What Paisewise does

Paisewise reads the transaction-alert emails Indian banks and card issuers already send you, extracts the transactions in them, and shows you a spends dashboard. That's the whole product; everything below follows from it.

Gmail access

  • Access is read-only (Google's gmail.readonly scope). Paisewise cannot send, delete, modify or label anything in your mailbox.
  • Only emails from known Indian bank and card-issuer senders and domains are fetched (known alert addresses, plus occasional domain-level sweeps for new bank alert addresses). Your personal mail is never downloaded.
  • Mail goes directly from Google to our server — no third-party email processor sits in between.
  • You can disconnect Gmail at any time from the account menu. Disconnecting deletes our access token immediately; syncing stops on the spot.

How your emails are processed

Extraction is primarily deterministic: transactions are parsed with hand-written and pre-validated templates. When the server has an LLM configured, unrecognised emails may be sent to an AI model for extraction — including during automatic background syncs.

What we store, and where

  • Fetched bank-alert emails and the transactions extracted from them are stored in a database that belongs to your account alone — every account has its own isolated database.
  • Your Gmail access token is stored encrypted at rest when the server secret key is configured.
  • Account data (emails, transactions, tokens) is hosted on Fly.io servers in Mumbai, India.
  • We use a single session cookie to keep you signed in. There are no ads in the app.

Product analytics

When analytics is enabled on the server, we send product events to PostHog (hosted in the US) so we can understand sign-ins, Gmail connect, sync success/failure, and similar product usage. Events may include your account email and name for identification. We do not send email bodies, message content, or extracted transaction details to PostHog. Analytics is optional and disabled when no PostHog API key is configured.

What we never do

  • Sell, share or monetise your data in any form.
  • Send your emails to an AI except to extract unrecognised bank-alert formats when an LLM is configured on the server.
  • Touch anything in your mailbox beyond reading bank-alert emails.

Deleting your data

Disconnecting Gmail deletes our access to your mailbox but keeps the transactions already imported (so you can still browse them). To delete everything — your database, account, encrypted token and statement files — use Delete account in the account menu (typed confirmation required). We revoke Google access immediately, wipe your tenant data from the live server, and remove your user row. Database replicas age out with our backup retention (Litestream snapshots: 72 hours). As a fallback, email us from the Google account you signed in with and we'll remove it all.

The demo

The demo mode runs entirely in your browser on generated sample data. Nothing is sent to or stored on our servers when you use it.

Contact

Questions or deletion requests: varora1406@gmail.com. See also our Terms of service.