your data is processed.

Our providers may process and store data on servers located in India and other countries. Where data is transferred across borders, we rely on those providers’ contractual and technical safeguards. This Service is operated from and governed by the laws of India.

We may update this policy as the Service evolves. We’ll change the “last updated” date above and, for material changes, take reasonable steps to notify you. Continued use after an update means you accept the revised policy.

Wealth Manager · operated by Dhiram Shah · Bangalore, Karnataka, India.

For any privacy question, data-access request, account- or data-deletion request, or grievance, contact our grievance officer at wealth@dhiram.com. Please write from your registered email address so we can verify the request; we aim to acknowledge and act on grievances within the timelines required under applicable Indian law.