How Erisai handles your data — written in plain English.
Last updated: 1 June 2026
The short version. Erisai is a personal finance tracker. Your data is stored securely in your Erisai account, synced across your devices, and — optionally — backed up to your own Google Drive. We don't sell your data and we don't use it for advertising. We don't go through the contents of your transactions except when it's needed to run the service, fix an issue you report, keep the service secure, or comply with the law. We use your email to sign you in, and keep basic crash logs to fix bugs.
1. Who we are
Erisai (the "App") is built and operated by Aida Creative Lab, based in Surabaya, Indonesia. Aida Creative Lab is the data controller responsible for your personal data under Indonesia's Personal Data Protection Law (Law No. 27 of 2022, "UU PDP"). Where this policy says "we," "us," or "our," it means Aida Creative Lab.
For any privacy question, or to exercise the rights described below, contact our data-protection contact at erisai.app@gmail.com.
2. What data Erisai collects
Data you provide directly
Your Google account email and display name — collected when you sign in with Google. Used only to identify your account and link your data to it.
Profile photo — if you choose to use your Google profile photo, it's displayed only inside Erisai on your devices.
Your financial data — accounts, balances, transactions, categories, budgets, and any notes you add. Under UU PDP, financial information is treated as specific (sensitive) personal data, so we process it only to provide the App to you, and only with your consent. We never sell it or use it for advertising.
Data collected automatically
Crash and error logs — when something goes wrong, technical details about the error are kept so we can debug if you report an issue. These logs do not contain your financial data.
Operational metrics for support — for each account we can see the timestamp of your most recent sign-in, your subscription tier, your current and peak streak counts, and the timestamp of your most recent sync. We use these only to operate the service (debug sign-in problems, verify subscription status, check the App is healthy). As a matter of policy, our team does not go through the contents of your transactions, balances, categories, budgets, or notes except where necessary to operate or repair the service, investigate a security issue or abuse, respond to a support request you send us, or comply with a legal obligation — and never to sell your data or advertise to you.
Data we do NOT collect
We do not track your location.
We do not track your activity across other apps or websites.
We do not collect contacts, photos, or any other personal data outside what's listed above.
We do not sell, share, or rent your data to advertisers, data brokers, or any third party.
3. Why we are allowed to process your data
UU PDP requires a lawful basis for processing your personal data. We rely on:
Your consent — given when you sign in and start using Erisai. Because financial data is sensitive, we rely on your explicit consent to store and sync it. You can withdraw consent at any time by deleting your data and account (see Sections 8 and 9). Withdrawing consent does not affect processing that already took place.
Performing our agreement with you — we process the data needed to actually deliver the service you signed up for: storing, syncing, and showing your finances.
Running the service safely — limited operational data (crash logs, sign-in timestamps) used to keep the App working and secure.
4. Where your data is stored
Your financial data
Your financial data — transactions, accounts, budgets, categories — is stored in your Erisai account on our secure cloud servers. This is the primary copy, and it keeps your data in sync across every device you sign in on. In addition, it is:
Cached on your device, in your browser's local storage, so the App works offline.
Optionally backed up to your own Google Drive, if you turn it on, as a file called erisai-data.json. This file lives in your Drive account, not ours, and you control it — you can delete it at any time at drive.google.com by removing the "Erisai" folder.
Account information
Your account record — your email address and (if applicable) your subscription tier — is stored alongside your data in your Erisai account on our secure cloud servers. These servers are operated for us by a third-party cloud hosting provider, under contractual security and data-processing terms.
Cross-border transfer
Our cloud servers are located in Singapore. This means your data is stored and processed outside Indonesia. UU PDP permits this where the destination offers comparable protection, where suitable safeguards are in place, or where you consent. By creating an Erisai account and using the App, you consent to your data being transferred to and processed in Singapore as described here, and we require our hosting provider to keep it secure under contractual and technical safeguards.
