Public posture · auth-gated audit log
Lineage holds a family's entire financial picture. We treat that as a responsibility, not a feature. This page describes — honestly — how your data is protected, what we rely on, and where we are still building.
Separation is structural, not a filter
Every family's financial data lives in its own isolated database instance, not a shared table partitioned by a query filter. One family's data is physically separate from another's. Sensitive fields — PAN, date of birth, account numbers, documents — are encrypted at rest, and the keys are derived per family, not stored as plaintext alongside the data.
Our direction is that your family holds the key: access by your chartered accountant or adviser is a separate, explicit, revocable grant — never a default. We are moving key custody behind an explicit, audited, revocable consent boundary so that reading your data always requires a grant you control. That work is in progress; we describe the target, not a finished claim.
Infrastructure certifications (our provider)
Lineage runs entirely on Cloudflare. The independent certifications below belong to Cloudflare, our infrastructure provider — our application inherits the security of that platform. They are not certifications of Lineage itself.
Our own compliance posture
- DPDP readiness — in progress. We are aligning to India's Digital Personal Data Protection Act: lawful-basis & consent records, data-subject rights (access, correction, erasure, data portability), breach notification, and grievance redressal. A grievance contact and Data Protection Officer mailbox are live (below).
- Our own SOC 2 / ISO 27001 — planned, not yet held. We will pursue an independent audit of Lineage's own controls when our scale or a partner requirement calls for it. We will not claim a certification we do not hold.
- No commission, no kickbacks, no ads, no data sale. We do not monetise your data and earn nothing from products shown on the platform.
Your data, and your rights
- Storage. Data is held on Cloudflare's infrastructure, encrypted at rest with keys derived per family; access requires an explicit grant you control.
- Export & deletion are first-class. You can export your data and delete your account at any time; deletion crypto-shreds your family's keys.
- Sharing is a signed, revocable consent. A CA or adviser sees your data only after you grant access, scoped to what you choose, and you can revoke it in one step.
Subprocessors
The third parties that process data on our behalf:
| Provider | Purpose |
|---|---|
| Cloudflare | Compute, storage, database & network (primary infrastructure) |
| Cloudflare Workers AI | On-platform document extraction |
| Anthropic (Claude API) | Document-parser failover only, when on-platform extraction is insufficient |
| JMAP mail (mail.lineage.money) | Transactional & document-intake email |
Incident response
No reportable security incidents to date. In the event of a personal-data breach, we will notify the Data Protection Board of India and affected users in line with DPDP requirements, and publish a root-cause summary. Acknowledged grievance turnaround: within 24 hours; resolution within 15 days.
Contact
Security or vulnerability reports: privacy@lineage.money. Data Protection Officer: dpo@lineage.money. Grievances: grievance@lineage.money.
Lineage Money Private Limited · CIN U66190KA2026PTC220443 · No. 43, Residency Road, Shanthala Nagar, Ashok Road, Museum Road, Bangalore North, Bengaluru, Karnataka 560025, India