Privacy Policy

Effective Date:  ·  Last Updated:

1. Introduction

This Privacy Policy describes how BuxIQ ("we", "our", or "us") collects, uses, and protects information about you when you use the BuxIQ mobile application and the website located at https://www.buxiq.app (collectively, the "Service"). This policy applies to all users of the BuxIQ app and website, including registered users, waitlist members, and visitors.

We take your privacy seriously - especially because you are trusting us with sensitive financial information. This policy is written in plain language to be genuinely readable, not just legally defensible. We believe you deserve to know exactly how your data is handled, in clear terms.

By downloading, installing, or using the BuxIQ app, or by accessing and using the website, you acknowledge that you have read and understood this Privacy Policy and you agree to its terms. If you do not agree with any part of this policy, please discontinue use of the Service and contact us at support@buxiq.app to request deletion of any data we may hold about you.

This policy may be updated from time to time. Material changes will be communicated via in-app notification and/or email. Continued use of the Service after changes constitutes acceptance of the revised policy.

2. Data We Collect

We collect only the information necessary to provide a useful and secure personal finance experience. The categories of data we collect are described in detail below.

Personal Information

When you create a BuxIQ account, we collect your name and email address. This information is used to identify your account, communicate with you about the Service, and provide support. We do not collect your phone number unless you voluntarily provide it for support purposes.

Financial Transaction Data

The core function of BuxIQ is financial tracking. We collect and store expense, income, and transfer data that you enter manually or that is auto-detected from your SMS messages (if permission is granted). This includes transaction amounts, merchant names, dates, categories you assign or that are AI-assigned, and any notes you add. This data is associated with your account and stored securely on our servers so it is available across your devices.

SMS Transaction Data

SMS access is entirely optional and requires your explicit permission. If you grant SMS permission, BuxIQ reads bank and UPI transaction alert messages on your device to automatically detect and log expenses and income. Critically: raw SMS message text is processed entirely on your device and is never uploaded to our servers. Only the structured fields extracted from the SMS - specifically the transaction amount, merchant name, date, and transaction type - are synced to your account. The original message text stays on your phone. You can revoke SMS permission at any time in your Android device settings without affecting the core functionality of the app.

Device Information

We collect limited technical information about your device, including device model, operating system version, app version, and a unique device identifier. This information is used exclusively for crash reporting, technical diagnostics, and confirming platform compatibility. It is not used for advertising or sold to third parties.

App Usage Analytics

We collect anonymized analytics about how you use the app - such as which screens you visit, which features you use, and general session duration. This information contains no personally identifiable information (PII) and is used solely to understand usage patterns and improve the product. Individual user behaviour is never analysed for advertising purposes.

Financial Profile Data (Optional)

  • Monthly income — entered voluntarily; used solely for budget percentage calculations, savings rate scoring, and AI spending analysis. Never shared with third parties.
  • Investment portfolio entries — manually entered mutual fund, stock, FD, PPF, NPS, gold, and real estate holdings. Used for net worth calculation and portfolio tracking only. BuxIQ does not connect to any broker, demat account, or trading platform.
  • Insurance policy details — manually entered policy type, premium, renewal date. Used for renewal reminders only.
  • Loan/EMI details — manually entered lender, principal, interest rate, tenure. Used for debt-to-income calculation and payoff planning only.

Household Data (Family Plan)

  • Household membership — which users belong to which household, their role (Owner, Admin, Partner, Member, Child). Used for household dashboard, spending aggregation, and RBAC enforcement.
  • Shared financial data — transactions marked as "Household" visibility, shared goals, allowance amounts, spending limits. Visible only to household members according to privacy level settings (Private / Partner / Household).
  • Transaction comments — text comments left by household members on shared transactions. Visible only within the household.

Device and Session Data

  • Push notification tokens — Expo Push tokens stored for delivering budget alerts, bill reminders, daily briefs, and anomaly alerts. Revocable from Settings → Notifications at any time.
  • Session information — device name, device type, approximate location (city-level from IP), and last active timestamp. Used for active session management and suspicious login detection. You can view and revoke sessions from Settings → Security.
  • Preferred currency — your selected display currency (INR, SGD, MYR, IDR, THB). Used for display formatting only.

