Rivo Financial Intelligence
Privacy Policy
Effective May 2026 · Last Updated May 2026
This Privacy Policy explains, in plain terms, what we collect, why we collect it, how we protect it, and the choices you have.
1. Our Commitment to Your Privacy
Rivo Financial Intelligence ("Rivo," "we," "us," or "our") is an AI-powered personal finance companion built to help you understand and improve your financial life. To do that well, we work with sensitive information — your spending, your accounts, your financial habits — and we treat that responsibility with the seriousness it deserves.
This Privacy Policy explains, in plain terms, what we collect, why we collect it, how we protect it, and the choices you have. It applies to the Rivo mobile app, our website, and every connected feature (together, the "Platform" or "Service"). Read it alongside our Terms & Conditions, which it forms a part of.
We are a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (the "DPDP Act"), and we operate in line with the Information Technology Act, 2000, and applicable Reserve Bank of India guidelines. By using Rivo, you give your free, specific, informed, and unambiguous consent to the practices described here.
2. What This Policy Covers
This policy applies to the information we handle while delivering Rivo's services, which include spending analysis and categorization, savings optimization, borrowing guidance, wealth and financial planning tools, calculators, and in-app engagement features such as notifications and nudges.
A note on what's outside this policy: Rivo does not provide insurance products, mutual fund investments, KYC verification, or Aadhar-based authentication. Where any such service appears, it is offered by a regulated third party under its own privacy policy, not ours. This policy also does not extend to external websites you reach through links in our app.
3. The Information We Collect
We collect information in three ways: what you give us, what you let us access from your devices and accounts, and what we observe as you use the Service.
3.1 Information You Provide
When you register and build your profile, you share details such as your name, email address, phone number, date of birth, gender, employment information, and address. If you take up services that need it, you may also provide financial documents and identifiers required for verification or lending.
3.2 Bank and Account Data
Through licensed financial data aggregators such as Plaid and Setu, and with your permission, we retrieve your transaction history, balances, account types, and account-holder information. Your banking passwords are never seen or stored by Rivo — the aggregator handles authentication securely.
3.3 SMS Data
If you enable SMS access, Rivo reads transaction-related messages on your device and transmits them to our secure servers for processing. We use these messages to identify the merchant, amount, and date behind each transaction so we can categorize your spending automatically and keep your financial picture accurate. SMS content is sent over encrypted connections and stored with strong encryption at rest. We explain retention and sharing in detail below.
3.4 Gmail Data
If you connect your Gmail account through Google's secure authorization flow, Rivo reads relevant emails — invoices, receipts, billing statements, subscription notices — and extracts the structured details we need (amounts, merchants, dates, sender). That extracted information is stored on our encrypted servers; the full body and attachments of your emails are not retained by Rivo. Because we use Google's authorization protocol, we never receive or store your Google password, and Google keeps its own log of our access.
3.5 Information We Collect Automatically
As you use Rivo, we gather technical and usage data: your device model and operating system, app interactions, time spent, crash reports, performance metrics, and an approximate location inferred from your IP address (city or state level, never precise GPS). We also use cookies and analytics tools to understand how the Service is used and to improve it.
4. The Permissions You Control
Some of Rivo's most valuable features depend on access you grant deliberately. Three permissions matter most, and each is optional, granted separately, and revocable at any time.
| Permission | What It Powers | What We Access | How It's Handled |
|---|---|---|---|
| SMS access | Automatic expense tracking | Transaction SMS from banks and merchants | Encrypted in transit and at rest; stored up to 24 months |
| Gmail access | Receipt and subscription detection | Structured data from relevant emails | Extracted data only; no raw email stored; OAuth, no password |
| Bank linkage | Full transaction view | Transactions and balances via aggregators | No credentials stored; aggregator-secured |
None of these are required to use Rivo's core spending features — you can track expenses through manual entry without granting any of them. Turning a permission off stops future collection from that source, though data we have already gathered follows the retention schedule in Section 9.
5. How We Use Your Information
We put your information to work for purposes that are tied directly to serving you:
- Delivering, maintaining, and improving the Service;
- Analyzing your spending and producing personalized insights and recommendations;
- Assessing your eligibility and suitability for borrowing, based on your financial profile;
- Processing SMS and Gmail data to categorize expenses accurately;
- Sending you notifications, in-app messages, and helpful nudges;
- Detecting and preventing fraud and unauthorized access;
- Meeting our legal and regulatory obligations;
- Conducting research and analysis to make Rivo better.
6. Consent Framework (per the DPDP Act, 2023)
We believe consent should be understood, not buried. Here is exactly what you are agreeing to.
The data we process: your registration details, bank transaction data, SMS messages, Gmail-extracted data, and device and usage information.
The lawful basis for each use:
- Service delivery — analyzing SMS, Gmail, and bank data so we can categorize your spending and give you insights;
- Fraud prevention — examining transaction patterns to keep your account safe, a legitimate use under the DPDP Act;
- Legitimate business interest — improving the Service through analysis and research;
- Legal compliance — retaining certain records to meet RBI and anti-money-laundering requirements.
The nature of your consent: it is free (refusing does not lock you out of core features), specific (SMS, Gmail, and bank access are separate choices), informed (this policy spells out what each involves), unconditional (we don't bundle it with unrelated services), and unambiguous (it requires a clear opt-in during onboarding).
Withdrawing consent: you can change your mind at any time by adjusting permissions in the app, or by emailing cp@rivo.pe with the subject line "Withdraw Consent — [Your Email]". Withdrawal does not undo processing that was lawful before you withdrew, and some core features may stop working once a permission is removed.
7. When and How We Share Information
We share your information only when there's a clear reason to, and we are deliberately restrained about it.
