Privacy Policy

Effective Date & Last Updated: April 5, 2026

This Privacy Policy is prepared in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection Act, 2023 ("DPDPA"). It applies to all users accessing DaikuFi from India and globally.

1. About DaikuFi & Controller Identity

DaikuFi ("App", "we", "us", "our") is a personal finance management Progressive Web Application (PWA) developed and operated by:

  • Data Fiduciary / Developer: Subhadeep Dey (Individual Developer)
  • Place of Business: Telangana, India
  • Contact Email: pietopylearning@gmail.com

This Privacy Policy explains how we collect, use, store, disclose, and protect your personal data when you use the App. By using DaikuFi, you expressly consent to the practices described herein.

2. Definitions

  • "Personal Data" means any information that relates to a natural person and can identify them directly or indirectly.
  • "Sensitive Personal Data or Information" (SPDI) as defined under Rule 3 of the SPDI Rules, 2011, includes financial information such as bank account details, income, and transaction records.
  • "Data Principal / User" means you, the individual whose personal data is being collected and processed.
  • "Data Fiduciary" means DaikuFi / Subhadeep Dey, who determines the purpose and means of processing your data.
  • "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

3. Consent

In compliance with the DPDPA 2023 and SPDI Rules 2011:

  • Your consent to this Privacy Policy is obtained prior to or at the time of data collection — by using the App or by creating an account in "Shared Planner" mode.
  • Consent for device permissions (camera, microphone) is requested in-app at the time the relevant feature is first used, through your browser's native permission prompt.
  • You have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal. To withdraw, please contact us at pietopylearning@gmail.com or clear your app data in browser/device settings.
  • This App is intended for users who are 18 years of age or older. We do not knowingly collect personal data from individuals under 18. If processing of data of a person below 18 is identified, it shall be deleted without delay.

4. Information We Collect

The information collected depends on the features and mode you use:

4.1 Personal & Account Data

  • In "Shared Planner" mode: your email address and authentication credentials (managed via Firebase Authentication / Google LLC).
  • Your display name and chosen avatar, if you customize your profile.

4.2 Sensitive Personal Data or Information (SPDI) — Financial Data

The following information constitutes SPDI under Rule 3(i) of the IT (SPDI) Rules, 2011 and is handled with heightened care:

  • Monthly income amounts you enter.
  • Fund names, fund allocations, and budget targets.
  • Transaction records: description, amount, category, payment method (e.g., UPI, cash, card).
  • Storage: Individual Planner mode — stored in your browser's localStorage on your own device as well as Firebase Firestore servers (Google LLC). Shared Planner mode — stored on Firebase Firestore servers (Google LLC), associated with your authenticated account.

Important: DaikuFi is a finance tracker only. The App does not process, initiate, or facilitate any real financial transactions, UPI payments, or banking operations.

4.3 Usage & Analytics Data

  • We use Firebase Analytics (Google LLC) to collect anonymised usage data to understand how the App is used and to improve functionality. This may include features accessed, session duration, and device type. This data is not linked to your financial data.

4.4 Device Permissions Data

  • Camera: Requested only if you use the "Scan & Pay (QR)" feature. Images are processed locally on your device for QR code detection only and are never transmitted to or stored by DaikuFi.
  • Microphone: Requested only if you use voice input for the "Daiko" chatbot. Audio is processed locally for speech-to-text conversion using your browser's built-in Web Speech API and is never transmitted to or stored by DaikuFi.

4.5 AI Assistant ("Daiko")

The "Daiko" AI assistant operates entirely locally on your device using ml5.js (a local machine-learning library). No conversation data, commands, or financial inputs processed by the AI assistant are transmitted to any external server by DaikuFi. Queries are not stored long-term unless they result in a transaction entry you choose to save.

5. How We Use Your Information

We process your personal data for the following purposes, relying on the legal bases indicated:

  • To provide the Service: Enable you to track and manage personal finances, create and manage your account (Shared Planner). (Contractual necessity / Consent)
  • To improve the App: Analyse anonymised usage trends through Firebase Analytics. (Legitimate interest)
  • To provide AI-driven financial insights: Generate budget summaries and spending tips locally. (Consent)
  • To enable PWA features: Installability, offline caching via Service Worker. (Legitimate interest)
  • To respond to support requests: Address queries or complaints submitted to our email. (Consent / Legal obligation)
  • To comply with legal obligations: Comply with applicable Indian laws, including responding to lawful orders from courts or government authorities. (Legal obligation)

We will not use your personal data or SPDI for any purpose other than those stated above without obtaining fresh, specific consent.

6. Disclosure & Sharing of Your Information

We do not sell, rent, or trade your personal data. We may share your information only in the following limited circumstances:

  • With Firebase / Google LLC (Service Provider): In "Shared Planner" mode, your account data and financial data are stored on Google Firebase servers. Google's processing is governed by the Firebase Privacy and Security documentation and Google's Data Processing Amendment. We have no control over Google's internal data handling beyond what is agreed in their terms.
  • By Legal Requirement: If required to comply with a court order, government directive, law enforcement request, or any obligation under applicable Indian law (including the IT Act 2000 and DPDPA 2023), we may disclose your information to the extent necessary.
  • To Protect Rights: If we reasonably believe disclosure is necessary to prevent fraud, protect the safety of any person, or enforce our Terms and Conditions.
  • Business Transfers: If the App is transferred to another individual or entity, user data may be transferred as part of that transaction, subject to the same privacy commitments.

