1. Introduction
WalletLoop ("we," "our," or "us") is committed to protecting your privacy. Our promise is simple: privacy-first money tracking — no ads, no data sold, no loans pushed. This Privacy Policy explains exactly what we collect, what we don't, and what we do with it.
WalletLoop is designed to help you track personal expenses across multiple digital payment platforms. We understand that financial information is sensitive, and we treat it accordingly.
2. Information We Collect
2.1 Information You Provide Directly
- Authentication Data: Phone number for OTP-based login, email address (if you choose email authentication), and Google Account information (if you use Google Sign-in).
- Financial Profile: Monthly income and savings goals (optional, used only for budget calculations and insights).
- Transaction Data: Expense entries you manually create, including amount, category, merchant/platform name, date, and optional notes.
- Profile Information: Your name and profile preferences.
2.2 SMS Data (Special Handling)
With your explicit permission, WalletLoop requests access to your SMS messages to detect and parse financial transaction notifications from banks and UPI applications. SMS data is processed entirely on your device and never transmitted to our servers in raw form.
- What we do: We use regex patterns to identify transaction SMS from Indian banks (SBI, HDFC, ICICI, Axis, Kotak, etc.) and UPI providers (Google Pay, PhonePe, Paytm, etc.).
- What we extract: Only structured transaction data (amount, merchant name, date, transaction type, account type) is extracted from SMS.
- What we send: Only the extracted structured data is sent to our servers if you choose to save the parsed transaction. Raw SMS content never leaves your device.
- You control it: You must approve each parsed transaction before it's saved. You can revoke SMS access permission at any time through your device settings.
2.3 Debt and Financial Tracking Data
If you use WalletLoop's debt tracking features, you may optionally enter:
- Loan Details: Loan amounts, interest rates, EMI amounts, tenure, disbursement dates, and bank/institution names.
- