← Back to mcrux

Privacy Policy

Last updated: May 2025

1. Who We Are

mcrux (“we”, “us”, “our”) is an AI-powered portfolio analysis service for Indian retail investors, operated by its founders and reachable at info@mcrux.com. mcrux is currently pre-incorporation. This policy applies to the website mcrux.com and all associated services.

2. Data We Collect

Account information

When you sign in with Google, we receive your name, email address, and profile picture from Google. We do not collect passwords.

Portfolio data (CAS statements)

When you upload a Consolidated Account Statement (CAS) PDF, we extract and store your mutual fund holdings — fund names, ISIN codes, folios, units held, and current values. This is sensitive financial information and is treated accordingly.

Payment information

Payments are processed by Razorpay. We receive a confirmation of payment and your plan tier. We do not store card numbers, UPI IDs, or any payment instrument details.

Usage data

We may collect basic usage logs (pages visited, features used) to improve the product. We do not use third-party advertising trackers.

3. How We Use Your Data

  • To parse your CAS PDF and generate portfolio analysis reports
  • To send your portfolio data to an AI model (Google Gemini or Anthropic Claude) to produce the written analysis — your data is sent as part of the AI prompt and is not used to train the model
  • To manage your account, subscription tier, and billing
  • To send transactional emails (welcome, payment confirmation, re-analysis reminders)
  • To improve the accuracy and usefulness of our analysis

We do not sell your data to any third party. We do not use your portfolio data for advertising.

4. Third-Party Services

We use the following sub-processors to operate the service:

ServicePurposeData shared
Supabase (USA)Database & authenticationAccount + portfolio data
Google OAuthSign-inName, email, profile picture
Google Gemini (USA)AI analysis generationPortfolio holdings (anonymised prompt)
Anthropic Claude (USA)AI analysis generation (fallback)Portfolio holdings (anonymised prompt)
Razorpay (India)Payment processingEmail, payment amount
Resend (USA)Transactional emailName, email
Railway (USA)API hostingRequest logs
Vercel (USA)Frontend hostingRequest logs

5. Data Retention

  • Your account and portfolio data is retained for as long as your account exists. We keep it so your historical analyses remain available to you over time.
  • If you request account deletion by emailing info@mcrux.com, we will permanently delete your personal data and portfolio holdings within 30 days of your request.
  • Payment records may be retained for up to 7 years as required by Indian accounting and tax laws, even after account deletion.

6. Security

Portfolio data is stored in Supabase with row-level security — each user can only access their own data. API keys and secrets are stored as environment variables and never committed to source code. All traffic is encrypted via HTTPS/TLS.

7. Your Rights

Under the Information Technology (Amendment) Act 2008 and applicable Indian privacy rules, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Withdraw consent at any time (by deleting your account)

To exercise any of these rights, email info@mcrux.com. We will respond within 30 days.

8. Children

mcrux is not directed at anyone under 18 years of age. We do not knowingly collect data from minors.

9. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the website before the change takes effect. The “Last updated” date at the top will always reflect the current version.

10. Contact

For any privacy-related questions or requests, contact us at info@mcrux.com.

Terms of UseHome