Extrack operator
Developer tools
← Back to sign in

Privacy Policy

Last updated: May 14, 2026

1. Introduction

Extrack (“we”, “us”) is a personal finance app. This policy describes what we collect, why we use it, and what choices you have. By using Extrack you agree to this policy.

The app shows totals and summaries based on what you save. Those figures are not pulled from banks or markets. See our Terms for limits on what the product can represent.

2. Users in India

If you use Extrack from India, this section adds context under the Digital Personal Data Protection Act framework. We are the main contact for how personal data is handled for the Service.

  • Why we process data. To run accounts, store your records and preferences, secure the service, process subscriptions, and meet legal or safety obligations.
  • How your data is protected. All ledger records are stored in DynamoDB with AWS KMS-managed encryption at rest. Access from our API is scoped to your authenticated workspace via IAM least-privilege; non-API roles cannot read the tables, and unusual access is alarmed. We do not use your finance data for advertising or profiling.
  • Your rights. You may ask for access or correction of account and profile data we hold. You may ask to delete your account subject to verification, after which we remove your workspace and related records.
  • Grievances. Email privacy@myextrack.com. We will respond within a reasonable time.

3. What we collect

  • Account login. Email and authentication handled by AWS Cognito. We do not store your password in plain text.
  • Financial data you enter. Transactions, account balances, categories, recurring schedules, and related fields you save in the app. Stored in our DynamoDB tables, encrypted at rest with AWS KMS, and accessible only via the authenticated API for your workspace.
  • Automation drafts (optional feature). If you use the Automation inbox / transaction drafts feature (including via connected tools), we store draft records on the server in readable form until you post them as real transactions or delete them. Drafts may include an amount, title, date, category hints, person hints, and one or more account ids you selected. If you use split / lending drafts, a draft may also include split allocation metadata (for example which people a purchase was split with and the amounts attributed to each person) and the ids of the per-person “Lent” receivable accounts used for that workflow.
  • People directory and account directory (for automation). If you enable automation features or connect external tools, those tools may request a list of your accounts and your People directory entries (ids and names) to let you pick targets for drafts. This directory access is limited to the workspace you are signed into and is not used for advertising.
  • Profile fields you choose. Such as display name, age, profession, or country, if you add them in onboarding or Profile.
  • Operational logs. Server logs may include IP address, timestamps, and error data for security and reliability.
  • Billing metadata. If you subscribe, our payment partner and our API store subscription ids, plan tier, and payment status so we can enforce access. We do not receive your full card number. Card and mandate handling sit with the payment provider.

4. How we protect your data

In transit: TLS via API Gateway and CloudFront. At rest: DynamoDB tables use AWS KMS-managed encryption with keys we never handle in plaintext. Access from our API is scoped to your authenticated workspace using IAM least-privilege; access from any other role triggers an alarm.

We do not use your finance data for advertising or to train shared models. The full security model is documented at docs/SECURITY.md.

5. Where data lives

We use Amazon Web Services. Application data lives in DynamoDB with KMS-managed encryption at rest. Production data is intended to stay in Asia Pacific (Mumbai) ap-south-1; some global AWS services (certificates, CDN edges) may touch other regions as part of normal AWS behavior.

6. Browser storage and analytics

We store session tokens and UI preferences in your browser (local storage or similar). We do not sell your personal information.

When enabled in a deployment, we may load Google Analytics 4, Google Tag Manager, and/or PostHog for aggregated product analytics and marketing measurement. Those tools have their own cookies or storage under their policies. Optional Meta (Facebook) Pixel may be loaded via Tag Manager; when server-side Conversions API is enabled, our API may forward non-identifying page events (for example page URL without hash, IP, and user agent) to Meta for attribution.

We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioural metrics, heatmaps, and session replay to improve and market our products. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of features and online activity. We also use this information for site optimisation, fraud and security purposes, and advertising. Microsoft Clarity is loaded via Google Tag Manager. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

We set one first-party cookie named "extrack_attr" (90 days, SameSite=Lax) to remember which marketing campaign brought you here. It stores UTM parameters, your referring site’s host, the landing path, and ad-click ids (fbclid, gclid). It does not contain your email, name, phone number, IP address, or anything from your ledger.

We do not intentionally send your account ids, transaction ids, or other sensitive finance identifiers to analytics vendors.

7. Vendors we use

Non exhaustive list of infrastructure and services that may process data depending on your environment:

  • Amazon Cognito for sign in and user directory.
  • Amazon DynamoDB for application storage.
  • AWS Lambda and API Gateway for the API.
  • CloudFront, S3, CloudWatch, and related AWS services for hosting and operations.
  • Razorpay for optional paid subscriptions. Checkout and subscription status are handled on their side when you pay.
  • Microsoft Clarity for behavioural analytics (heatmaps, session replay) loaded via Google Tag Manager. Subject to the Microsoft Privacy Statement.
  • EventBridge and SQS where used for scheduled or background work.

Production data is intended to stay in Asia Pacific (Mumbai) ap-south-1. Some global AWS services (for example certificates or CDN edges) may touch other regions as part of normal AWS behavior.

We do not sell personal data. We do not use ad networks or brokers.

8. Your choices

You may request an export or deletion of your account as described in the app and in emails we send for account actions. You can update profile fields from Profile.

9. Retention

We keep data while your account exists. After verified deletion, we remove your workspace and related records as described in our deletion flow. Logs are kept for a limited period for security then rotated away.

If you use Automation drafts, those draft records are kept until you delete them, discard them, or successfully post them (after which the app may delete the draft). They are not meant as long-term storage.

10. Children

Extrack is not aimed at children under 16. If you believe a child gave us personal data, write to us and we will delete what we can.

11. Changes

We may update this policy. The date at the top shows the latest revision. Continued use after a change means you accept the updated policy.

12. Contact

Privacy: privacy@myextrack.com

Billing and receipts: support@myextrack.com