FreeBy44FreeBy44Back

Privacy Policy

Effective date: June 1, 2026 · Last updated: May 24, 2026 · Version 1.2

1. Who We Are

FreeBy44 is operated by Shrutika Sujit Patil, a sole proprietor doing business as "Dreamverna", based in Pune, Maharashtra, India. This Privacy Policy explains what personal data we collect when you use FreeBy44, how we use it, and your rights over it. It is written in plain language to comply with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable IT Act rules.

FreeBy44 is a privacy-first website. We do not connect to your bank, we do not read your financial accounts, and we do not use your data for advertising or for behavioural tracking by third-party analytics platforms. Everything you enter is entered manually by you, for you.

Your use of FreeBy44 is also governed by our Terms of Service, which form part of this Privacy Policy.

2. What Data We Collect

We collect the following categories of data:

A. Account Data (from Google OAuth)

  • Your name
  • Your email address
  • Your Google profile picture (optional, display only)
  • Your Google account identifier (the unique sub claim, used to link your sessions securely)
  • Account creation timestamp and last login timestamp

We receive this from Google when you sign in. We do not receive your Google password or access any other Google services.

B. Financial Data (entered manually by you)

  • Asset names, categories, and current values
  • Monthly snapshot data (invested and current amounts per asset)
  • Monthly income, total investments, and total expenses
  • Outstanding liability names, amounts, and EMIs
  • Insurance policy details (provider, coverage, renewal dates)
  • FIRE settings (target corpus, SWR, inflation rates, expense baseline)
  • Milestones and sinking fund targets

This data is entered entirely by you. We never pull it from banks, brokerages, or any external financial source.

C. Session Data and Cookies

FreeBy44 uses a single essential cookie — a secure, HTTP-only session cookie set by NextAuth.js to keep you signed in. This cookie contains no financial data, only your authentication token. It expires when you log out or after a period of inactivity. You can clear this cookie at any time via your browser settings; doing so will sign you out.

We do not use tracking cookies, advertising cookies, or analytics cookies.

D. Technical Data (collected transiently by Vercel)

Your IP address and standard web request metadata (timestamp, browser type, URL requested) are logged transiently by Vercel for security, abuse prevention, and operational purposes. This data is not linked to your financial records and is not used for tracking or profiling.

What we do NOT collect: bank account numbers, card details, Aadhaar, PAN, passwords, precise location data, persistent device identifiers, advertising identifiers, or any data from third-party financial platforms.

3. How We Use Your Data and Lawful Basis

We process your personal data on the basis of your consent, given when you create your account by signing in with Google. You may withdraw consent at any time (see Section 7).

We use your data solely to provide the FreeBy44 service to you:

  • Authenticate your identity and maintain your session
  • Store and display your financial data across sessions
  • Compute your dashboard metrics, FI ratio, and corpus projections
  • Show milestone progress, savings rate, and lifestyle creep signals
  • Generate the Monthly Plan section on the Cash Flow page

We do not use your data for advertising, profiling, analytics resale, or model training.

4. Data Storage, Third-Party Processors, and Cross-Border Transfers

Your data is stored and processed by the following services on our behalf:

MongoDB Atlas — Mumbai, India (ap-south-1)

All financial data you enter is stored in a MongoDB Atlas cluster hosted in Mumbai, India. Data is encrypted at rest and in transit. MongoDB Atlas is operated by MongoDB, Inc. and is subject to MongoDB's security and compliance standards.

Vercel — global edge network

The website is hosted and served by Vercel, Inc. Server-side functions execute in Vercel's Mumbai region (bom1). Static assets are served from Vercel's global edge network for performance. Vercel may log standard request metadata (IP address, timestamp) for security purposes.

Google — OAuth authentication only

Google provides authentication via OAuth 2.0. We receive only your name, email, profile picture, and account identifier from Google. We do not access your Gmail, Google Drive, or any other Google service. No financial data is ever shared with Google. Google's use of data during authentication is governed by Google's Privacy Policy.

Vercel Analytics — global edge network

We use Vercel Analytics for privacy-friendly, cookieless usage analytics (aggregate page views and session counts). No cookies are set. No financial data is collected. IP addresses are processed transiently to derive a daily hash for deduplication and are not retained in identifiable form. Vercel Analytics is operated by Vercel, Inc.

All processors listed above are bound by data processing agreements that obligate them to maintain appropriate security and process personal data only as instructed.

