Privacy Policy

Last Updated: January 2025

Effective Date: January 2025

1. Introduction

Welcome to Capital Friends by Jagadeesh Manne ("we," "our," or "us"). This Privacy Policy explains how we collect, use, and protect your information when you use our Google Sheets-based family wealth tracking template.

Capital Friends is an open-source project hosted on GitHub that provides a Google Sheets template for personal family finance management. Unlike traditional web applications, Capital Friends operates entirely within your Google Drive after initial setup.

How Capital Friends Works

1. You Visit the Landing Page: You visit our website at capitalfriends.in or jagadeeshkmanne.github.io/capital-friends
2. You Click "Get My Copy": This opens Google's native spreadsheet copy URL in a new tab
3. You Make a Copy: Google Sheets creates a copy directly in YOUR Google Drive (you own it immediately)
4. You Own Everything: The sheet is 100% yours from the moment you copy it. It lives in your Google Drive, and we collect ZERO data from you

2. Information We Collect

NONE. We collect ZERO personal data from you.

Capital Friends does not collect, store, or transmit any of the following:

• ❌ Your email address
• ❌ Your Google account information
• ❌ Spreadsheet IDs or names
• ❌ Timestamps or usage analytics
• ❌ Device information, IP addresses, or location data
• ❌ Questionnaire answers or security assessment data
• ❌ ANY identifiable information about you

2.1 About the Questionnaire Feature

Your copy includes an optional 8-question security questionnaire feature. Important clarification:

• The questionnaire answers are stored only in YOUR copy - we never collect them
• These answers are used to customize email reminders that YOUR copy sends to YOU
• You can complete, skip, or update the questionnaire anytime within your copy
• The questionnaire is a feature FOR you, not data collection BY us

2.2 No Tracking Code

While the template includes an onOpen() trigger function called trackFirstTimeCopy() in the code, this function:

• Cannot access your email: Due to Google's authorization model, Session.getEffectiveUser().getEmail() only returns the original template owner's email (the developer), not yours
• Cannot access your copy: The function attempts to write to an admin tracking sheet, but fails silently due to permission restrictions
• Does not interrupt your use: Any tracking failures are caught and logged silently - your spreadsheet works perfectly regardless
• Is fully transparent: You can view this code yourself in your copy (Extensions → Apps Script) and verify it collects nothing from you

3. Data You Control

All data in your Capital Friends copy belongs to YOU and is accessible ONLY by YOU:

• Your Financial Data: Bank balances, account numbers, investment values, transaction history, net worth calculations - all stored in YOUR Google Drive
• Family Member Information: Names, dates of birth, PAN numbers, Aadhar numbers, passport details, phone numbers, addresses - all in YOUR copy
• Bank Account Details: Account numbers, IFSC codes, branch names, account types, balances - all private to YOU
• Investment Details: Stock holdings, mutual fund investments, FD details, gold holdings, real estate values - all YOUR data
• Document Information: Locations of wills, deeds, insurance policies, or any documents you track - all stored in YOUR sheet
• Email Content: The security reminder emails are sent FROM your Gmail account TO your email address using YOUR Gmail permissions
• Usage Patterns: How often you use the sheet, what features you use, what calculations you perform - Google may log this for their own purposes, but we have no access

4. How We Use Your Information

We don't collect any information, so there's nothing to use.

4.1 No Analytics or Tracking

• We have NO analytics service monitoring your usage
• We have NO database storing user information
• We have NO server-side code processing your data
• We have NO tracking pixels or cookies on the landing page

4.2 Technical Support

• If you contact us with a technical issue, we'll respond via email
• We CANNOT access your copy or your data - even for support purposes
• Support is limited to: answering questions about how features work, helping with formula errors, explaining the code
• We cannot troubleshoot issues specific to your financial data (since we can't see it)

4.3 No Marketing

• We do NOT send marketing or promotional emails
• We do NOT sell or share any data (because we have none)
• We do NOT send you any automated emails (all emails come from YOUR copy to YOU)
• The only emails you receive are from YOUR Gmail account based on triggers YOU configure

5. Data Storage & Security

5.1 No Central Database

Capital Friends has NO central database or tracking system:

• No user database: We don't store emails, names, or identifiers
• No analytics database: We don't track usage statistics or behavior
• No server: We have no backend server collecting or processing data
• No cookies: The landing page doesn't set any tracking cookies

Why no tracking? The template code includes a trackFirstTimeCopy() function, but due to Google's authorization model for simple triggers, it cannot access your email or copy details. It fails silently and doesn't interrupt your use.

