Yes. Core expense tracking, budget management, and savings goals are completely free. A Pro plan is available for advanced features like bank statement parsing, Gmail sync, and AI-generated financial digests.

Do I need to download an app?

No app needed. Paisa Agent works entirely on WhatsApp — just send a message to get started. There is also an optional web dashboard at paisaagent.ai for a visual overview.

How does it understand my messages?

Paisa Agent uses Google Gemini AI to understand natural language, voice notes, and receipt photos. You can type in Hindi, Telugu, Tamil, Hinglish, or English and it will parse your expense automatically.

Is my financial data safe?

Yes. Your data is encrypted in transit and at rest, stored on Google Cloud in Mumbai (asia-south1), and never shared or sold. You can delete your data at any time.

Can I use it for wedding or event budgets?

Yes. Paisa Agent has a dedicated event budget mode for weddings and large events. You can track vendor payments, set category limits, and monitor overall spend — all through WhatsApp.

What does Pro give me that Free doesn't?

Pro includes bank statement parsing (PDF or Gmail sync), an AI CFO weekly financial digest, advanced insights, and priority support. Free covers everyday expense tracking, budgets, and savings goals.

Privacy Policy

Last updated: May 9, 2026

1. Introduction

Paisa Agent ("we", "our", or "us") is an AI-powered financial assistant that helps you manage event budgets (weddings, construction, parties, and more) and track personal expenses. This Privacy Policy explains how we collect, use, and protect your information when you use our service via WhatsApp, our web dashboard at paisaagent.ai, or connected third-party services such as Gmail.

This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India, to the extent notified and applicable.

2. Consent

By sending a message to Paisa Agent on WhatsApp, signing in to the web dashboard, or otherwise using the Service, you expressly consent to the collection, use, storage, and processing of your personal data as described in this Privacy Policy. You may withdraw your consent at any time by messaging "delete my data" on WhatsApp or by emailing us. Withdrawal of consent will result in deletion of your data and termination of the Service for your account.

3. Information We Collect

Phone number (for WhatsApp communication and authentication)
Name and profile information you provide
Event details, vendor information, personal expenses, and budget data you share
Messages and media you send through WhatsApp
Usage data and interaction logs

4. Email Integration (Gmail)

You may optionally connect your Gmail account to allow Paisa Agent to automatically detect bank transaction emails. When you connect Gmail, we request read-only access to your email (the gmail.readonly scope). We never send, modify, archive, or delete any email on your behalf.

What we access:

Each new message in your inbox is checked against a hard-coded allowlist of known bank and financial-institution sender domains (e.g. HDFC, ICICI, SBI, Axis, credit-card issuers, UPI providers).
Only messages identified as bank or financial transaction notifications are parsed. All other messages — personal, social, promotional, or otherwise non-financial — are immediately discarded without further processing.

How we use this data:

For matching messages, the email subject and a body excerpt are sent to Google Gemini (Vertex AI) for structured extraction of transaction details (amount, merchant, date, account tail). Vertex AI does not use customer prompts to train Google models.
Only the extracted, structured transaction record is stored in your account. Raw email bodies are processed in memory and are never persisted to our database.
Extracted transactions appear in your dashboard and, where configured, as WhatsApp summaries for your review.

Token storage:

Your Gmail OAuth access and refresh tokens are encrypted at rest using Fernet (AES-128-CBC with HMAC-SHA256) before being stored.
Tokens are used only to access your email on your behalf and are never shared with any third party.

What we do not do with your Gmail data:

We do not use your Gmail data, or any data derived from it, to train, fine-tune, or improve any AI or machine-learning models — whether our own or general-purpose models.
We do not transfer Gmail data to advertisers, data brokers, credit bureaus, or any party for advertising or marketing purposes.
We do not sell, rent, or share your Gmail data or derived transaction data with any third party for their own purposes.
No human at Paisa Agent reads your Gmail messages or the data derived from them, except (a) with your explicit consent, (b) for security or abuse investigations, (c) to comply with applicable law, or (d) in aggregated and de-identified form for internal operations.

You can disconnect your Gmail account at any time from the Settings page. Disconnecting immediately revokes our access via Google's token-revocation endpoint, deletes your stored tokens, and stops further email processing. You may additionally request deletion of previously extracted transaction records as described in Section 10.