3. How We Use Your Data

We use the data we collect for the following purposes, and no others:

Providing Core App Functionality

Your transaction data, account information, and settings are used to power the core features of BuxIQ - including automatic expense tracking, AI auto-categorization of merchants, budget monitoring, savings goal tracking, and the Family Mode household dashboard. Without this data, the Service cannot function.

AI-Powered Insights

Your transaction summaries (anonymized - see Section 7 on Third Parties) are used to power the BuxIQ Financial Assistant and generate personalized insights such as spending trends, budget recommendations, and goal projections. Your name, email, phone number, and account identifiers are never included in data sent to AI inference services.

Push Notifications

With your explicit permission, we send push notifications for budget alerts, bill due-date reminders, and your optional weekly AI money brief. You can disable any or all notifications at any time in your device settings. We never send promotional push notifications from third-party brands.

Service Improvement

Anonymized usage analytics and crash reports help our engineering team identify and fix bugs, improve performance, and prioritise new features based on how people actually use the app. No personally identifiable information is used in this process.

Subscription Processing

If you upgrade to BuxIQ Pro, your billing details (name, email, and payment information) are processed by our payment partners - Razorpay for users in India, and Stripe for international users. BuxIQ does not store your card number, CVV, or bank account details. Payment processors handle and secure all payment credentials.

Waitlist & Product Communications

If you joined our waitlist or opted in to email updates during signup, we will send you product launch announcements and occasional BuxIQ news. You can unsubscribe at any time. We never send unsolicited marketing emails and we never share your email with third parties for marketing purposes.

4. Data We Do NOT Collect

We believe it is just as important to be explicit about what we do not collect as it is to describe what we do. The following categories of data are never collected by BuxIQ under any circumstances:

  • Bank passwords or netbanking credentials - We never ask for, store, or transmit your bank login credentials. BuxIQ does not use screen-scraping or credential-based bank account linking.
  • Debit or credit card numbers - We do not collect, store, or process your card numbers. Payment processing is handled entirely by Razorpay or Stripe.
  • CVV numbers or PINs - These are never requested or stored.
  • ATM or UPI PINs - BuxIQ has no access to and never requests your UPI PIN or ATM PIN.
  • Biometric data - We do not collect fingerprints, facial recognition data, or any other biometric identifiers.
  • Raw SMS message text (uploaded to servers) - SMS processing is on-device only. The original text of your SMS messages is never uploaded, transmitted, or stored by BuxIQ servers.
  • Government ID numbers - We do not collect Aadhaar numbers, PAN numbers, passport numbers, or any other government-issued identifiers.
  • Location data - BuxIQ does not request or use your GPS location.
  • Contacts or call logs - We do not access your phone contacts or call history.
  • Photos or media files - We do not access your camera roll, gallery, or any media stored on your device.

5. Data Storage & Security

We take data security seriously and implement industry-standard measures to protect your information. Our security practices include:

Encryption at Rest

All user data stored on our servers is encrypted at rest using AES-256 encryption, the same standard used by major financial institutions and governments worldwide.

Encryption in Transit

All data transmitted between the BuxIQ app and our servers is encrypted using TLS 1.2 or higher. We do not support older, insecure transport protocols.

On-Device SMS Processing

As described in Section 6, SMS transaction parsing is performed entirely on your device. The extracted structured data (amount, merchant, date) is transmitted over TLS to our servers. The original raw SMS text never leaves your device.

Credential Security

User account passwords are hashed using bcrypt with a per-user salt. Passwords are never stored in plain text and are never recoverable by BuxIQ staff. If you forget your password, we generate a new one - we cannot retrieve the old one.

API & Infrastructure Security

All API keys, database credentials, and infrastructure secrets are stored in secure environment vaults and are never embedded in source code or client-side applications. Access to production systems is restricted to authorised personnel only, with multi-factor authentication required.

Security Audits

We conduct regular internal security reviews and intend to commission independent third-party security audits as the service scales. Identified vulnerabilities are prioritised and remediated promptly.

Data Location

All user data is stored on servers located in India, in compliance with applicable data localisation requirements.

6. SMS Data

SMS access is one of BuxIQ's most powerful features, but we want to be completely transparent about how it works, because we understand it requires a significant degree of trust.