5.2 Your Copy (Your Google Drive)

Your copy is stored in YOUR Google Drive with:

• Google's enterprise-grade security (AES-256 encryption at rest, TLS 1.2+ in transit)
• Your own Google account's privacy settings and 2FA protection
• Your choice of sharing permissions (we recommend keeping it private)
• Your own backup and retention policies (File → Download → Microsoft Excel)
• Complete ownership - you can delete it anytime from your Google Drive

5.3 Data Sources

Capital Friends uses Google Sheets' IMPORTRANGE function to fetch public reference data:

• Master MF Database: Imports mutual fund names, codes, categories, and NAV prices from a public master database (updated daily by the developer)
• Stock Master Database: Imports stock symbols, company names, and ISIN codes from a public reference sheet
• Read-only access: Data flows FROM master database TO your sheet only - your financial data never goes back
• No server-side API calls: The master database (maintained by the developer) fetches NAV data from AMFI India, but YOUR copy only uses IMPORTRANGE
• No user data sent: IMPORTRANGE only reads public reference data - your personal financial data never leaves your Drive

5A. Data Protection Mechanisms & Security Safeguards

Capital Friends implements multiple layers of security to protect sensitive user data. This section details the technical and organizational measures we employ.

5A.1 Encryption & Data Protection

Encryption at Rest

• Google Drive Encryption: All user data (financial information, family details, PAN/Aadhar numbers) is stored in Google Drive, which uses AES-256 encryption at rest
• Server-Side Encryption: Google automatically encrypts all files before writing them to disk across multiple data centers
• No Local Storage: Capital Friends does not store sensitive data in browser localStorage, sessionStorage, or cookies - all data resides encrypted in Google's infrastructure
• Apps Script Properties: Document-specific properties (used for tracking first-time setup) are encrypted by Google Apps Script platform

Encryption in Transit

• TLS 1.2+: All communications between your browser and Google's servers use TLS (Transport Layer Security) version 1.2 or higher
• HTTPS Only: The web app, landing page, and all API calls are served exclusively over HTTPS (HTTP Strict Transport Security enabled)
• Encrypted Email Transmission: Emails sent via Gmail use TLS for delivery (encrypted in transit between mail servers)
• No Plaintext Transmission: Sensitive data is never transmitted in plaintext over the network

5A.2 Access Controls & Authentication

User Authentication

• Google OAuth 2.0: All access to your data requires Google account authentication - no separate passwords or credentials
• Session Management: Google Apps Script manages secure sessions with automatic timeout after inactivity
• Multi-Factor Authentication Support: Capital Friends respects your Google account's 2FA settings (we recommend enabling 2FA)
• No Password Storage: Capital Friends never stores, transmits, or has access to your Google account password

Ownership-Based Access Control

• Immediate Ownership via Google's /copy: Google's native copy feature creates a new spreadsheet owned by YOU from the first moment
• Zero Developer Access: The developer never has access to your copy - enforced by Google Drive's permission model
• Granular Sharing Controls: You control who can view/edit your copy via Google Drive's sharing settings
• Private by Default: Newly created copies are private to your account only (not shared publicly)

OAuth Scope Restrictions

• Minimal Scopes: Capital Friends requests only 4 OAuth scopes (spreadsheets.currentonly, gmail.send, script.scriptapp, script.container.ui)
• No Broad Permissions: Does NOT request access to all Google Drive files, Gmail inbox, Calendar, or Contacts
• Current Spreadsheet Only: The spreadsheets.currentonly scope limits access to ONLY your Capital Friends copy - not other spreadsheets or Drive files
• User-Revocable: You can revoke permissions anytime via Google Account Settings → Security → Third-party apps

5A.3 Data Minimization & Retention

Zero Data Collection

• No Email Collection: We do NOT collect your email address (the onOpen() trigger cannot access it due to authorization restrictions)
• No Spreadsheet Tracking: We do NOT store your copy's ID or any identifiers
• No Analytics: We do NOT record timestamps, usage statistics, or behavior patterns
• No Financial Data Collection: We never access, collect, or store your bank balances, investment values, or transaction history
• No PII Collection: We don't collect names, PAN numbers, Aadhar numbers, phone numbers, addresses, or any personally identifiable information
• No Questionnaire Data: The 8-question security assessment is stored only in YOUR copy, not our systems