Static assets (HTML, CSS, JavaScript) may be cached and served from Vercel's global edge network outside India for performance. All personal data processing — database queries, API calls, and server-side functions — occurs in Mumbai, India. Google OAuth processes authentication metadata on its global infrastructure. We do not transfer data to any country restricted by the Indian government under Section 16 of the DPDP Act, 2023. No other third parties receive your financial data. We do not use advertising networks or data brokers. The only analytics used is Vercel's privacy-friendly, cookieless service described above.

5. No Selling or Sharing of Your Data

Dreamverna does not sell, rent, or share your personal or financial data with any third party for their own purposes — ever. Your financial data is yours. The only parties who ever access it are the infrastructure providers listed above (MongoDB Atlas, Vercel, Google, Vercel Analytics), and only to the extent necessary to operate the service.

6. Data Security

We implement reasonable security practices aligned with industry standards including ISO/IEC 27001 and OWASP Top 10 guidance:

  • All data transmitted over TLS 1.2 or higher (HTTPS enforced)
  • Data at rest encrypted using AES-256 (MongoDB Atlas default)
  • Authentication via Google OAuth 2.0 with secure, HTTP-only session cookies
  • Database access restricted by IP allowlist and credential-based authentication
  • Application input validation and output encoding to mitigate OWASP Top 10 risks
  • Internal access on a least-privilege basis, only when required for support or maintenance
  • Encrypted backups on a 30-day rolling window — older backups are automatically overwritten and subject to the same access restrictions as primary data

No system is perfectly secure. In the event of a personal data breach, we will notify the Data Protection Board of India and affected users without undue delay, in the manner and within the timelines prescribed under the DPDP Act and Rules.

7. Your Rights Under the DPDP Act, 2023

Under India's Digital Personal Data Protection Act, 2023, you have the following rights:

Right to Access: You can download a complete copy of all your data at any time from Settings → Export my data. You may also request a summary by emailing us.

Right to Correction: You can update or correct your data directly within the website (assets, settings, cash flow entries, etc.). For account-level data (name, email), please update it via your Google account.

Right to Erasure: You can permanently delete your account and all associated financial data at any time directly from Settings → Delete my account. You may also request deletion by emailing contact@dreamverna.com. Deletion is completed in primary systems immediately. Encrypted backups may retain residual data for up to a further 30 days before being overwritten in our normal backup rotation, after which all copies are permanently removed.

Right to Withdraw Consent: You may withdraw consent for processing at any time. Withdrawing consent will result in account deletion, as we cannot operate the service without processing your data. Withdrawal is as easy as giving consent — simply use Settings → Delete my account, or email us at the address below to initiate it.

Right to Nominate: Under Section 14 of the DPDP Act, you may nominate another individual to exercise your data rights in the event of your death or incapacity. To register a nominee, contact us at contact@dreamverna.com.

Right to Grievance Redressal: If you have a concern about how we handle your data, contact our Grievance Officer (see Section 12). We acknowledge complaints within 24 hours and resolve them within 15 days. If unresolved, you may raise a complaint with the Data Protection Board of India once it becomes operational.

8. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you. All projections, FI ratios, milestone statuses, and traffic light signals shown in the website are deterministic calculations based entirely on data and assumptions you enter yourself. No AI or machine learning models are applied to your data.

9. Data Retention

We retain your data for as long as your account is active. The value of FreeBy44 compounds over time — your historical snapshots are what make trends and projections meaningful — so we keep your data until you request deletion.

Accounts inactive for 24 consecutive months will be flagged for deletion. We will email you at least 30 days before taking any action, giving you the opportunity to log in and retain your account.

After account deletion by your request, all data is removed from primary systems immediately. For inactivity-triggered deletions, removal occurs within 30 days of the scheduled deletion date. In both cases, encrypted backups are purged within a further 30 days through our normal backup rotation, after which all copies are permanently removed.

10. Children

FreeBy44 is intended for users aged 18 and above. We do not knowingly collect personal data from individuals under 18. Consistent with the DPDP Act, we do not engage in behavioural tracking, targeted advertising, or any processing directed at children. If you believe a minor has created an account, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the effective date and "last updated" date above. For significant changes, we will notify you via the email linked to your Google account or via an on-site notice before the changes take effect.

12. Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023, the details of the Grievance Officer are:

Name: Shrutika Ashok Halgekar

Designation: Grievance Officer & Data Protection Contact, Dreamverna

Address: Pune, Maharashtra, India

Email: contact@dreamverna.com

We acknowledge complaints within 24 hours and endeavour to resolve them within 15 days of receipt, in accordance with the IT (Intermediary Guidelines) Rules, 2021.

© 2026 Dreamverna. All rights reserved.

Terms of Service →