Privacy Policy

Last updated: May 2026  ·  Contact: legal@inpensa.online

1. Introduction

inpensa ("we", "us", or "our") is a personal finance application built on a zero-knowledge architecture. This Privacy Policy explains how we handle your personal information when you use our iOS app, Android app, web application, or this marketing website.

Our core commitment: all financial data is encrypted on your device before it leaves your device. We cannot read your financial records. This is a technical guarantee, not just a policy promise.

2. What we collect

Account data

Email address and authentication credentials (stored as a salted hash). We do not store your password.

Financial data — encrypted

Transaction records, budgets, outlay data, and debt entries — all encrypted client-side with AES-256-GCM before transmission. We store opaque ciphertext only.

Usage metadata

Aggregate app usage statistics via Plausible Analytics (privacy-first, no cookies, no PII). This website uses Plausible.

Waitlist

If you join the waitlist, we collect your email address solely to notify you at launch. We use this for no other purpose.

3. How we use your information

  • To authenticate you and deliver the app service
  • To synchronise your encrypted data across your devices
  • To send transactional emails (account verification, security alerts)
  • To improve the product via aggregate, anonymous analytics

We do not use your data for advertising. We do not sell your data. We do not share your data with third parties except as described in section 5.

4. Retention

We retain your account and encrypted data for as long as your account is active. You may request deletion of all data at any time via the app settings or by emailing legal@inpensa.online. Deletion is permanent and irreversible within 30 days of request.

5. Third-party processors

AWS (Amazon Web Services): Cloud infrastructure, encrypted data storage (S3), and CDN. Data is stored encrypted. AWS has no access to plaintext.

Resend: Transactional email delivery (verification, security alerts). Only your email address is shared.

Plausible Analytics: Privacy-first website analytics. No cookies, no PII collected.

6. Your rights (GDPR / CCPA)

  • Access: Request a copy of your data (we will provide the encrypted blobs and your account metadata)
  • Portability: Export your data from the app at any time (CSV, JSON)
  • Deletion: Permanent account and data deletion on request
  • Opt-out: No advertising data to opt out from — we don't do it

Exercise any right by emailing legal@inpensa.online.

7. Contact

For privacy enquiries: legal@inpensa.online