inaya
Sign in

Your data, plainly explained

No legal jargon. Here's exactly what we do with your family's information.

What we collect

  • Your email address or Google account name (to sign you in)
  • Assessment answers (to generate your care report)
  • Vault data you add — parents' health details, doctors, medicines, documents, expenses
  • Nothing else. No contacts, no location, no phone data, no browsing history.

How we store it

  • All data is stored on encrypted Supabase servers (Mumbai region). Your data never leaves your control.
  • Encrypted in transit (TLS) and at rest (AES-256)
  • Row-level security (RLS) enforced at the database level — only you and family members you've explicitly invited can access your vault
  • We don't have a "view all users' data" admin panel. The database enforces access rules, not our app code.

Who can see your data

  • You — full access to everything in your vault
  • Family members you invite — they get access to the shared vault only after you send them an invite link
  • Nobody else — not us, not our hosting provider, not any third party
  • Care reports can be shared via link. The report link contains only the assessment results — it does not expose vault data (doctors, medicines, documents, etc.)

What we never do

  • Never sell your data. Not to insurers, hospitals, pharma companies, or anyone.
  • Never share your data with third parties for marketing or advertising.
  • Never train AI on your family's information.
  • Never contact your parents, doctors, or family members without your explicit action.
  • No ads, ever.

Third-party services

We use a small number of services to run Inaya. Here's exactly what they are and what they can see:

  • Supabase (Mumbai region) — database and authentication. Stores your vault data with row-level security.
  • Google OAuth — if you sign in with Google, Google knows you have an Inaya account. They don't see any vault data.
  • Vercel — hosts the website. Sees web requests but not your stored data.

That's the full list. No analytics trackers, no ad pixels, no data brokers.

Cookies

We use one cookie: your login session. That's it. No tracking cookies, no third-party cookies, no cookie consent banner needed because there's nothing to consent to.

How to delete your data

You own your data. If you want everything deleted, tap the Feedback button on any page and tell us — we'll wipe your account and all associated data within 48 hours. No questions, no retention period, no "we'll keep it for 30 days just in case."

Last updated: April 2026. We'll update this page if anything changes — no surprise policy shifts buried in emails.