Why We Request SMS Permission

Indian banks and payment apps (HDFC, SBI, ICICI, GPay, PhonePe, Paytm, etc.) send SMS alerts for every transaction. BuxIQ can read these alerts to automatically log your expenses and income without any manual entry on your part. This is the foundation of the zero-effort tracking experience.

SMS Permission Is Completely Optional

You are never required to grant SMS permission to use BuxIQ. If you decline or revoke SMS permission, you can still use the full app by entering transactions manually. The AI features, budgets, goals, and all other functionality remain available. SMS access only removes the need for manual entry.

How SMS Is Processed

When SMS permission is granted, BuxIQ reads incoming messages on your device and applies a local pattern-matching and parsing algorithm to identify bank and UPI transaction alerts. This processing happens entirely within the app on your phone. The parsed result - a structured record containing only the transaction amount, merchant name, date, and transaction type - is then synced to your BuxIQ account over an encrypted connection. The original SMS message text is never transmitted to BuxIQ's servers under any circumstances.

Revoking SMS Permission

You can revoke SMS permission at any time without deleting your account or losing any data. To revoke: go to your Android device Settings → Apps → BuxIQ → Permissions → SMS → Deny. Future transactions will no longer be auto-detected, but all existing data in your account remains intact. iOS does not support SMS reading by third-party apps; on iOS, transactions are entered manually or imported via other methods.

Which SMS Messages Are Read

BuxIQ only processes SMS messages that match known patterns for bank transaction alerts and UPI payment notifications. Personal messages, OTPs, promotional SMS, and all other message types are ignored entirely and never processed, stored, or transmitted - not even in anonymized form.

SMS Data and AI Processing

When SMS permission is granted, bank and UPI alert messages are parsed on your device to extract structured fields: amount, merchant name, date, and transaction type. These structured fields (not the raw SMS text) may be sent to the Google Gemini API for enhanced categorisation accuracy. No SMS content is stored permanently on Google servers. You can revoke SMS permission at any time from Android Settings → Apps → BuxIQ → Permissions without losing core app functionality. This processing is covered under BuxIQ's Data Processing Agreement with Google Cloud.

7. Third-Party Services

BuxIQ uses a small number of carefully selected third-party services to operate. We share only the minimum necessary data with each partner, and we never sell your data to any third party.

Razorpay (Payment Processor — India)

Billing information (name, email, subscription plan, amount) for Pro (₹299/month or ₹2,499/year) and Family Plan (₹499/month) subscribers in India. Razorpay is the licensed Payment Aggregator — BuxIQ does not hold any PA licence. Razorpay processes UPI, credit/debit card, and net banking payments.

Stripe (Payment Processor — International)

Billing information for Pro and Family Plan subscribers outside India. Currencies supported: SGD (Singapore), MYR (Malaysia), IDR (Indonesia), THB (Thailand). Stripe handles all payment card processing — BuxIQ never stores card numbers.

Google Gemini API (Primary AI Processor)

BuxIQ uses the Google Gemini API (gemini-2.5-flash model) to power AI features including auto-categorisation of transactions, spending analysis, the AI Financial Assistant chat, daily spending briefs, and financial anomaly detection. Data sent to Gemini includes: anonymised transaction summaries (merchant name, category, amount, date). We do not send your name, email, phone number, bank account number, or any government ID to the AI processor. SMS transaction data, when permission is granted, is processed by Google Gemini API for structured field extraction only — no raw SMS text is stored on Google servers permanently. BuxIQ has accepted the Google Cloud Data Processing Agreement (DPA) to ensure DPDP Act 2023 compliance.

Groq API (Fallback AI Processor)

When the primary AI service (Google Gemini) is temporarily unavailable due to rate limits, BuxIQ automatically switches to the Groq API (llama-3.3-70b model) to ensure uninterrupted service. The same data minimisation rules apply — only anonymised transaction summaries are sent, never personal identifiers.

Cloud Hosting Provider

BuxIQ uses a cloud infrastructure provider to host our servers and databases. Your encrypted account data is stored on their infrastructure. They act as a data processor under our instruction and do not have access to unencrypted user data. Servers are located in India.

