Privacy Policy

Last Updated: January 1, 2026

            Your Privacy Matters: BridgeBanks360 is committed to protecting your personal and financial information. This Privacy Policy explains how we collect, use, store, and protect your data.
        

1. Information We Collect

1.1 Personal Information

When you register for BridgeBanks360, we collect:

Account Information: Name, email address
Profile Information: Date of birth, occupation, financial goals (optional)
Authentication Data: Login credentials, session tokens, authentication cookies

1.2 Financial Information

To provide our services, we collect and process:

Bank Statements: PDF/CSV files uploaded by you containing transaction history
Transaction Data: Date, description, amount, category, merchant information
Account Aggregator Data (if enabled): Account balances, transaction history, loan details, investment holdings fetched via RBI-regulated Account Aggregator framework
Budget Information: Budget limits, spending goals, savings targets set by you
Investment Data: Portfolio holdings, stock prices, mutual fund NAVs (if you choose to track investments)
Loan/EMI Data: Loan amounts, EMI schedules, interest rates (if you choose to track loans)

1.3 Third-Party Data (Account Aggregator)

When you link your bank accounts via Account Aggregator:

We receive encrypted financial data from your banks via Setu Data Gateway (RBI-regulated)
Data is transmitted securely using end-to-end encryption
We never store your bank login credentials or passwords
You control which accounts to link and can revoke consent anytime

2. How We Use Your Information

2.1 Core Services

Transaction Analysis: Categorize expenses, identify spending patterns, generate insights
Budgeting: Track spending against budgets, send alerts when limits are exceeded
Financial Planning: Calculate savings rate, suggest budget optimizations, forecast cash flow
Reports & Analytics: Generate monthly reports, expense breakdowns, trend analysis
Goal Tracking: Monitor progress towards financial goals (savings, debt reduction, etc.)

2.2 Product Improvement

Improve categorization accuracy using machine learning (your data never shared with others)
Enhance user experience based on usage patterns
Fix bugs and optimize performance
Develop new features based on user needs

2.3 Communications

Service Notifications: Account alerts, budget reminders, unusual spending notifications
Product Updates: New feature announcements, tips & tricks
Marketing (opt-in only): Promotional emails (you can unsubscribe anytime)

2.4 Security & Compliance

Detect and prevent fraud, unauthorized access, or suspicious activity
Enforce our Terms of Service
Comply with legal obligations (court orders, government requests)

3. How We Store Your Information

3.1 Data Storage

Location: All data stored in secure cloud data centers in Mumbai, India
Database: PostgreSQL database with encrypted storage
Files: Uploaded PDFs stored securely with server-side encryption
Backups: Automated daily backups with 30-day retention

3.2 Data Security Measures

Encryption at Rest: All database tables and files encrypted using AES-256
Encryption in Transit: All API calls use HTTPS/TLS 1.3
Password Security: Passwords hashed using bcrypt (never stored in plain text)
Access Control: Role-based access, multi-factor authentication for admin accounts
Network Security: VPC isolation, private Cloud SQL connections, firewall rules
Monitoring: Real-time security alerts, audit logs, intrusion detection

3.3 Data Retention

Active Accounts: Data retained as long as your account is active
Inactive Accounts: After 12 months of inactivity, we'll send a reminder. If no response in 30 days, account may be deactivated
Deleted Accounts: Within 30 days of account deletion, all personal data permanently deleted (except as required by law)
Backups: Deleted data removed from backups within 90 days

4. How We Share Your Information

Important: We NEVER sell your personal or financial data to third parties.

4.1 Service Providers

We share limited data with trusted partners who help us operate:

Setu (Pine Labs): Account Aggregator integration (only if you enable AA)
Cloud Infrastructure: Secure hosting, database, and storage services
Analytics Providers: Anonymous usage analytics with IP anonymization
Email Service: Email delivery for notifications (email address only)

All service providers are bound by strict confidentiality agreements and GDPR-compliant data processing agreements.