Limited Use: Paisa Agent's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

5. How We Use Your Information

To provide and improve our AI-powered financial management service
To send you expense summaries, payment reminders, and budget alerts via WhatsApp
To authenticate your identity via OTP
To generate reports and analytics for your events and personal budgets
To automatically extract transactions from connected email accounts

6. Internal Access by Authorised Personnel

A limited number of authorised employees and contractors of Paisa Agent may access account information to:

Provide customer support when you contact us
Investigate suspected fraud, abuse, or security incidents
Diagnose and fix technical issues you report
Monitor product health (e.g. how many users have onboarded, how often the service is used, which features perform well)
Estimate and manage operational cost (including aggregate AI token consumption per account)

What authorised personnel can see:

Account metadata: your name, plan tier, signup date, last activity, and a masked phone number (e.g. +9198••••••10)
Aggregate engagement counts: number of events, expenses, and messages associated with your account
Aggregate AI usage: token counts and estimated cost per account (used to identify abusive patterns and forecast infrastructure cost)

When the full phone number is revealed:

The full phone number is hidden by default and is only revealed when an authorised person provides a written business reason (e.g. "user reported login issue").
Every reveal is recorded in an internal audit log with the accessor's identity, timestamp, IP address, and the stated reason. We retain these records for review.
If the audit log cannot be written, the reveal is refused — no full phone number is ever shown without a corresponding audit entry.

What we do NOT do:

We do not read your conversation messages, financial details, or vendor information for product analytics.
We do not export your personal data to third-party analytics services (e.g. PostHog) without first masking or pseudonymising it.
We do not sell, rent, or share your data with advertisers.

7. AI and Data Processing

Paisa Agent uses third-party AI models (Google Gemini) to process your messages and extract financial information. Your messages are sent to these AI services for real-time processing only. We do not use your personal financial data to train, fine-tune, or improve any AI models. Conversation context is maintained in our secure database solely to provide you with a coherent and personalized experience.

Media files: When you send images, PDFs, voice messages, or other files via WhatsApp, we process them in memory to extract financial information (e.g. vendor names, amounts, transaction details). The extracted data is saved to your account, but the original media files are not stored on our servers. They are discarded immediately after processing. You can access your original files through WhatsApp's media settings at any time.

8. Data Storage and Security

Your data is stored securely on Google Cloud Platform with encryption at rest and in transit. OAuth tokens for connected services are encrypted using AES before storage. We use industry-standard security measures to protect your personal information. We do not sell, rent, or trade your data to third parties.

9. Third-Party Services

We use the following third-party services to operate:

Meta / WhatsApp Business API (messaging)
Google Cloud Platform (hosting and storage)
Google Gemini (AI processing — no data used for model training)
Gmail API (read-only email access for transaction detection, when connected by you)
Google Cloud Pub/Sub (real-time email notifications)
Sentry (error monitoring — no personal financial data is sent)
PostHog (product analytics — usage patterns only, no financial data)
Langfuse (AI quality monitoring — messages are logged for response quality; no data shared externally or used for training)

Each third-party service processes data in accordance with their own privacy policies. We share only the minimum data necessary for each service to function.

10. Data Retention and Deletion

You can request deletion of your data at any time by messaging "delete my data" on WhatsApp or by emailing us. You can disconnect your Gmail account at any time from Settings, which immediately revokes access and deletes stored tokens. We will delete your personal data within 30 days of receiving your request, except where retention is required by law.

11. Your Rights

Subject to applicable law, you have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data ("right to erasure")
Withdraw consent for data processing
Nominate another person to exercise these rights on your behalf
Lodge a grievance with us or, if unresolved, with the Data Protection Board of India (once constituted under the DPDP Act)

12. Children's Privacy

Paisa Agent is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a user is under 18, we will promptly delete their data.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via WhatsApp or on the dashboard. Your continued use of the service after changes constitutes acceptance of the updated policy. The "Last updated" date at the top reflects the most recent revision.

14. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, the Grievance Officer for Paisa Agent can be contacted at: support@paisaagent.ai

We will acknowledge your grievance within 24 hours and resolve it within 30 days of receipt.

15. Contact Us

If you have questions about this Privacy Policy, contact us at: hello@paisaagent.ai