Analytics Provider

We use an analytics service to understand how the app and website are used. Only anonymized usage events (e.g., "user opened budget screen") are sent - no names, email addresses, transaction data, or any other personally identifiable information is included. The analytics provider cannot identify individual users from the data we send.

8. Data Retention

We retain your data for only as long as necessary to provide the Service and meet our legal obligations.

Active Accounts

All personal data, transaction history, budgets, goals, AI chat history, and account information is retained for the full duration that your account is active. You can view, export, and delete this data at any time.

Deleted Accounts

Upon receiving a valid account deletion request (in-app or via email), all personally identifiable data - including your profile, all transactions, all budgets, all goals, all AI history, and all financial records - is permanently and irreversibly purged from our systems within 30 days of the deletion request. You will receive a confirmation email when the deletion is complete.

Anonymized Aggregate Analytics

Anonymized aggregate analytics data - which contains no personal information and cannot be used to identify any individual user - may be retained indefinitely. This data is used for service improvement and product research only.

Inactive Accounts

If your account has had no login activity for 24 consecutive months, we will send a notice to your registered email address giving you 60 days to log in and reactivate your account. If no action is taken within that 60-day notice period, your account and all associated personal data will be automatically deleted, with the same process as a requested deletion. You will receive a final confirmation email.

Payment Records

Basic transaction records for Pro subscription payments (date, amount, plan type - not payment card details) may be retained for up to 7 years to comply with applicable tax and financial regulations in India.

9. Your Rights

You have the following rights with respect to your personal data held by BuxIQ. These rights are available to all users regardless of location.

  • Right of Access: You have the right to request a copy of all personal data we hold about you. We will provide this within 30 days of a valid request.
  • Right to Correction: If any personal information we hold about you is inaccurate or incomplete, you have the right to request correction. Most data (name, email) can be corrected directly within the app.
  • Right to Deletion: You have the right to request permanent deletion of your account and all associated personal data. See Section 10 for the full deletion process.
  • Right to Data Portability: You have the right to export your transaction data in machine-readable formats. BuxIQ supports CSV and JSON export directly from within the app under Settings → Export Data.
  • Right to Withdraw SMS Permission: If you have granted SMS access, you can withdraw this permission at any time in your device settings without any other consequences to your account.
  • Right to Opt Out of Push Notifications: You can disable push notifications at any time via your device's notification settings.
  • Right to Unsubscribe from Marketing: You can unsubscribe from product update emails at any time by clicking "Unsubscribe" in any email or by emailing us.
  • Right to Restrict Processing: In certain circumstances, you may have the right to request that we restrict the processing of your personal data.

To exercise any of these rights, email support@buxiq.app with a clear description of your request. We will respond within 48 hours on business days and fulfil all valid requests within the timelines required by applicable law.

Withdrawing Consent

You may withdraw specific data processing consents at any time through the app:

  • SMS processing: Android Settings → Apps → BuxIQ → Permissions → SMS → Deny
  • Push notifications: BuxIQ app → Settings → Notification Preferences → toggle off individual categories, or Device Settings → Notifications → BuxIQ → Disable
  • Analytics tracking: BuxIQ app → Settings → Privacy → Analytics → toggle off
  • Marketing emails: click "Unsubscribe" in any email, or email support@buxiq.app with subject "Unsubscribe"
  • AI data processing: BuxIQ app → Settings → Privacy → AI Insights → toggle off (disables AI features; core tracking continues)
  • All data processing: Delete your account from Settings → Account → Delete Account (permanent, irreversible after 30-day grace period)

Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. Some consents (e.g., SMS) can be withdrawn without losing core app functionality.

10. How to Delete Your Data

You have the right to permanently delete your account and all associated data at any time, for any reason, at no cost. Two methods are available:

Option 1 - In-App (Recommended)

Open the BuxIQ app and navigate to Settings → Danger Zone → "Delete My Account". You will be asked to type a confirmation phrase to prevent accidental deletion. Once confirmed, your account and all data - including all transactions, budgets, goals, AI chat history, and profile information - will be permanently deleted within 30 days. You will receive a confirmation email at your registered address when deletion is complete. This action cannot be undone.

Option 2 - Email Request

Send an email to support@buxiq.app with the subject line "Delete My Account". Include the email address associated with your BuxIQ account. We will process your request within 7 business days and send you a confirmation email once the deletion is complete.