No Data Retention

• No Storage: Since we collect nothing, there's nothing to retain
• User-Controlled Retention: All financial data in your copy is retained according to YOUR deletion schedule
• Zero Footprint: We store zero data points about users
• Nothing to Delete: There's no user data to request deletion of

5A.4 Secure Development Practices

Code Security

• Open Source Transparency: All source code is publicly available on GitHub for security audits
• No Obfuscation: Code is readable and auditable - no minification or obfuscation of Apps Script code
• Input Validation: All user inputs are validated and sanitized to prevent injection attacks
• No eval() Usage: Capital Friends does not use eval() or Function() constructors that could execute arbitrary code
• XSS Prevention: HTML output is sanitized to prevent cross-site scripting attacks

Dependency Management

• Minimal External Dependencies: Uses only trusted CDN libraries (Tailwind CSS from cdn.tailwindcss.com, Fuse.js from cdn.jsdelivr.net)
• No npm Packages: Does not use unvetted third-party npm modules
• Subresource Integrity (SRI): External scripts loaded with integrity hashes where supported
• Google-Only APIs: Server-side code uses only Google's built-in Apps Script services (no external API keys or credentials)

5A.5 Infrastructure Security (Google Cloud Platform)

Capital Friends inherits Google Cloud Platform's enterprise-grade security infrastructure:

• SOC 2/3 Compliance: Google's data centers are SOC 2 Type II and SOC 3 certified
• ISO 27001 Certified: Google's information security management system meets ISO 27001 standards
• Physical Security: Data centers have 24/7 security, biometric access controls, and video surveillance
• Network Segmentation: Google's network is segmented to isolate services and limit attack surface
• DDoS Protection: Google's infrastructure includes built-in distributed denial-of-service attack mitigation
• Redundancy & Disaster Recovery: Data is replicated across multiple geographically distributed data centers

5A.6 Monitoring & Incident Response

Security Monitoring

• Google Cloud Logging: All Apps Script executions are logged for security auditing and debugging
• Error Tracking: Execution failures are logged to help identify potential security issues
• No Third-Party Analytics: We do NOT use external monitoring services that could access user data

Incident Response

• GitHub Security Advisories: Critical security issues can be reported privately via GitHub's security advisory feature
• Responsible Disclosure: Security researchers can email jagadeesh.k.manne@gmail.com with "SECURITY" in the subject
• Coordinated Disclosure: We commit to responding to security reports within 72 hours and coordinating public disclosure
• User Notification: In the event of a security breach affecting user data, we will notify affected users via email and GitHub announcements

5A.7 User Security Responsibilities

While we implement robust security measures, user security also depends on YOUR actions:

• Strong Passwords: Use a strong, unique password for your Google account (12+ characters, mixed case, numbers, symbols)
• Enable 2FA: Activate two-factor authentication on your Google account (authenticator app recommended over SMS)
• Private Sharing: Keep your Capital Friends copy private - do NOT share it publicly or with untrusted individuals
• Regular Backups: Download backup copies as Excel/PDF files regularly (File → Download → Microsoft Excel)
• Secure Devices: Access Capital Friends only from secure, malware-free devices
• Review Permissions: Periodically audit which apps have access to your Google account (Google Account → Security → Third-party apps)
• Phishing Awareness: Be cautious of emails claiming to be from Capital Friends asking for credentials (we never ask for passwords)

5A.8 Compliance & Certifications

Data Protection Regulations

• GDPR Compliance: Capital Friends respects EU General Data Protection Regulation principles (data minimization, purpose limitation, storage limitation)
• Right to Access: You can request a copy of any data we store about you (email us at jagadeesh.k.manne@gmail.com)
• Right to Erasure: You can request deletion of your copy tracking record (see Section 10: Your Privacy Rights)
• Data Portability: Your financial data is already in Google Sheets format (portable by design)

Google's Compliance

By building on Google Workspace, Capital Friends benefits from Google's compliance with:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• HIPAA (Health Insurance Portability and Accountability Act) - Google Workspace Enterprise
• COPPA (Children's Online Privacy Protection Act)
• FERPA (Family Educational Rights and Privacy Act)

5A.9 Data Breach Notification

In the unlikely event of a data breach:

• 72-Hour Notification: We will notify affected users within 72 hours of discovering a breach involving personal data
• Transparent Communication: We will clearly explain what data was compromised, what we're doing to resolve it, and recommended user actions
• Public Disclosure: Material breaches will be disclosed publicly via GitHub repository announcements
• Regulatory Reporting: We will report breaches to relevant data protection authorities as required by law

6. Data Sharing & Third Parties

We do NOT sell, rent, or share your information with any third parties.

