Privacy Policy

This page explains what RupeeLens processes, why it is processed, and what controls users have.

RupeeLens Privacy Policy

Last updated: February 22, 2026

This policy explains what data RupeeLens processes, why it is processed, and what controls you have. This policy is written to match the current backend implementation.

1. Data We Process

Depending on the features you use, we process:

  • Account and verification data: phone number hash and encrypted phone number, OTP records, authentication tokens, and last-active metadata.
  • Profile data: name, gender, monthly income, monthly expenses, email, date of birth, and city (if provided).
  • Financial records: transactions (amount, type, category, date, description, optional sms_id, and SMS-imported transaction details where you use SMS import), goals, goal progress, reminders, and loan records.
  • Shared expense data: group names, member names, linked user IDs (when linked), expenses, splits, and settlements.
  • Device and engagement data: device ID, push token, notification tracking records, user activity tracking records, and spending guard rules/events.
  • AI advisor request context: question, intent, and finance context needed to produce advisor answers.

2. SMS Permission (Optional Feature)

RupeeLens requests SMS permission only if you choose Import from SMS. This permission is optional and is not required to use other app features.

When enabled, we access only messages needed to detect transaction details such as merchant name, amount, date, and transaction reference number (UTR / RRN / Txn Ref) so we can create expense entries for you. Transaction reference numbers (UTR/RRN/Txn Ref) are hashed on-device before transmission, and we store only hashed identifiers, not plain reference numbers.

  • SMS access is used only for transaction detection and import.
  • We do not use SMS permission for advertising, profiling, or selling data.
  • We do not read personal chats from messaging apps (for example WhatsApp or Telegram).
  • You can revoke SMS permission at any time from device settings.
  • Imported transaction records are stored in your account/app data.
  • SMS-derived transaction data is retained only as needed to provide app features and can be deleted when you delete transactions/account.

Trust note: SMS access is optional and used only to detect transaction messages for import.

3. In-App Permission Notice

Before showing system SMS permission, the app disclosure copy is designed around this trust statement:

  • Title: Import bank transactions from SMS
  • Body: To save your time, we can auto-detect transaction SMS and create entries for you. We only use this for transaction import and you can turn it off anytime.
  • Points: Optional feature, no ads use, revoke anytime in settings.

4. Why We Process Data

  • Authenticate users and secure accounts.
  • Store and display finance records and analytics.
  • Generate reminders, insights, and summaries.
  • Deliver push notifications.
  • Provide AI-assisted guidance.
  • Operate, debug, and secure the service.

5. Transaction Reference Number (UTR / RRN / Txn Ref)

When available in SMS or imported transaction data, we may process transaction reference identifiers (for example UTR, RRN, or bank reference) to improve duplicate detection, reconciliation, and settlement accuracy.

  • We do not use transaction reference identifiers for advertising.
  • We do not sell this data.
  • Transaction reference numbers (UTR/RRN/Txn Ref) are hashed on-device before transmission, and only hashed identifiers are stored for matching/security workflows.
  • Reference-derived values are retained only as long as needed for app functionality, security, and legal compliance.

Short trust line: We hash transaction reference numbers (UTR/RRN) to securely detect duplicates and improve accuracy.

6. Google Play Data Safety (SMS)

This summarizes current intended disclosure posture for SMS data usage:

  • Data type: Messages (SMS).
  • Primary purpose: App functionality (transaction import).
  • User control: SMS permission is optional and revocable anytime.
  • Security: Data is protected in transit and access is controlled.
  • Deletion: Users can delete imported transactions and request account deletion.

7. AI Privacy Controls

For AI advisor flows, current code applies these controls by default:

  • Structured financial context sent to LLM is token-masked for labels/titles.
  • Financial values are sent as-is from your app context; we do not apply numeric scaling transforms in the LLM pipeline.
  • User question text and limited conversation history are still sent to support conversational quality.

8. LLM Audit Logging Clarification

The model/table llm_call_logs exists, and the helper to write logs exists. However, writes happen only when AI_ADVISOR_LLM_PRIVACY_LOG_SANITIZED_CONTEXT=true. Current default is false, so sanitized LLM context logging is off unless explicitly enabled by environment configuration.

9. Third-Party Processors

RupeeLens may share limited required data with infrastructure providers to run features:

  • OTP provider: token verification flow for login.
  • Push provider: device token and notification payload delivery.
  • LLM provider: AI prompt payloads for advisor/categorization where used.
  • Object storage: private bucket access via signed URLs for files/icons.

10. Security Practices in Code

  • Phone numbers are stored as hash plus encrypted value, not as plain text columns.
  • User-linked tables use ownership checks and foreign-key constraints in key flows.
  • Signed URLs are used for private object access.

11. Retention and Deletion

You can request account deletion via DELETE /api/auth/delete-account with confirmation. Current backend code performs hard deletion of user-linked records across core tables, including AI logs tied to the user ID.

Infrastructure-level backups and operational logs may exist outside application tables and may be retained for limited periods under platform operational policies.

12. Your Choices

  • You can update profile and financial records from app APIs.
  • You can disable or re-map push token usage by logout/device-token updates.
  • You can request full account deletion as noted above.

13. Policy Updates

We may update this policy when product behavior changes. Material changes should be reflected by updating this page and its last-updated date.

14. Contact

For privacy requests, use the official RupeeLens support channel listed in your app/store listing or in-app support section.