What Gets Deleted

Upon account deletion, the following data is permanently and irreversibly erased: your profile and account credentials, all transaction records, all budget configurations, all savings goals, your entire AI Financial Assistant chat history, your Financial Health Score history, household membership and family data (if applicable), all custom categories and settings, and all export history.

What Is Retained After Deletion

After deletion, the only data retained is anonymized aggregate analytics that cannot identify you personally, and basic payment records required by applicable tax law (subscription date and amount only - no card details). These retained records contain no personal information linked to your identity.

Important Notice

Account deletion is permanent and irreversible. BuxIQ cannot recover your data after deletion is complete. If you are unsure, consider exporting your data first (Settings → Export Data) before initiating deletion.

11. Account Deletion

Account deletion is available directly inside the BuxIQ app at any time, without any need to contact support or provide a reason. We believe that your ability to leave and take (or erase) your data should be simple, not buried behind support tickets or waiting periods.

In-App Deletion Path

Navigate to: Settings → Danger Zone → "Delete Account" → enter confirmation phrase → confirm. The confirmation phrase prevents accidental deletions. Once submitted, your account enters a deletion queue and is fully purged within 30 days.

Data Deleted With Your Account

  • Your name and email address
  • All transaction records (manual and SMS-detected)
  • All budget configurations and history
  • All savings goals and progress data
  • All AI Financial Assistant conversations and history
  • Your Financial Health Score and all historical score data
  • Household and Family Mode memberships
  • All custom categories, tags, and app preferences
  • All notification preferences and device tokens

Data Retained After Account Deletion

Only anonymized aggregate analytics - which contain no personal information and cannot be used to identify you - may be retained after account deletion. These are used solely for product improvement. Additionally, basic payment records (subscription date, plan type, and amount - not card details) may be retained for up to 7 years to comply with Indian tax regulations. These records are not linked to your name or email after account deletion.

12. Children's Privacy

BuxIQ takes the protection of children's personal data extremely seriously, in compliance with the Digital Personal Data Protection Act, 2023, Section 9.

Age Requirements

You must be 18 years or older to create a BuxIQ account. Users under 18 may only use BuxIQ through a Family Mode child account created and managed by a parent or legal guardian.

Verifiable Parental Consent

Creating a Family Mode child account requires verifiable parental consent — the parent or guardian must be a registered BuxIQ user with a verified account, must actively create the child account from their own device, and must acknowledge the child data processing terms. A simple checkbox is not sufficient — the parent's identity is verified through their existing authenticated session.

Restrictions on Child Accounts

Child accounts (users under 18) are subject to the following protections:

  • The AI Financial Assistant chat is disabled for child accounts — no child financial data is sent to Google Gemini or Groq APIs
  • Behavioural analytics and profiling (PostHog) are disabled for child accounts
  • No marketing communications, NPS surveys, or A/B test variants are shown to child accounts
  • Child accounts cannot independently modify privacy settings or delete their account — only the parent/guardian can
  • Spending data for child accounts is visible to the parent/guardian who created the account
  • No third-party data sharing occurs for child account data beyond what is strictly necessary for core app functionality (storage, sync)

Removal of Child Data

A parent or guardian may request deletion of their child's account and all associated data at any time by contacting grievance@buxiq.app with subject "Child Data Deletion Request". Data will be permanently deleted within 15 days. If you believe a child under 18 has provided data to BuxIQ without parental consent, contact us immediately for deletion.

13. Changes to This Policy

We may update this Privacy Policy from time to time as the Service evolves, as laws change, or as our practices are refined. We are committed to keeping you informed of any changes that affect your rights or how your data is handled.

How We Notify You

When we make material changes to this policy - meaning changes that meaningfully affect your rights or how your personal data is used - we will notify you through at least one of the following channels: an in-app notification that appears the next time you open BuxIQ, and/or an email to your registered address. We will provide at least 7 days advance notice before any material changes take effect, giving you time to review the updated policy and decide whether to continue using the Service.

Non-Material Changes

Minor, non-material changes - such as corrections to typos, clarifications that do not change the substance of the policy, or updates to contact information - may be made without direct notification. The "Last Updated" date at the top of this page will always reflect the date of the most recent revision.