The only "sharing" that occurs is:

6.1 Google Services (Required)

• Your data is processed by Google Apps Script (Google's platform)
• Your copy is stored in Google Drive
• Emails are sent via Gmail (from YOUR account, not ours)

This is unavoidable because Capital Friends is built on Google Workspace. By using Capital Friends, you're subject to Google's Privacy Policy.

6.2 No Marketing, No Analytics, No Advertising

• We don't use Google Analytics or any tracking pixels
• We don't integrate with advertising networks
• We don't send marketing emails (the only emails are security reminders from YOUR copy to YOU)
• We don't share data with data brokers or marketing companies

6.3 Open Source Code

Capital Friends is open source on GitHub: https://github.com/jagadeeshkmanne/capital-friends

• Anyone can review our code to verify our privacy claims
• The Apps Script code in your copy is visible to you (Tools → Script editor)
• No hidden functionality or data collection

6.4 Payment Processing (Razorpay)

Capital Friends is 100% free to use. However, if you choose to make a voluntary donation to support the project, payments are processed by Razorpay, a third-party payment gateway.

What Data Razorpay Collects

When you make a donation through Razorpay, the following information is collected by Razorpay (NOT by us):

• Payment Information: Credit/debit card details, UPI ID, net banking credentials, wallet information
• Personal Information: Name, email address, phone number (as required for payment processing)
• Transaction Data: Donation amount, transaction ID, payment status, timestamp
• Device & Network Information: IP address, browser type, device information (for fraud prevention)

How Razorpay Uses Your Data

• To process your payment securely
• To send you payment confirmation emails
• To prevent fraud and comply with financial regulations
• To provide customer support for payment issues

What We Receive from Razorpay

We (Capital Friends) receive only minimal transaction information from Razorpay:

• Transaction Confirmation: Whether the payment succeeded or failed
• Transaction ID: A unique identifier for the payment
• Donation Amount: The amount donated
• Timestamp: When the donation was made

We do NOT receive:

• ❌ Your full credit/debit card numbers
• ❌ Your CVV or card security codes
• ❌ Your UPI PIN or bank passwords
• ❌ Your complete banking details

Razorpay's Privacy Policy

Razorpay has its own privacy policy and data protection practices:

• Razorpay Privacy Policy: https://razorpay.com/privacy/
• Razorpay Terms: https://razorpay.com/terms/
• PCI DSS Compliant: Razorpay is certified for secure payment card processing
• RBI Authorized: Razorpay is authorized by the Reserve Bank of India

Your Rights Regarding Payment Data

• Access: Contact Razorpay directly to request your payment data
• Deletion: Request deletion of your payment information from Razorpay (subject to legal retention requirements)
• Correction: Update incorrect payment information with Razorpay

Donation Policy

For information about refunds, cancellations, and donation terms, see our Cancellation & Refunds Policy.

7. Your Email Reports (Important Clarification)

Capital Friends includes an optional feature that sends daily security reminder emails. Here's how it works:

These Emails Are Sent BY You, TO You

• The Apps Script code in YOUR copy uses YOUR Gmail account to send emails
• The emails are sent TO your own email address (the one you used to request the copy)
• We (the developers) are NOT involved in this email process
• We don't see the email content, recipients, or delivery status

What Triggers These Emails

• You can set up time-based triggers in YOUR copy (via the "⚙️ Setup Email Reports" menu)
• The triggers run under YOUR Google account permissions
• The email content is based on YOUR questionnaire answers

You Can Disable This Anytime

• Go to your Google Account → Security → Manage third-party access
• Or delete the triggers from YOUR sheet's Apps Script project
• Or simply ignore the menu item and never set up email reports

8. Google Apps Script Permissions (OAuth Scopes)

When you create your copy and start using features, Google will ask you to authorize specific permissions. These are called "OAuth scopes" and control what the Apps Script code can do within YOUR Google account.