7. Cross-Border Transfer of Data

In "Shared Planner" mode, your personal data (including SPDI) is stored on Firebase (Google LLC) servers, which may be located outside India, including in the United States of America. Such transfer is carried out subject to:

  • Google LLC's standard contractual clauses and Data Processing Agreement.
  • Section 16 of the DPDPA 2023 (cross-border transfer framework as notified by the Central Government).
  • Firebase's compliance with applicable international data protection standards.

By using "Shared Planner" mode, you expressly consent to your data being transferred to and processed in servers outside India as described above. Users preferring data to remain on their device should use Individual Planner mode, which stores data only in browser localStorage.

8. Data Security

We implement reasonable security measures consistent with the IT Act 2000 and SPDI Rules 2011 (Rule 8):

  • Individual Planner: Data is secured by your device's own security mechanisms. We strongly recommend using a device PIN/password and enabling the in-app PIN lock feature.
  • Shared Planner: Data in transit is protected by HTTPS / TLS encryption. Data at rest is stored on Firebase Firestore with Google's cloud security controls including access control rules. Firebase Authentication uses industry-standard protocols (OAuth 2.0).
  • The in-app PIN/pattern lock feature adds an additional access-control layer.

Despite these measures, no method of electronic storage or transmission over the internet is 100% secure. We cannot guarantee absolute security. In the event of a data breach that is likely to adversely affect your rights, we will notify you as required under Section 8 of the DPDPA 2023 and report to the Data Protection Board of India as mandated.

9. Data Retention

  • Individual Planner: Your data remains on your device's browser localStorage until you manually clear it via the "Reset Data" option in Settings, or clear the browser's cache and site data.
  • Shared Planner: Your data is retained on Firebase Firestore as long as your account is active or as needed to provide the Service. Upon account deletion or receipt of a valid erasure request, account data will be deleted within 30 days.
  • Analytics data: Anonymised analytics data collected via Firebase Analytics is retained per Google's data retention policies.

10. Your Rights as a Data Principal (DPDPA 2023)

As a Data Principal under the Digital Personal Data Protection Act, 2023, you have the following rights. To exercise any of these rights, contact our Grievance Officer at pietopylearning@gmail.com:

  1. Right to Access Information (§11): You may request a summary of the personal data we hold about you and the ways it has been processed.
  2. Right to Correction & Updation (§12): You may request correction of inaccurate personal data or updation of incomplete data.
  3. Right to Erasure (§12): You may request deletion of personal data that is no longer necessary for the purpose for which it was collected, subject to legal retention obligations.
  4. Right to Grievance Redressal (§13): You have the right to raise a grievance with our Grievance Officer and receive a response within 30 days.
  5. Right to Nominate (§14): You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.
  6. Right to Withdraw Consent (§6): You may withdraw your consent at any time; withdrawal will not affect lawfulness of prior processing.
  7. Right to Data Portability: You may request an export of your financial data in a machine-readable format. The in-app "Export Data" feature (CSV/Excel/PDF) allows you to do this directly at any time.
  8. Right to Complain to the Data Protection Board: If you are not satisfied with our response to a grievance, you may approach the Data Protection Board of India as and when it is constituted and operational under the DPDPA 2023.

We will respond to all valid rights requests within 30 days of receipt.

11. Cookies & Local Storage

DaikuFi uses browser localStorage (not traditional cookies) to store your preferences (theme, currency, mode, PIN settings) and financial data (Individual Planner mode). No tracking cookies are set by DaikuFi itself. Firebase Analytics and Firebase Authentication may set cookies as part of their service; please refer to Google's Cookie Policy for details.

12. Links to Third-Party Services

The App uses third-party libraries and services (e.g., Firebase by Google, Chart.js, ml5.js, jsPDF, html5-qrcode, XLSX.js, Roboto fonts via Google Fonts). DaikuFi is not responsible for the privacy practices of these third parties. We encourage you to review their respective privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in law, technology, or our data practices. When material changes are made, we will update the "Last Updated" date at the top of this page. For existing users, in-app notification may also be provided. We encourage you to review this Policy periodically. Your continued use of the App after the updated Policy is posted constitutes acceptance of the changes.

14. Grievance Officer

In accordance with Rule 5(9) and Rule 11 of the IT (SPDI) Rules, 2011 and Section 13 of the DPDPA, 2023, the following person has been designated as the Grievance Officer for DaikuFi:

  • Email: pietopylearning@gmail.com
  • Address: Telangana, India
  • Response Time: Grievances will be acknowledged and resolved within 30 (thirty) days of receipt.

If you have any complaint, concern, or query regarding this Privacy Policy, the processing of your personal data, or you wish to exercise any of your rights, you may contact the Grievance Officer at the email above. Please include "Privacy Grievance – DaikuFi" in the subject line of your email.

15. Governing Law & Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India, including but not limited to the IT Act 2000, IT (SPDI) Rules 2011, and the DPDPA 2023. Any dispute, claim, or matter arising from or related to this Privacy Policy shall be subject to the exclusive jurisdiction of the competent courts at Hyderabad, Telangana, India.

© 2026 Subhadeep Dey / DaikuFi. All rights reserved.