Privacy Policy

01 Who we are

Paisa Tracker is a personal expense-tracking mobile application that helps users understand their spending by automatically detecting transactions from bank SMS messages and presenting them as charts, budgets, daily limits, streaks, and downloadable reports. The App is intended for individual personal use.

The data controller for the purposes of this policy is Ritesh, the independent developer of Paisa Tracker. Contact details are listed in section 13.

02 Information we collect

We only collect information that is necessary to provide the App's functionality. The categories of information we collect are listed below.

We do not collect: your phone number, your contacts list, your location, advertising identifiers, your photos, your call log, your microphone or camera input, or messages from non-financial senders.

03 Permissions we request

This section lists every system permission the App may ask for and what we do with the data each one provides. SMS access is the most sensitive and is covered first in detail; the rest follow.

SMS access — READ_SMS, RECEIVE_SMS

Reading SMS is a sensitive permission under Google Play policies, so we explain its use separately and in detail.

Why we request it. The App's core feature is automatic detection of bank transactions. To detect a transaction without requiring manual entry, the App reads SMS messages from your bank, card issuer, or UPI provider and extracts the amount, merchant, date, and account. This permission is requested only after an in-App explanation, and you may decline it. If you decline, automatic transaction detection will not be available, but the rest of the App will continue to function.

Which messages are processed. The App processes messages only from senders that match recognised bank, card, and UPI sender identifiers (for example HDFCBK, ICICIB, SBIINB, AXISBK, KOTAKB, and similar). Messages from personal contacts, friends, OTP senders for other services, promotional senders, and any non-financial source are ignored and never transmitted off your device.

What happens to the SMS content.

• The SMS body is first parsed on your device to extract structured transaction fields.
• The parsed fields, along with the original SMS body, are transmitted to our backend server over an encrypted HTTPS connection.
• On the server, the original SMS body is stored in an encrypted form (see section 6) so that the App can re-parse messages when our detection logic improves, without requiring you to re-grant SMS permission.
• SMS content is never used for advertising, behavioural profiling, sold, or shared with any third party for marketing or analytic purposes.

Your control over SMS data. You may revoke the SMS permission at any time from your device's system Settings. You may also wipe all stored SMS-derived data from the App's Settings screen ("Sync all SMS" → Wipe). Wiping deletes both the parsed transactions and the encrypted SMS copies on our server for your account, while preserving your account itself, your budgets, and your preferences.

Notifications — POST_NOTIFICATIONS

Used to deliver push notifications such as daily-limit alerts, budget-breach warnings, large-spend warnings, and parser-update announcements. The permission is requested at the end of onboarding (not at app start), so you are not ambushed by a permission dialog before you have finished signing up. You can revoke it at any time in your device Settings, or disable individual notification categories inside the App.

Biometric authentication — USE_BIOMETRIC, USE_FINGERPRINT

Optional. Only used if you enable the on-device App Lock feature. Biometric matching (fingerprint or face) is performed by your device's secure hardware and is never transmitted to our servers. The PIN you set as a fallback is stored in your device's encrypted Keychain (iOS) or Keystore (Android), not on our servers.

Background activity — REQUEST_IGNORE_BATTERY_OPTIMIZATIONS

Optional. Asked on devices that aggressively kill background services (Vivo, Xiaomi, Realme, OPPO, and similar). Without this exemption, you would miss transactions that arrive while the App is closed. Declining the prompt does not disable any other feature; you will simply have to open the App for the latest transactions to appear.

Internet — INTERNET

Required for all communication with our backend servers and Firebase Cloud Messaging. This is a standard permission for any connected mobile app and is not subject to a runtime prompt on Android.

04 How we use your information

We use the information we collect strictly for the purposes listed below. Each purpose is tied to a specific feature of the App.

• Authenticating you — We send a one-time password to your email and verify it to sign you in. We do not store passwords.
• Showing your finances — We display your transactions, charts, budgets, daily limits, and streaks based on the data parsed from your SMS messages.
• Sending notifications — We send push notifications for events such as daily-limit alerts, budget breach warnings, large-spend warnings, and parser updates. You can disable individual categories of notifications in App Settings.
• Generating reports — When you request a PDF report, we generate it server-side and email it to the address registered on your account.
• Improving SMS parsing — If you opt in by submitting an "untracked SMS" report, we use that submission to improve our parser. Submission is always manual and you choose what to send.
• Security and abuse prevention — We log basic request metadata (request type, network IP address, timestamp) to detect and block abuse, brute-force attempts, and email bombing.

We do not: serve advertisements, build advertising profiles, sell your data, share your data with data brokers, or use your data to train machine-learning models that are made available to third parties.

What we explicitly do not use

We avoid common patterns found in other free apps that can quietly erode user privacy. Specifically, Paisa Tracker contains no:

• Cookies or web-tracking technologies — the App is native; there are no web cookies, no local storage cookies, no fingerprinting scripts.
• Third-party analytics SDKs — no Google Analytics, no Firebase Analytics, no Mixpanel, no Amplitude, no PostHog. We do not collect screen-view events, tap heatmaps, or session recordings.
• Advertising or attribution SDKs — no AdMob, no Facebook SDK, no AppsFlyer, no Adjust, no Branch.
• Marketing email lists — every email we send is transactional: a one-time password, a report you requested, a security alert, or a deletion confirmation. We do not send newsletters or promotional emails.
• Automated profiling for advertising or decision-making — we categorise transactions to display them in the App, but we do not score, rank, or profile you for any external purpose.

05 Sharing and third parties

We share data only with the service providers strictly required to operate the App. Each provider acts as our processor under their own privacy obligations.

