← BackPrivacy Architecture
Exactly what leaves your browser — and what doesn't.
What stays on your device
- •Financial inputs you enter — income, expenses, assets, debts, insurance figures. These are processed entirely by JavaScript running in your browser tab. They are never serialised to a network request.
- •All calculations — net worth, ratios, retirement projections, protection gap — are computed locally in your browser using JavaScript. No server-side computation occurs.
- •Optional draft saving — if you click "Save draft" in the form, your inputs are stored in your browser's
localStorageon this device only. This data never leaves your device. You can delete it at any time using the "Clear" button in the form, or by clearing your browser's site data. No cookies orsessionStorageare used. - •Share links — when you copy a shareable link, your inputs are Base64-encoded into the URL hash (the
#...fragment). Browsers never include the hash in HTTP requests, so the server never sees your data. Decoding happens entirely in the recipient's browser.
What leaves your browser
The following table lists every category of outbound network request this site makes.
| What | When | Why | Can you opt out? |
|---|---|---|---|
| Anonymous error signal | Only if the app crashes with an unhandled error | Lets us detect broken states without seeing any of your data. A single HTTP POST to /api/error-count is sent — no payload, no personal data. | Yes — use a modern browser, or block requests to /api/error-count in an ad-blocker |
| “Notify me” email signup | Only if you submit the “Get early access” form | Sends your email address to our mailing-list provider (Formspree) so we can notify you of updates. Your financial inputs are never included. | Yes — don't submit the form. If you did, unsubscribe via any email we send or email us. |
| Page assets (HTML, JS, CSS, fonts) | On every page load | Standard delivery of the web app. Fonts are self-hosted on our domain — no third-party font CDN requests. The hosting provider may log standard access logs (IP, timestamp) for security, retained up to 90 days. | No — necessary to load the site |
No cookies
Niyamfin sets no cookies — session, persistent, first-party, or third-party. There are no tracking pixels, no advertising network scripts, and no third-party analytics loaded on the page. You can confirm this yourself in your browser's DevTools → Application → Cookies.
Verify it yourself
You don't have to take our word for it. To inspect every network request the page makes:
- 1.Open DevTools in your browser (F12 or right-click → Inspect).
- 2.Go to the Network tab and reload the page.
- 3.Filter by Fetch/XHR. You should see no requests while using the calculator — only the initial page-load assets (JS bundles, CSS) which carry no personal data.
- 4.If a crash occurs, you may see a single POST to
/api/error-count— inspect its payload and you will find it is empty.
Questions? See the full Privacy Policy or email hello@niyamfin.com.
Last updated: 3 June 2026