Legal

Data Retention Policy

How HisabAI stores, manages, and deletes your personal and financial data.

Last updated: 27 November 2025

1. Introduction

This Data Retention Policy explains how HisabAI (“we”, “our”, “us”) retains, manages, archives, and deletes user data collected through the HisabAI mobile app, website, and services (“Service”).

Our goal is to store only the data we need, retain it for only as long as necessary, and delete it securely when no longer required.

2. Types of Data We Retain

We retain the following categories of data:

A. Personal Identification Information

  • Name
  • Mobile number
  • Email (optional)
  • Profile information

B. App Usage & Expense Data

  • Personal expense entries
  • Group expenses & splits
  • Settlement records
  • Messages or notes entered in the app

C. Technical & Log Data

  • Device & OS details
  • Crash logs
  • Analytics & performance data
  • IP address & location (approximate)

D. AI Model Processing Data

  • Expense insights & predictions
  • Usage patterns for AI improvement (anonymized)

We do NOT store: UPI PIN, debit/credit card details, CVV, passwords, or bank login credentials.

3. How Long We Retain Your Data

Data retention duration varies based on the type of data and its purpose:

A. Account Information

Retention: Until account is deleted + 90 days

We keep your basic profile information as long as your account remains active. When you delete your account, it is kept for 90 days before permanent removal (in case of accidental deletion).

B. Expense & Group Data

Retention: Active account lifetime

All expenses, splits, and group-related financial data are retained for as long as your account is active.

C. Payment & Settlement Logs

Retention: 2 years

UPI transaction references (not payment details) are stored for audit and fraud prevention.

D. Analytics & Logs

Retention: 12 months

Used for performance improvement and app stability tracking.

E. AI Training & Model Improvement Data

Retention: Anonymous, may be stored indefinitely

All data used for improving AI models is anonymized and cannot be traced back to an individual.

4. Data Deletion Policy

You can request deletion of your data at any time through the app or by contacting us at support@hisab.ai.

Upon deletion request:

  • Your profile and personal details are deleted within 30 days.
  • Expense data and group activity are deleted within 60 days.
  • Backups purge data fully within 90 days.

Some data may remain as required for:

  • Legal compliance
  • Fraud prevention
  • Financial record obligations

5. How We Protect Your Data

  • Encryption at rest & in transit (HTTPS, TLS)
  • Secure cloud storage (AWS / GCP)
  • Access control & role-based permissions
  • Regular security audits
  • Automatic log deletion cycles

6. Data Backup Policy

Data is periodically backed up to ensure availability and prevent loss.

  • Backup retention: up to 90 days
  • All backups are encrypted
  • Backups automatically purge expired data

7. User Rights Over Their Data

You have the right to:

  • Access your stored data
  • Modify or update personal information
  • Request deletion
  • Export your data (coming soon)
  • Withdraw consent at any time

8. Data Sharing Retention

When sharing data with third parties (such as UPI apps or analytics providers), we ensure:

  • Minimal data is shared
  • No financial credentials are ever shared
  • Third parties follow strict confidentiality policies
  • Data is deleted according to their policies

9. Policy Updates

We may update this Data Retention Policy from time to time. When we make changes, we will update the “Last updated” date at the top.

Continued use of the app means you accept the updated policy.

10. Contact Us

For questions or requests related to data retention:

Email: support@hisabai.in
Website: www.hisabai.in