We do not share data with advertisers, analytics networks, data brokers, or any party for commercial purposes. We may disclose information when required by valid legal process (court order, subpoena, statutory request from a competent authority in India), and only to the minimum extent legally required. Where lawfully permitted, we will notify you before such disclosure.

Where your data is stored

Our application servers and PostgreSQL database run on Railway Corp.'s managed infrastructure (railway.app). Railway operates data centres in the United States and the European Union, and our database is provisioned in a Railway-managed region. By using the App, you acknowledge that your personal data may be transferred to and processed on servers located outside India. We rely on Railway's contractual security commitments and on the encryption controls described in section 6 to protect your data during such transfer and processing. If a competent Indian Data Protection Authority later mandates in-country storage for personal-finance data, we will migrate the database accordingly and notify users in advance.

Third-party privacy policies

For data that flows through our sub-processors, their own privacy policies and terms also apply. We recommend reviewing them if you want a complete picture of how those companies handle the limited data we send them:

• Firebase Cloud Messaging — firebase.google.com/support/privacy and Google's overall policy at policies.google.com/privacy.
• Railway — railway.app/legal/privacy.
• Resend — resend.com/legal/privacy-policy.

06 How we secure your data

We follow security practices appropriate to the sensitivity of personal-finance data:

• Encryption in transit — All traffic between the App and our servers uses HTTPS with TLS. HTTP Strict Transport Security (HSTS) is enforced for one year, including subdomains.
• Encryption at rest for sensitive fields — The raw SMS body, masked account number, UPI reference, and available-balance fields are encrypted at the application layer using AES-256 in GCM mode before being written to the database. The encryption key is stored only in our server environment, is never committed to source code, and is loaded from a secret environment variable at boot time.
• Passwordless authentication — We do not store passwords at all. Sign-in uses a short-lived OTP delivered to your verified email.
• Token security — Sessions use signed JSON Web Tokens bound to a specific issuer and audience. Tokens expire automatically and can be revoked at logout via a server-side blocklist.
• Rate limiting — OTP requests and verifications are rate-limited per email address and per network IP to prevent brute-force and email-bombing abuse.
• Least privilege — Only authenticated requests scoped to your own user account can read or modify your data. Cross-account access is impossible by design.
• Input bounds — All batch and date-range inputs are capped server-side to prevent resource-exhaustion attacks.

No system is perfectly secure. If we become aware of a security incident materially affecting your data, we will notify you by email and through the App within a reasonable time and in accordance with applicable law.

07 Data retention

• Account and transaction data — Retained for as long as your account exists. Deleted permanently when you delete your account.
• Encrypted SMS bodies — Retained alongside the related transaction. Removed when you wipe SMS data or delete your account.
• One-time passwords (OTP) — Expire ten minutes after issue and are removed shortly thereafter.
• JWT access tokens — Expire 24 hours after issue. Refresh tokens expire after seven days. Revoked tokens are retained on the blocklist only until their natural expiry.
• Export job records — PDF reports are delivered to your email and the job record is removed within a short retention window after completion.
• Diagnostic submissions — Kept until the parser-improvement work referenced by the submission is complete, then deleted.
• Server logs — Routine request logs are retained for up to 30 days for security and debugging.

08 Your rights and choices

You have the following rights regarding your personal data. Where you are located in a jurisdiction that grants additional rights — for example, the European Economic Area under the GDPR, the United Kingdom under the UK GDPR, or India under the Digital Personal Data Protection Act, 2023 — those rights apply in addition to the controls described below.

• Access — View your account and transaction data inside the App at any time. You may also request a structured export using the in-app PDF report feature.
• Correction — Edit your name, email address, transaction categories, budgets, and preferences directly inside the App.
• Deletion — Delete your entire account and all associated data from the App (see section 9), or wipe only your SMS-derived data while keeping your account.
• Withdraw consent — Revoke SMS or notification permissions at any time in your device Settings. The App will continue to function for any features that do not require the revoked permission.
• Portability — Request a copy of your data in a machine-readable format by emailing us (section 13). We will respond within 30 days.
• Object or complain — Contact our Grievance Officer (section 12) or, if you are in the EEA or UK, your local data-protection authority.

09 Deleting your account

You can delete your account in two ways:

1. From inside the App — Go to Settings → Account → Delete account. You will be asked to confirm. The deletion is immediate and permanent.
2. By email request — If you no longer have the App installed, send a deletion request from the email address registered with your account to support@paisatrackerapp.in with the subject line "Account deletion request". We will verify ownership by sending an OTP to that email and complete deletion within seven business days.

Deletion removes: your account record, all transactions, encrypted SMS bodies, budgets, preferences, device tokens, notification history, and export job records associated with your account. Routine server logs may retain anonymised request metadata for up to 30 days as described in section 7. Once deleted, your data cannot be recovered.

10 Children's privacy

Paisa Tracker is not directed to children under the age of 18 and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, please contact us at support@paisatrackerapp.in and we will delete the information promptly.

11 Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make a material change, we will update the "Last updated" date at the top of this page and, where required by law, notify you through the App or by email. Continued use of the App after a change takes effect constitutes acceptance of the updated policy.

Governing law and jurisdiction

This Privacy Policy is governed by, and construed in accordance with, the laws of India. Any dispute, claim, or proceeding arising out of or in connection with this policy will be subject to the exclusive jurisdiction of the competent courts in India. Users located outside India retain any non-waivable rights granted by their local data-protection laws, which apply in addition to (and not instead of) the rights described in this policy.

12 Grievance Officer

In accordance with the Information Technology Act, 2000 (India), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, the Grievance Officer for Paisa Tracker is:

13 Contact

For any question about this Privacy Policy, the data we hold about you, or to exercise any right described above, please write to us: