Privacy Policy

Tapwise (tapwise.in) is an independent AI-powered credit card rewards optimizer based in Bengaluru, India, operated by Darsh Shah ("we", "us", "our"). We help you understand which credit cards earn you the most rewards based on your actual spending patterns.

We are not a bank, NBFC, card issuer, or a SEBI or RBI registered financial advisor. Tapwise provides informational estimates only, not financial advice.

2.1 Data you provide during onboarding

• ·Monthly salary range (for example, ₹50,000 to ₹1,00,000), stored as a bracket, not an exact figure
• ·Spending categories and estimated monthly spend per category
• ·Travel frequency (domestic or international)
• ·Names of the credit cards you currently hold
• ·Spending goals such as cashback, travel miles, or lounge access

We do not collect:

• ·PAN, Aadhaar, or any government ID
• ·Full credit or debit card numbers, CVV, or expiry dates
• ·Net banking credentials or passwords
• ·Your credit score or credit bureau data

2.2 Gmail data (read-only access)

When you choose to connect your Gmail account, Tapwise requests read-only access to your inbox solely to:

• ·Identify bank transaction notification emails (for example, "You spent ₹2,400 at Swiggy")
• ·Extract the merchant name, transaction amount, date, and card used
• ·Categorize your spending to power personalized recommendations

We do not:

• ·Read personal emails, attachments, or non-transactional emails
• ·Store the full body of any email
• ·Sell your email content, or share it with advertisers or data brokers
• ·Use your Gmail data to train AI models

Most transaction emails are read by fixed, rule-based parsers that run on our own servers. When a bank uses an email format our parsers do not yet recognize, the relevant portion of that email's text may be sent to our AI provider (GitHub Models or Azure OpenAI) solely to extract the merchant, amount, date, and card. This content is processed only to read that one transaction, is not retained by the provider for its own purposes, and is not used to train AI models. See Section 5 for our processors.

Tapwise's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Gmail access is also governed by Google's OAuth 2.0 policies.

2.3 Automatically collected data

• ·Browser type and device type, used for UI optimization
• ·Pages visited and time spent, via privacy-respecting analytics
• ·Referral source, to understand how users find us

We do not use cross-site tracking cookies.

When data sources conflict on reward rates, we use the lower value so we never overpromise what you will earn.

• ·Data is stored on servers in India, or within Google Cloud or Azure infrastructure with data residency controls
• ·Gmail tokens are stored in our database with encryption at rest provided by the platform, transmitted only over TLS 1.2 or higher, and isolated by row-level security so they are never reachable from a user session
• ·We do not sell, rent, or broker your personal data to any third party
• ·Parsed transaction records (merchant, amount, date, card) are stored against your account to power your recommendations. Disconnecting Gmail stops any further reading of your inbox; your existing records are kept so you can reconnect later, and are permanently deleted when you delete your account or request data deletion (see Section 7)
• ·You can request full data deletion at any time (see Section 7)

We do not use Facebook Pixel, Google Ads tracking, or any advertising networks.

Tapwise is intended for users aged 18 and above. We do not knowingly collect data from minors. If you believe a minor has registered, contact us at privacy@tapwise.in and we will delete the account immediately.

Under applicable Indian law, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, you have the right to:

• ·Access, request a copy of all data we hold about you
• ·Correction, ask us to correct inaccurate data
• ·Deletion, request complete erasure of your account and data
• ·Withdrawal of consent, disconnect Gmail access at any time via myaccount.google.com/permissions
• ·Data portability, request your spending summary data in a readable format

We use only essential cookies required for login sessions and security, such as CSRF tokens. We do not use advertising or profiling cookies.

We will notify registered users by email at least 14 days before any material change to this Privacy Policy. Continued use of Tapwise after the effective date constitutes acceptance.

For any privacy question or request, email privacy@tapwise.in.

Tapwise, Bengaluru, Karnataka, India.