Your Choices After a Change

If you do not agree with a material change to this policy, you have the right to delete your account before the change takes effect. Continued use of the Service after the effective date of a change constitutes your acceptance of the revised Privacy Policy.

The "Effective Date" at the top of this page always reflects the date of the currently active version of this policy. You can always access the latest version at https://www.buxiq.app/privacy.

14. International Users & GDPR

All International Users

BuxIQ is operated from India. If you access BuxIQ from outside India, your data will be transferred to and processed in India. By using BuxIQ, you consent to this transfer. We apply the same privacy standards to all users regardless of location.

Southeast Asian Users

BuxIQ supports users in Singapore, Malaysia, Indonesia, Philippines, and Thailand. Your data is handled with the same standards as Indian users. We comply with applicable data protection laws in each market to the best of our ability.

European Union (EU) & UK Users — GDPR

If you are located in the European Union, European Economic Area, or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or UK GDPR:

  • Legal basis for processing: We process your personal data on the basis of: (a) contract performance — to provide the BuxIQ service you requested; (b) consent — for analytics cookies and marketing emails; (c) legitimate interests — for fraud prevention and service security.
  • Right to erasure (Article 17): You can request deletion of all your personal data. See our account deletion process in Section 11.
  • Right to data portability (Article 20): You can export all your financial data in JSON format from Settings → Export Data.
  • Right to restrict processing (Article 18): You may request that we restrict how we use your data while a dispute is being resolved. Email support@buxiq.app with subject "Restrict Processing".
  • Right to object (Article 21): You may object to processing based on legitimate interests. Email support@buxiq.app with subject "Object to Processing".
  • Right to lodge a complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU authorities is available at edpb.europa.eu.
  • No automated decision-making: BuxIQ does not make legally significant automated decisions about you based solely on automated processing.

To exercise any GDPR right, email support@buxiq.app with subject "GDPR Request — [Right You Are Exercising]". We will respond within 30 days as required by law.

Note: BuxIQ is a small startup. We do not have a formal EU representative or Data Protection Officer. For significant data volumes from EU users, we will appoint one as required under GDPR Article 27.

15. Cookies & Tracking

The BuxIQ website at buxiq.app uses cookies and similar technologies in a limited, privacy-respecting way.

Essential Cookies

We use a small number of essential cookies that are strictly necessary for the website to function. These include session management cookies (to keep you logged in during a visit) and security cookies (to prevent cross-site request forgery). These cookies cannot be disabled without breaking core website functionality, and no consent is required for them under applicable law.

Analytics Cookies

With your explicit consent (via the cookie consent banner displayed on your first visit), we may set analytics cookies to help us understand how visitors use our website - for example, which pages are most visited and how long visitors spend on each page. All analytics data is fully anonymized and contains no personally identifiable information. You can withdraw your consent to analytics cookies at any time by clicking "Decline" in the cookie banner on any subsequent visit, or by clearing your browser cookies.

No Advertising or Tracking Cookies

BuxIQ does not use advertising cookies, retargeting cookies, or any third-party tracking cookies for marketing purposes. We do not participate in cross-site tracking, behavioural advertising, or data brokerage. Your browsing behaviour on other websites is entirely irrelevant to us.

Cookie Management

You can manage or disable cookies at any time using your browser settings. Note that disabling essential cookies may affect certain website functionality. Instructions for managing cookies are typically found in your browser's Settings → Privacy menu. Disabling analytics cookies has no effect on your ability to use any BuxIQ feature.

Mobile App

The BuxIQ mobile application does not use browser cookies. App-based session management uses secure tokens stored in your device's protected storage, not browser cookies.

16. Push Notifications

BuxIQ may request permission to send push notifications to your device. Like SMS permission, push notification permission is entirely optional, and declining it does not affect any core functionality of the app.

Types of Push Notifications We Send

  • Budget Alerts: Notifications when you are approaching or have exceeded a budget limit you have set.
  • Bill Reminders: Reminders for upcoming recurring payments or bills you have added to BuxIQ.
  • Weekly AI Money Brief: An optional weekly summary of your spending, savings progress, and AI-generated insights for the week (must be explicitly enabled in app settings).
  • Goal Milestone Alerts: Notifications when you reach a milestone towards a savings goal.

