Privacy Policy

How Erisai handles your data — written in plain English.

Last updated: 1 June 2026
The short version. Erisai is a personal finance tracker. Your data is stored securely in your Erisai account, synced across your devices, and — optionally — backed up to your own Google Drive. We don't sell your data and we don't use it for advertising. We don't go through the contents of your transactions except when it's needed to run the service, fix an issue you report, keep the service secure, or comply with the law. We use your email to sign you in, and keep basic crash logs to fix bugs.

1. Who we are

Erisai (the "App") is built and operated by Aida Creative Lab, based in Surabaya, Indonesia. Aida Creative Lab is the data controller responsible for your personal data under Indonesia's Personal Data Protection Law (Law No. 27 of 2022, "UU PDP"). Where this policy says "we," "us," or "our," it means Aida Creative Lab.

For any privacy question, or to exercise the rights described below, contact our data-protection contact at erisai.app@gmail.com.

2. What data Erisai collects

Data you provide directly

Data collected automatically

Data we do NOT collect

3. Why we are allowed to process your data

UU PDP requires a lawful basis for processing your personal data. We rely on:

4. Where your data is stored

Your financial data

Your financial data — transactions, accounts, budgets, categories — is stored in your Erisai account on our secure cloud servers. This is the primary copy, and it keeps your data in sync across every device you sign in on. In addition, it is:

Account information

Your account record — your email address and (if applicable) your subscription tier — is stored alongside your data in your Erisai account on our secure cloud servers. These servers are operated for us by a third-party cloud hosting provider, under contractual security and data-processing terms.

Cross-border transfer

Our cloud servers are located in Singapore. This means your data is stored and processed outside Indonesia. UU PDP permits this where the destination offers comparable protection, where suitable safeguards are in place, or where you consent. By creating an Erisai account and using the App, you consent to your data being transferred to and processed in Singapore as described here, and we require our hosting provider to keep it secure under contractual and technical safeguards.

5. Permissions Erisai requests

6. Automated processing (your Pulse score)

Erisai calculates a "Pulse" score — a number that summarises your financial health — automatically from the data you log. It is for your information only: it does not make any decision about you that has a legal or similarly significant effect, and it is never shared or sold. If you object to this automated processing, you can contact us to ask that it be reviewed with human involvement.

7. How long we keep your data

We keep your data for as long as your Erisai account exists, so the App keeps working across your devices. When you delete your data or ask us to (see Section 9), we remove it from our servers; the copy cached on your device and any Google Drive backup are removed too, and routine backups are overwritten shortly afterwards. Crash and error logs are short-lived and used only for debugging. We may keep a minimal record for longer only where the law requires it.

8. Your rights

Under UU PDP — and comparable laws such as the EU GDPR — you have the right to:

To exercise any of these, email erisai.app@gmail.com. We aim to respond within 3 × 24 hours (three days), as required under UU PDP.

9. Deleting your data

You can delete your data and account at any time:

10. Children

Erisai is intended for users aged 18 and over and is not directed at children. Under Indonesian rules a "child" is anyone under 18 and unmarried, and a child's personal data may only be processed with verified parental or guardian consent. We do not knowingly collect data from anyone under 18 without that consent. If you believe a child has created an account, contact us and we will delete it.

11. If there is a data breach

If a security breach affects your personal data, UU PDP requires us to notify you and the data-protection authority within 3 × 24 hours (72 hours) of becoming aware of it. Our notice will describe what data was involved, what happened, and what we are doing about it.

12. Third-party services we rely on

We do not use advertising networks, and we do not share or sell your data to data brokers or advertisers.

13. Security

All data transmitted between Erisai and our cloud servers (and Google's servers) is encrypted in transit using HTTPS/TLS. Data stored on your device is protected by your device's own security (passcode, biometric lock, OS encryption). Data in your Google Drive is protected by Google's own security and your Google account credentials.

That said: no system is 100% secure, and we cannot guarantee absolute security of any data.

14. International users

Erisai is operated from Indonesia and your data is stored in Singapore as described in Section 4. If you use the App from the EU/UK or California, the rights described here are intended to align with the GDPR and CCPA; contact us to exercise them.

15. Changes to this policy

If we make material changes to this Privacy Policy, we'll post the updated version here and update the "Last updated" date at the top. For significant changes, we'll also notify you inside the App.

16. Contact

If you have questions about this Privacy Policy or how Erisai handles your data, contact: erisai.app@gmail.com