Privacy Policy — MyAurum

Effective date: 1 June 2026 · Operated by Satyam Nagwekar, Mumbai, India

Privacy is what MyAurum was built to solve, not what we tacked on after.

Indian families hold gold across generations. Most of it lives in spreadsheets, locker numbers scribbled on paper, or memories that depend on who remembers. We built MyAurum to be a record that survives the person — and to do that without becoming a record that gets sold, mined, or leaked.

What follows is the long version. The short version: your records are encrypted on your device. We can't read them. We don't sell anything. We never have, and we never will.

What we will never do.

Sell, rent, or trade your personal data to anyone, ever.
Share your portfolio holdings, estate notes, or nominee details with a third party — including under business sale or merger.
Use your records to train AI, build advertising profiles, or any commercial purpose beyond running the service.
Lock you into a subscription you can't cancel, or charge a fee to delete your account.
Access your vault outside a strict purpose — rendering features you've opened, or technical support you've explicitly requested. Access is logged and purpose-limited.

A note on encryption

Sensitive fields across your vault — item names, financial-record identifiers and folio numbers, property addresses and registration numbers, held-by and nominee names, notes, and estate-note contents — are encrypted at rest using AES-256-GCM, an authenticated cipher widely used for confidential data. Fields are encrypted on our servers immediately on save; the database stores ciphertext, not plaintext.

What this means in practice: if a hostile actor gained read access to our database alone, they would see encrypted blobs for those fields, not your records. The encryption key is held separately from the database, in our server environment.

Records are decrypted on demand to power the features you use — generating succession documents, rendering live share links to your family, surfacing details to the people you invite, sending your weekly digest. They are not used for anything else. No advertising, no profiling, no AI training, no data brokers. Never sold, never shared.

1. Who We Are

MyAurum is a web-based precious metals portfolio tracker available at myaurum.app. It is operated by Satyam Nagwekar, a Mumbai-based marketing consultant and financial writer with experience at KPMG and CRISIL. You can reach us at [email protected].

2. What We Collect

Data	Why We Collect It	How Long We Keep It
Name and email address	To create and manage your account, send verification emails, and deliver price alerts you set	Until you delete your account
Password (hashed)	To authenticate you securely. We never store your password in plain text.	Until you delete your account
Portfolio holdings you enter (MyDrawer)	To calculate and display the current value of your precious metals	Until you delete the holding or your account
Financial records you enter (MyRecords)	To maintain a private register of non-metal financial documents — fixed deposits, mutual funds, insurance policies, SGBs, etc. — for documentation and succession purposes	Until you delete the record or your account
Property entries you enter (MyProperty)	To maintain a private register of physical property — real estate, vehicles, watches, artwork, other heirlooms — for documentation and succession purposes	Until you delete the entry or your account
Photographs you attach to entries	To accompany holdings, records, or property entries (item photos, hallmark close-ups, deed scans, certificates, etc.). Stored only on our servers; not shared with any third party.	Until you remove the photograph or delete the parent entry
Family-share preferences and recipient details	To deliver invite emails and govern access when you choose to share your vault with a family member. The recipient's email address is used only to deliver the invite and route access.	Until you revoke the share or delete your account
Price alert preferences	To notify you when gold or silver crosses a price you set	Until you delete the alert or your account
Google account details (if you sign in with Google)	To authenticate you via Google OAuth. We receive your name and email only.	Until you delete your account
Google Sheets access token (if you use export)	To create a spreadsheet in your Google Drive on your behalf. The token is temporary and never stored on our servers.	Session only — expires within 1 hour

3. What We Do Not Collect

We do not collect behavioural data, browsing history, device fingerprints, location data, or any information beyond what is listed above. We do not build user profiles, run targeted advertising, or share data with data brokers.

4. How We Use Google User Data

If you sign in with Google, we receive your name and email address from Google. We use this solely to create and identify your MyAurum account. We do not access any other Google account data.

If you use the Google Sheets export feature, we request a temporary access token to create a spreadsheet in your Google Drive. This token is used only during the export operation and is never stored on our servers. We do not read, modify, or access any existing files in your Google Drive.

Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

5. Data Storage and Security

Your data is stored on servers provided by Railway (railway.app), located in the United States. Data in transit is protected by HTTPS (TLS 1.2+). Data at rest uses AES-256-GCM field-level encryption on the sensitive set described in the encryption note above; the encryption key is held in our server environment and not in the database. Passwords are hashed using bcrypt and are never stored in plain text.

While we take reasonable precautions, no system is completely secure. We cannot guarantee absolute security of your data.

6. Cookies and Analytics

We use Google Analytics (GA4) to understand how visitors use MyAurum — pages visited, time on site, and general geographic region. This data is aggregated and anonymous. We do not use advertising cookies or track individual users across other websites.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.

7. Third-Party Services

MyAurum uses the following third-party services:

Service	Purpose	Privacy Policy
Railway	Hosting and database	railway.app/legal/privacy
Resend	Transactional email delivery	resend.com/privacy
Google (OAuth, Analytics, Sheets)	Authentication, usage analytics, export	policies.google.com/privacy
gold-api.com	Live gold and silver price data	No personal data shared

8. Your Rights

You have the right to access the personal data we hold about you, correct inaccurate data, request deletion of your account and all associated data, and withdraw consent at any time.

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

9. Data Deletion

You can request deletion of your account and all associated data at any time by emailing [email protected]. We will permanently delete your data within 7 days of receiving your request.

10. Children

MyAurum is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes by email. The effective date at the top of this page will always reflect the most recent version.

12. Contact

For any privacy-related questions or requests, contact us at [email protected]. We respond within 30 days, usually faster.

← Back to MyAurum