7.1 Service Providers
We rely on trusted partners for things like cloud hosting, data aggregation, payment processing, analytics, and customer support. They receive only what they need to perform their function, and they are bound by confidentiality and data-protection obligations.
7.2 Lending Partners (Only If You Opt In)
If you choose to use borrowing guidance, we share limited information with Lending Partners to help match you with suitable credit. What we share is your extracted transaction data (merchant, amount, date — not raw SMS or email), relevant credit and eligibility details, and income or employment information you've provided. Our partners include institutions such as mPokket, InCred Financial Services, Branch International, and Fibe, among others; the current list lives in the app under Settings. Each partner handles your data under its own privacy policy once it reaches them. Opt out of borrowing guidance and all partner sharing stops.
7.3 Legal and Safety Reasons
We may disclose information where the law requires it — to comply with a court order, respond to a lawful government request, or protect the rights, property, and safety of our users and ourselves.
7.4 Business Transfers
If Rivo is involved in a merger, acquisition, or sale of assets, your information may transfer to the successor entity, which would remain bound by commitments at least as protective as those in this policy.
8. What We Promise Not to Do
Some commitments are easier to understand as clear "nos":
- We do not sell your personal data to data brokers.
- We do not lease your SMS or Gmail data to advertisers.
- We do not share raw SMS content or full email contents with any third party — only the structured data we extract, and only as described above.
- We do not use your financial data for behavioral ad targeting beyond the spending insights you came to Rivo for.
- We do not require you to hand over SMS or Gmail access to use Rivo's basic spending features.
9. How Long We Keep Your Information
We hold onto your data only as long as we genuinely need it to serve you or to meet a legal duty. Here's the schedule at a glance:
| Data Category | Retention Period | Purpose | What Triggers Deletion |
|---|---|---|---|
| Account details | Account lifetime + 3 years | Service continuity, fraud prevention | Account deletion or consent withdrawal |
| Bank transaction data | Up to 7 years | RBI and anti-money-laundering compliance | Expiry of the legal retention period |
| SMS data | Up to 24 months | Expense analysis and account recovery | Account deletion or permission revoked |
| Gmail extracted data | Up to 24 months | Expense categorization | Account deletion or permission revoked |
| Usage analytics | Up to 2 years | Improving the Service | Automated purge cycle |
| Security and audit logs | Up to 1 year | Breach investigation (DPDP safeguards) | Annual cycle |
All of this data is stored on servers located in India. When you ask us to delete your data, we act on it within the limits of any legal hold that requires us to retain specific records.
10. Keeping Your Information Secure
Protecting your data is a continuous discipline, not a checkbox. Our safeguards follow the security obligations of the DPDP Act and the IT Act, 2000, and span three layers:
Technical — AES-256 encryption for sensitive data (including SMS and Gmail data) at rest, TLS 1.2 or higher for data in transit, OAuth 2.0 and tokenized authentication so passwords are never stored in plaintext, and isolated backend systems with role-based access.
Administrative — collecting only what we need, limiting live-data access to staff who require it (with that access logged), running regular penetration tests and security reviews, and maintaining an incident-response plan that includes timely breach notification consistent with our regulatory duties.
Physical — data centers within India, protected by access controls and multi-factor authentication for administrative entry.
No system is perfectly impenetrable, and we can't promise absolute security. We do promise to keep raising the bar — and we ask you to do your part by using a strong password and keeping your login details confidential.
11. Your Rights and How to Use Them
Under the DPDP Act and other applicable laws, you hold meaningful rights over your information. You can exercise any of these by writing to cp@rivo.pe or, where available, directly in the app under Settings.
- Access — request a copy of the personal information we hold about you.
- Correction — fix inaccurate or incomplete details, many of which you can edit yourself in your profile.
- Erasure — ask us to delete your personal data; we'll comply within 30 days unless a law requires us to keep it.
- Withdraw consent — turn off SMS, Gmail, or bank access at any time, through your device, the app, or by email.
- Restrict processing — ask us to limit how we use your information in certain situations.
- Data portability — request your personal data in a portable format so you can take it elsewhere.
- Nominate — appoint someone to exercise your rights on your behalf in the event of death or incapacity, as the DPDP Act allows.
We also give you visibility into your own permissions: in the app, you can toggle each data source, re-authorize Gmail, and review which sources Rivo is currently drawing from.
12. Children's Privacy
Rivo is intended for adults. You must be at least 18 — the age at which credit-related services become available in India — to use the Service, and we do not knowingly collect information from anyone younger. If we learn that a minor has provided us with personal data, we will delete it promptly. If you believe this has happened, please contact cp@rivo.pe right away.
14. Changes to This Policy
As Rivo evolves and the regulatory landscape shifts, we may update this Privacy Policy. When a change is material, we'll tell you by email or through a clear notice in the app, and we'll refresh the "Last Updated" date above. Continuing to use Rivo after a change takes effect means you accept the updated policy, so it's worth checking back from time to time.
15. Talk to Us
Questions, concerns, or requests about your privacy go to a real person, and we aim to respond promptly.
| Grievance Officer | Chandresh Pancholi |
| Grievance Email | cp@rivo.pe |
| Response Commitment | Within 30 days of receipt |
| Privacy & Data Queries | cp@rivo.pe |
| Consent Withdrawal | cp@rivo.pe (subject: "Withdraw Consent — [Your Email]") |
| General Support | cp@rivo.pe |
| Registered Address | Rivo Financial Intelligence, Bengaluru, Karnataka, India |
If you've raised a data-protection grievance with us and it remains unresolved after our internal process, you may escalate it to the Data Protection Board of India once that body is operational. Any dispute relating to this policy falls under the exclusive jurisdiction of the courts of Bengaluru, Karnataka.
Rivo complies with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and applicable RBI fintech guidelines. Your trust is the foundation of everything we build.