What We Never Send

We never send promotional push notifications from third-party brands, advertisers, or partners. We never send push notifications requesting you to re-enter financial credentials. If you receive any push notification claiming to be from BuxIQ that requests your password, bank details, or OTP, treat it as a phishing attempt and report it to us immediately at support@buxiq.app.

Revoking Notification Permission

You can revoke push notification permission at any time. On Android: go to Settings → Apps → BuxIQ → Notifications → Disable. On iOS: go to Settings → BuxIQ → Notifications → Allow Notifications → Off. You can also manage individual notification types from within the BuxIQ app under Settings → Notifications.

17. Marketing Communications

If you have joined our waitlist or created a BuxIQ account and opted in to communications during signup, we may send you product updates, feature announcements, and launch news by email. We send these only to users who have explicitly opted in - we do not send unsolicited marketing emails.

How to Unsubscribe

You can unsubscribe from BuxIQ marketing emails at any time by either clicking the "Unsubscribe" link at the bottom of any marketing email, or by sending an email to support@buxiq.app with the subject line "Unsubscribe". We will process all unsubscribe requests within 48 hours. Please note that unsubscribing from marketing emails does not affect transactional emails such as account deletion confirmations, payment receipts, or security alerts - these are sent regardless of marketing preferences as they relate to your account.

No Selling or Sharing of Email Addresses

We do not sell, rent, trade, or otherwise share your email address with any third party for marketing purposes. Ever. Your email address is used only to communicate with you about BuxIQ, to process your account, and to provide support.

18. Data Breach Notification

Despite our best security practices, no system is entirely immune to security incidents. In the unlikely event of a data breach that affects your personal information, we are committed to responding promptly and transparently.

Our Commitment

In the event of a confirmed data breach affecting personal data, we will notify all affected users via email within 72 hours of becoming aware of the breach and confirming its scope. This timeline may be extended if we are working with law enforcement and notification could compromise an active investigation, but we will always notify users as soon as it is safe and legally permissible to do so.

What the Notification Will Include

Our breach notification email will clearly state: what categories of data were affected, the approximate timeframe of the breach, the steps we have already taken to contain and remediate the issue, and the specific actions we recommend you take to protect yourself (such as changing your password or monitoring accounts for suspicious activity).

Regulatory Notification

We will notify the relevant regulatory authorities as required by applicable law, including India's Data Protection Board under the DPDPA 2023, within the legally mandated timeframes.

What You Can Do

If you ever suspect unauthorised access to your BuxIQ account - even outside of a notified breach - please contact us immediately at support@buxiq.app and change your password immediately via the app. You can also delete your account at any time if you have concerns about data security.

Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023, BuxIQ has designated a Grievance Officer for India.

Grievance Officer: BuxIQ Data Privacy Team

Email: grievance@buxiq.app

Postal Address: BuxIQ, Salem, Tamil Nadu, India

Response Time: Within 48 hours of receipt, resolution within 30 days

Scope: Data grievances, privacy complaints, account deletion disputes, data accuracy requests

If you are a user in India and have a grievance related to your personal data processed by BuxIQ, please contact the Grievance Officer at the email above with subject line "Data Grievance — [Your Name]". We will acknowledge within 48 hours and resolve within 30 days as required by law.

For Southeast Asian users, contact support@buxiq.app with subject "Privacy Request".

19. Contact

Your privacy is important to us and we genuinely welcome questions, concerns, and feedback about how we handle your data. We don't hide behind form submissions and automated replies - real people read and respond to every privacy inquiry.

Privacy Inquiries

For any privacy-related questions, requests, or concerns - including data access requests, correction requests, deletion requests, or general questions about this policy - please contact us at:

  • Email: support@buxiq.app
  • Subject line for deletion requests: "Delete My Account"
  • Subject line for data access requests: "Data Access Request"
  • Response time: Within 48 hours on business days (Monday–Friday, excluding Indian public holidays)

Registered Address

BuxIQ
Salem, Tamil Nadu, India
support@buxiq.app

We respond to all privacy inquiries within 48 hours on business days. For urgent security issues - such as suspected unauthorised access to your account - please mark your email with the subject "URGENT - Security Issue" and we will prioritise your request.