5. Permissions Erisai requests
Google Drive (drive.file scope) — optional, for backup. This scope only lets Erisai see and edit files it created itself. It does not let Erisai see any of your other Google Drive files.
Google Calendar events — optional, only used if you turn on calendar sync for recurring transactions.
Email and basic profile — required to identify your account.
6. Automated processing (your Pulse score)
Erisai calculates a "Pulse" score — a number that summarises your financial health — automatically from the data you log. It is for your information only: it does not make any decision about you that has a legal or similarly significant effect, and it is never shared or sold. If you object to this automated processing, you can contact us to ask that it be reviewed with human involvement.
7. How long we keep your data
We keep your data for as long as your Erisai account exists, so the App keeps working across your devices. When you delete your data or ask us to (see Section 9), we remove it from our servers; the copy cached on your device and any Google Drive backup are removed too, and routine backups are overwritten shortly afterwards. Crash and error logs are short-lived and used only for debugging. We may keep a minimal record for longer only where the law requires it.
8. Your rights
Under UU PDP — and comparable laws such as the EU GDPR — you have the right to:
Be informed about how your data is handled (this policy).
Access your data and get a copy: Settings → Backup & restore → Export downloads a complete JSON copy.
Correct or update inaccurate data — edit it directly in the App.
Delete your data (see Section 9).
Withdraw your consent at any time, and object to or restrict processing.
Data portability — receive your data in a usable format (the JSON export).
Object to automated processing and request human review (see Section 6).
Lodge a complaint — with us, and with the Indonesian data-protection authority (currently the Ministry of Communication and Digital Affairs / Komdigi, until the dedicated PDP Agency is operational).
To exercise any of these, email erisai.app@gmail.com. We aim to respond within 3 × 24 hours (three days), as required under UU PDP.
9. Deleting your data
You can delete your data and account at any time:
In the App: Settings → Backup & restore → Clear data → "Everything (including Drive)". This removes your data from our servers, the copy cached on your device, and your Google Drive backup.
By request: email erisai.app@gmail.com from your account email address and ask us to delete your account and data. We will action it without undue delay.
10. Children
Erisai is intended for users aged 18 and over and is not directed at children. Under Indonesian rules a "child" is anyone under 18 and unmarried, and a child's personal data may only be processed with verified parental or guardian consent. We do not knowingly collect data from anyone under 18 without that consent. If you believe a child has created an account, contact us and we will delete it.
11. If there is a data breach
If a security breach affects your personal data, UU PDP requires us to notify you and the data-protection authority within 3 × 24 hours (72 hours) of becoming aware of it. Our notice will describe what data was involved, what happened, and what we are doing about it.
12. Third-party services we rely on
Google — for sign-in (your email and basic profile) and, if you turn them on, Google Drive backup (drive.file scope only) and Google Calendar sync. Google handles this data under its own privacy policy.
Our cloud hosting provider — a third-party provider whose servers, located in Singapore, store and sync your Erisai account data on our behalf under contractual security and data-processing terms.
We do not use advertising networks, and we do not share or sell your data to data brokers or advertisers.
13. Security
All data transmitted between Erisai and our cloud servers (and Google's servers) is encrypted in transit using HTTPS/TLS. Data stored on your device is protected by your device's own security (passcode, biometric lock, OS encryption). Data in your Google Drive is protected by Google's own security and your Google account credentials.
That said: no system is 100% secure, and we cannot guarantee absolute security of any data.
14. International users
Erisai is operated from Indonesia and your data is stored in Singapore as described in Section 4. If you use the App from the EU/UK or California, the rights described here are intended to align with the GDPR and CCPA; contact us to exercise them.
15. Changes to this policy
If we make material changes to this Privacy Policy, we'll post the updated version here and update the "Last updated" date at the top. For significant changes, we'll also notify you inside the App.
16. Contact
If you have questions about this Privacy Policy or how Erisai handles your data, contact: erisai.app@gmail.com