8.1 Required Scopes

Capital Friends requires these 4 OAuth scopes to function. Google will show an authorization screen requesting these permissions:

Scope	Permission Name	Why Needed
https://www.googleapis.com/auth/spreadsheets.currentonly	See, edit, create, and delete only the specific Google Sheets files you use with this app	Allows the template to read and modify YOUR copy of the spreadsheet. Used for: adding new sheets (e.g., Portfolios, Goals), updating cell values when you add investments, creating charts for the dashboard, applying conditional formatting, and all core spreadsheet operations. This scope ONLY applies to the current spreadsheet (your copy) - NOT other files in your Drive.
https://www.googleapis.com/auth/gmail.send	Send email on your behalf	Sends optional security reminders and weekly portfolio summary emails to your email address. No inbox access - only sends emails. All emails are sent from YOUR Gmail account to YOU. Disable anytime in Settings menu.
https://www.googleapis.com/auth/script.scriptapp	Manage your Apps Script triggers	Installs optional time-based triggers for automated email reports and reminders. Allows you to manage/delete triggers through the Settings menu. Users have full control over all automation.
https://www.googleapis.com/auth/script.container.ui	Display and run third-party web content in prompts and sidebars inside Google applications	Displays custom dialog boxes and sidebars for features like adding investments, managing portfolios, viewing dashboards, and generating reports. Enables the interactive user interface within the Google Sheets environment.

8.2 External JavaScript/CSS Libraries (No OAuth Scope Required)

Capital Friends HTML dialogs load some external libraries directly in your browser:

• Tailwind CSS: UI styling framework from cdn.tailwindcss.com
• Fuse.js: Fuzzy search library from cdn.jsdelivr.net for fund/stock search
• Google Fonts: Inter font from fonts.googleapis.com

Important: These resources are loaded by YOUR BROWSER (client-side), not by Apps Script server-side code. No OAuth scope is required because the browser makes these HTTP requests directly, just like visiting any website.

8.3 Important Notes About OAuth

• Progressive Authorization: You're only asked for permissions when you actually use features that need them
• Runs Under YOUR Account: The Apps Script code executes using YOUR Google account authentication, not ours
• You Control Access: You can revoke these permissions anytime from your Google Account settings (Security → Third-party apps)
• After Ownership Transfer: The code runs entirely in your copy - we have no access to your data even with these scopes
• Time-Based Triggers: Email schedule triggers run under YOUR account permissions and can be deleted from Extensions → Apps Script → Triggers

9. Master Database Access (IMPORTRANGE)

Capital Friends uses Google Sheets' IMPORTRANGE formula to connect to public reference databases. This is different from OAuth permissions.

9.1 What are the Master Databases?

Your spreadsheet includes two sheets that import reference data from public databases:

Sheet Name	Database ID	Contains
MutualFundData	1pSvGDFTgcCkW6Fk9P2mZ5FSpROVClz7Vu0sW9JnPz9s	1000+ mutual fund names, AMC names, fund categories, and codes for search/lookup functionality
StockMasterData	Public stock database	1000+ NSE and BSE stock symbols, company names, and ISIN codes for stock lookup

9.2 IMPORTRANGE Permission (Required)

When you first open the MutualFundData or StockMasterData sheets, you'll see a #REF! error with the message: "You need permission to access this external data."

What you need to do:

1. Click the "Allow access" button that appears in the cell
2. This grants permission for YOUR spreadsheet to read data from OUR public master databases
3. Data will then load and update automatically

Important clarifications:

• One-way connection: Data flows FROM master database TO your sheet only. Your financial data NEVER goes to the master database.
• Read-only access: The master databases are publicly shared as "Anyone with link can view" - they contain NO user information
• Reference data only: These databases contain publicly available mutual fund and stock information (names, symbols, codes), not your personal holdings or values
• Updated automatically: Master databases refresh daily from public sources (AMFI, NSE, BSE APIs), keeping fund/stock information current
• No privacy risk: IMPORTRANGE cannot access your financial data or other sheets in your Drive
• Can be revoked: You can remove access by deleting the MutualFundData and StockMasterData sheets (though you'll lose search functionality)

9.3 Why This is Safe

The IMPORTRANGE formula is a standard Google Sheets feature that:

• Only allows reading data from the specified external spreadsheet
• Cannot write data back to the source
• Cannot access other sheets in your Drive
• Is visible and auditable - you can see the formula in cell A1 of each data sheet
• Is completely separate from OAuth permissions - it's a spreadsheet-level permission, not an API permission

You can verify the master databases are public: Visit the spreadsheet IDs listed above in any browser (while logged into Google) to see they're shared publicly with view-only access.

