Privacy Policy

1. Introduction

Niptao ("we," "our," or "us"), operated by Mindweave Technologies Pvt. Ltd., is committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 ("DPDPA") of India and other applicable data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our free expense splitting application available at niptao.app.

2. Data Fiduciary Information

3. Personal Data We Collect

We collect the following categories of personal data:

3.1 Information You Provide

• Account Information: Name, email address, and profile photo (via Google OAuth or email sign-up)
• Expense Data: Expense descriptions, amounts, dates, categories, and how they are split among group members
• Group Information: Group names, member lists, and group membership details
• UPI Identifiers: UPI IDs (VPAs) you voluntarily provide for settlement purposes
• Settlement Records: Records of settlements you confirm between group members

3.2 Information Collected Automatically

• Usage Data: Pages visited, features used, session duration
• Device Information: Browser type, device type, operating system
• Authentication Data: OAuth tokens and session identifiers managed by Supabase Auth

3.3 Information We Do NOT Collect

4. Purpose of Processing (DPDPA Section 5)

We process your personal data for the following lawful purposes:

• Service Delivery: Creating and managing groups, recording expenses, calculating splits, and facilitating settlements
• Debt Simplification: Computing optimised balances across group members to minimise the number of settlements needed
• UPI Settlement: Generating UPI deeplinks pre-filled with payee VPA and amount for convenient settlement
• Communication: Sending service updates, notifications about group activity, and support responses
• Improvement: Analysing usage patterns to improve our services
• Legal Compliance: Meeting regulatory and legal obligations

5. Consent (DPDPA Section 6)

We obtain your explicit, informed consent before processing your personal data. You may:

• Grant or withdraw consent for specific processing activities
• Choose which authentication method to use (Google OAuth, email + password, or magic link)
• Optionally provide your UPI ID for settlement — this is never required
• Withdraw consent at any time (this will not affect processing done before withdrawal)

6. Your Rights (DPDPA Chapter III)

As a Data Principal under DPDPA, you have the following rights:

To exercise any of these rights, please contact us at support@mindweave.tech.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

8. Data Sharing

We may share your personal data with:

• Group Members: Your name, email, and expense data are visible to members of groups you join. UPI IDs are shared only when you initiate a settlement.
• Service Providers: Cloud hosting and authentication (Supabase), application hosting (Vercel). These providers process data on our behalf under strict agreements.
• Legal Authorities: When required by law, court order, or governmental request

We do not sell your personal data. We do not share your data with advertisers. Niptao is free and does not monetise user data.

9. Data Security (DPDPA Section 8)

We implement appropriate security measures to protect your personal data:

• Encryption at rest and in transit (TLS 1.3)
• Row-level security (RLS) on all database tables — users can only access their own groups and expenses
• OAuth 2.0 and secure session management via Supabase Auth
• No storage of payment credentials, bank details, or UPI PINs
• Regular security reviews and dependency audits

10. Data Breach Notification (DPDPA Section 8)

In the event of a personal data breach that is likely to cause harm, we will:

• Notify the Data Protection Board of India within 72 hours
• Inform affected Data Principals without undue delay
• Provide details of the breach and remedial actions taken

11. UPI Settlement and Payments

Niptao helps you settle debts via UPI but does not process payments directly. Here is how it works:

• When you tap "Settle," we generate a UPI deeplink (e.g., upi://pay?pa=...&am=...) that opens your UPI app
• The actual payment is processed entirely by your UPI app (GPay, PhonePe, Paytm, etc.)
• We never see, store, or have access to your UPI PIN, bank balance, or transaction confirmations
• Settlement confirmation in Niptao is manual — you mark a debt as settled after completing payment
• On iOS, where UPI deeplinks are unsupported, we display the UPI ID for you to copy and pay manually

12. Grievance Redressal

If you have concerns about our data processing practices, you may:

1. Contact us at support@mindweave.tech
2. We will acknowledge your complaint within 48 hours and resolve within 30 days
3. If unsatisfied, you may approach the Data Protection Board of India

13. Children's Privacy

Niptao is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will take steps to delete such data promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email and/or a prominent notice on our platform. Continued use after changes constitutes acceptance of the updated policy.

15. Contact Us