Back to DashboardRinza AI

Privacy Policy

Last updated: May 4, 2026

At Rinza AI we treat your financial data with the seriousness it deserves. This Privacy Policy explains what information we collect, why we collect it, how we secure it, and the rights you have under the Digital Personal Data Protection Act, 2023 ("DPDP Act") and other applicable Indian laws.

1. Information We Collect

  • Identity & Contact: name, email, phone, PAN, GSTIN (optional).
  • Financial Data: salary, business income, capital gains, deductions, rent, home-loan interest, investments, and similar tax-relevant figures you enter.
  • Documents: Form 16, Form 26AS, AIS/TIS, bank statements, capital-gains statements, or other PDFs you upload for ITR preparation.
  • Credit Card & Spend Data: card names, billing/due dates, typical monthly spend that you voluntarily add.
  • Usage Data: log data, device type, IP address, and interactions with the AI assistant.

2. How We Use Your Data

  • To compute your income tax under the new and old regimes for FY 2026-27.
  • To generate personalised credit card and insurance recommendations.
  • To produce ITR drafts and pre-fill statutory forms.
  • To respond to your queries via the Rinza AI assistant.
  • To improve product reliability, prevent fraud, and comply with law.

3. We Do NOT Sell Your Personal Financial Information

Rinza AI does not sell, rent, or trade your personal financial information to third parties for advertising, profiling, or marketing. Your PAN, income figures, uploaded tax documents, and chat history with the AI are never monetised by sale to data brokers, lead-gen networks, banks, NBFCs, or insurers.

When you choose to apply for a credit card or insurance product through an in-app link, you are redirected to the partner's own website and only the data you submit there is shared — never your stored Rinza AI profile.

4. Security of Sensitive PDFs & Tax Data

We treat tax documents as the highest-sensitivity data class:

  • Encryption in transit: all uploads and API calls use TLS 1.2+.
  • Encryption at rest: documents and database fields containing PAN, GSTIN, and income data are encrypted using industry-standard AES-256 by our cloud infrastructure provider.
  • Row-Level Security: our database enforces row-level access policies so only your authenticated session can read your records.
  • Least-privilege access: Rinza AI staff cannot routinely read your uploaded tax documents. Production access is restricted, audited, and used only for security incident response or where you request support.
  • AI processing: when you chat with the assistant, the prompt is sent to a third-party large-language-model gateway under contract obligations not to train on or retain your content beyond the request lifecycle.
  • Document retention: uploaded ITR-related files are retained only for the period needed to file and revise the return, after which you may delete them at any time from Settings.

5. Sharing & Disclosures

We disclose data only in these limited cases:

  • Service providers (cloud hosting, AI inference, email, analytics) bound by confidentiality and DPDP-compliant data-processing agreements.
  • Legal compliance — when required by a valid order from an Indian authority such as the Income Tax Department, CERT-In, or a court of law.
  • Business transfers — in case of a merger or acquisition, with notice to you.

6. Your Rights under the DPDP Act, 2023

  • Access a summary of personal data we hold about you.
  • Correct inaccurate or outdated data.
  • Request erasure of your data and account.
  • Withdraw consent for non-essential processing at any time.
  • Nominate another individual to exercise your rights in case of incapacity or death.
  • File a grievance with our Grievance Officer (below) and, if unresolved, with the Data Protection Board of India.

7. Cookies & Analytics

We use essential cookies for authentication and limited first-party analytics to understand product usage. We do not use third-party advertising trackers.

8. Children

The Service is not directed to anyone under 18. We do not knowingly collect data from minors.

9. Data Retention

We retain account data while your account is active and for up to 8 years thereafter to meet income-tax record-keeping obligations under Section 44AA & Rule 6F of the Income-tax Rules. You may request earlier deletion subject to legal requirements.

10. International Transfers

Data is primarily stored on servers in India or jurisdictions notified as adequate by the Government of India. Where transfers occur, we apply contractual safeguards.

11. Grievance Officer

In line with the DPDP Act and the Information Technology Rules, our Grievance Officer can be reached at:

Grievance Officer — Rinza AI
Email: grievance@rinzaai.com
Response timeline: within 30 days of receipt.

12. Changes to this Policy

We may update this Policy. Material changes will be notified in-app or via email at least 7 days before they take effect.

Reminder: Rinza AI is an AI software tool, not a SEBI/Registered Investment Advisor, and not a substitute for a qualified Chartered Accountant. See our Terms and Conditions for the full disclaimer.