4.2 Legal Requirements

We may disclose your information if required by:

Court orders, subpoenas, or legal processes
Government or regulatory authorities (RBI, SEBI, Income Tax Department)
Law enforcement agencies investigating fraud or illegal activity

4.3 Business Transfers

In case of merger, acquisition, or sale of assets, your data may be transferred to the new owner (you'll be notified in advance).

4.4 Aggregated Data

We may share anonymized, aggregated data (e.g., "30% of users save >20% monthly") for research or marketing purposes. This data cannot identify you personally.

5. Your Rights & Choices

5.1 Access & Portability

View Your Data: Access all your data via Settings > My Data
Export Your Data: Download a copy of your data in CSV/JSON format

5.2 Correction & Deletion

Update Information: Edit your profile, transactions, budgets anytime
Delete Account: Settings > Delete Account (permanent, cannot be undone)

5.3 Consent Management

Account Aggregator: Revoke bank account linking consent anytime via Settings > Linked Accounts
Email Notifications: Unsubscribe from marketing emails via link in email footer
Analytics: Opt-out of usage analytics in Settings > Privacy

5.4 Objection & Restriction

Object to certain data processing (e.g., marketing)
Request restriction of processing for specific purposes

6. Account Aggregator Privacy

6.1 How It Works

Account Aggregator is an RBI-regulated framework that allows secure, consent-based data sharing:

You grant consent via Setu consent page (not BridgeBanks360)
Your bank encrypts and sends data to Setu
Setu forwards encrypted data to BridgeBanks360
We decrypt and process data to provide analytics

6.2 What We Don't See

Never: Your bank login credentials or passwords
Never: Your debit/credit card CVV or PIN
Never: Data from accounts you didn't explicitly link

6.3 Your Control

Consent Duration: You choose how long consent is valid (default: 12 months)
Revoke Anytime: Stop data sharing instantly via Settings or Setu app
Data Retention: After revocation, we retain historical data unless you request deletion

7. Cookies & Tracking

7.1 Types of Cookies We Use

Essential Cookies: Session management, authentication (cannot be disabled)
Functional Cookies: Remember your preferences, settings
Analytics Cookies: Understand how you use the app (can be disabled)
No Advertising Cookies: We don't use cookies for targeted ads

7.2 Managing Cookies

You can control cookies via browser settings or our Cookie Settings page. Disabling essential cookies may affect functionality.

8. Children's Privacy

BridgeBanks360 is not intended for users under 18 years. We do not knowingly collect data from minors. If you're a parent and believe your child provided information, contact us immediately for deletion.

9. International Users

BridgeBanks360 is primarily for Indian users. If you access from outside India:

Your data will be transferred to and processed in India
India may have different data protection laws than your country
By using our service, you consent to this transfer

10. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be:

Posted on this page with updated "Last Updated" date
Notified via email for significant changes
Effective immediately upon posting (unless stated otherwise)

Your continued use after changes constitutes acceptance.

11. Data Breach Notification

In the unlikely event of a data breach:

We'll notify affected users within 72 hours
Email notification will include: what data was compromised, steps we're taking, actions you should take
We'll report to relevant authorities as required by law

12. Third-Party Links

Our service may contain links to external websites (e.g., bank websites, financial news). We're not responsible for privacy practices of third-party sites. Review their policies before sharing information.

13. Your Consent

By using BridgeBanks360, you consent to:

Collection, processing, and storage of your data as described
Use of cookies and tracking technologies
Transfer of data to service providers
Data processing in India

14. Contact Us

For privacy-related questions, concerns, or requests:

Email: admin@bridgebanks360.com

Address: BridgeBanks360 Private Limited
[Your Registered Office Address]
India

Response Time: We'll respond to all privacy requests within 30 days.

Related Documents:
Terms of Service | Cookie Policy | Data Processing Agreement