10. Cookies & Tracking Technologies

Capital Friends does NOT use cookies.

Our web app (the initial page where you request a copy) is a simple Google Apps Script web app that:

• Does not set any cookies in your browser
• Does not use localStorage or sessionStorage
• Does not include third-party tracking scripts
• Does not use fingerprinting or device tracking

Google's Apps Script platform may set its own session cookies for authentication purposes, but we don't control or access these.

9. Data Retention & Deletion

9.1 No Data Retention by Us

Capital Friends collects ZERO data, so there's nothing to retain:

• We don't collect your email - the native /copy feature doesn't provide it to us
• Questionnaire answers are stored only in YOUR copy, never sent to us
• We have no centralized database or tracking system
• Nothing to delete - your data never reaches our systems

9.2 Your Copy (Your Responsibility)

Your copy of the Capital Friends template is YOUR property. You can:

• Delete it anytime from your Google Drive
• Move it to Trash (can be restored for 30 days)
• Permanently delete it (cannot be restored)
• Download it as Excel/CSV and delete the Google Sheets version
• Clear all financial data and start fresh

We have no control over your copy and cannot access or delete it for you.

10. Your Privacy Rights

Since we collect ZERO personal data, most traditional privacy rights don't apply. However:

10.1 Right to Access

We have no data about you to provide. Your financial data lives in YOUR Google Drive copy - you already have full access.

10.2 Right to Rectification

We have no data to correct. You can edit any data in your copy anytime.

10.3 Right to Erasure ("Right to Be Forgotten")

We have no data to erase. Delete your copy from Google Drive if you no longer want to use it.

10.4 Right to Data Portability

Your data is already portable - download your copy as Excel, CSV, or PDF anytime (File → Download).

10.5 Right to Object

We're not processing any of your data, so there's nothing to object to.

10.6 Right to Withdraw Consent

You own your copy from day one. You can stop using it anytime, delete it, or revoke OAuth permissions via Google Account Settings.

Questions? Email jagadeeshi.k.manne@gmail.com with your request.

11. Children's Privacy

Capital Friends is intended for adults managing family finances. We do not knowingly collect information from children under 13 (or the applicable age of digital consent in your jurisdiction).

If you are under 18, please obtain parental consent before using Capital Friends.

If we discover we've collected data from a child without proper consent, we'll delete it immediately.

12. International Data Transfers

Capital Friends is hosted on Google's infrastructure, which is global. Your data may be processed in:

• Google data centers in various countries
• The developer's location (India)

Google complies with international data protection laws (GDPR, etc.). By using Capital Friends, you consent to this international processing.

13. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

• New features in Capital Friends
• Changes in privacy laws
• User feedback and clarifications

When we make changes:

• We'll update the "Last Updated" date at the top
• We'll post the new policy on our GitHub Pages site
• We'll note material changes in our GitHub repository's release notes

Your continued use of Capital Friends after changes constitutes acceptance of the new policy.

14. Legal Compliance & Disclosure

Since we collect ZERO personal data, we have nothing to disclose.

If we receive legal requests (court orders, subpoenas, government investigations):

• We have no user data to provide - we don't collect emails, names, or any identifiable information
• We cannot access your copy - it's owned by you in your Google Drive, protected by Google's permission model
• We would refer authorities to Google - if they need data from your copy, they would need to serve legal process to Google (not us)

The only information we could potentially provide:

• Confirmation that Capital Friends is an open-source template
• Links to the public GitHub repository
• Explanation of how the native /copy feature works
• Documentation that we collect no user data

15. Open Source Transparency

Capital Friends is fully open source. You can verify our privacy claims by:

• Reviewing the code on GitHub: https://github.com/jagadeeshkmanne/capital-friends
• Inspecting the Apps Script code in your copy (Tools → Script editor)
• Searching for data collection functions (look for references to the master tracking sheet)
• Verifying the ownership transfer code (search for setOwner function)

If you find any privacy-related issues in the code, please report them via GitHub Issues.

16. Contact Information

For privacy-related questions, data requests, or to report concerns, please email jagadeeshi.k.manne@gmail.com with "Privacy" in the subject line.

---

Summary: What You Need to Know