Privacy Policy
Last updated: June 23, 2026
This Privacy Policy describes how Vedika Pandey ("we", "our", or "us") collects, uses, and protects your information when you use the Pluto mobile application ("App") and website at usepluto.in ("Site").
By using Pluto, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the App.
1. Who This App Is For
Pluto is intended for users who are 18 years of age or older. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us personal data, please contact us and we will delete it promptly.
2. Information We Collect
a) Account Information
When you sign in with Google, we receive your name, email address, and profile picture from Google. This is used to create and identify your Pluto account.
b) Financial Data You Enter
We collect the transaction data you manually enter or approve:
- Amount
- Date
- Category
- Description / merchant name
- Transaction type (income or expense)
We also store household information (household name, member list) that you create within the App.
c) Gmail-Extracted Transaction Data
If you choose to connect your Gmail account, our system reads your emails in the background to detect transaction receipts. We extract and store only:
- Merchant name
- Transaction amount
- Transaction date
We do not store the content of your emails, email subjects, sender information, or any other email metadata. You can disconnect Gmail at any time from the App settings, which stops all future email reading and deletes our access credentials.
To enable background Gmail reading, we securely store a Gmail refresh token on our servers. This token is used solely to read your emails for transaction extraction and is deleted when you disconnect Gmail.
d) Device Data
Face ID / Biometric data — if you enable Face ID on your device, authentication is handled entirely by iOS. We never receive or store your biometric data.
Local cache — the App stores a local copy of your data on your device using SQLite to enable offline access and faster load times. This data is not shared with third parties.
3. How We Use Your Information
We use your data solely to provide and improve the Pluto experience:
- Creating and managing your account
- Displaying your financial transactions, budgets, and analytics
- Extracting transactions from Gmail receipts (if connected)
- Enabling shared household expense tracking
- Keeping your data in sync across your household members
We do not use your data for advertising, profiling, or sale to third parties.
4. How We Share Your Information
We do not sell, rent, or trade your personal data. We share it only with:
Supabase
Our backend database and authentication provider. Your data is stored on Supabase-managed servers. Supabase is GDPR-compliant and SOC 2 certified. Supabase Privacy Policy →
Used for sign-in (Google OAuth) and, if you opt in, Gmail access. Google Privacy Policy →
Anthropic (Claude AI)
If you connect Gmail, the text of each matched bank/payment email (truncated, not the full raw message) is sent to Anthropic's Claude API to extract the transaction details — merchant, amount, date, and category. Anthropic does not use API data to train its models. Under our API plan, this data is retained by Anthropic for up to 30 days for safety and security purposes, then deleted. Anthropic Privacy Policy →
We do not share your data with any other third parties beyond those listed above.
5. Data Storage and Security
Your data is stored on Supabase's cloud infrastructure. We use industry-standard security practices including:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Row-level security policies on our database so users can only access their own household's data
- Secure storage of sensitive credentials (e.g. Gmail refresh tokens)
While we take reasonable steps to protect your data, no system is completely secure. We encourage you to use a strong Google account password and enable two-factor authentication.
6. Data Retention
We retain your personal data for as long as your account is active. If you request account deletion, we will delete your data from our servers within 30 days.
To request deletion, contact us at shubh065@gmail.com with the subject line "Account Deletion Request." An in-app account deletion option will be available in a future update.
7. Your Rights Under Indian Law
Under the Digital Personal Data Protection Act, 2023 (DPDPA), you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete personal data
- Erase your personal data (right to be forgotten)
- Withdraw consent at any time (e.g. disconnecting Gmail)
- Nominate a person to exercise your rights on your behalf
To exercise any of these rights, contact us at shubh065@gmail.com.
8. Analytics and Tracking
We use PostHog to collect analytics and monitor app performance. PostHog may collect:
- In-app events (e.g. features used, screens visited)
- Issue reports submitted via the "Report an Issue" feature
- Device type, operating system version, and app version
- App performance and error data
This data is used solely to improve the Pluto experience. We do not use it for advertising or share it with third parties beyond PostHog. See PostHog's Privacy Policy.
9. Children's Privacy
Pluto is not directed at children under 18. We do not knowingly collect data from minors. If we become aware that a minor has created an account, we will delete it immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top. For significant changes, we will notify you through the App or by email. Continued use of Pluto after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact: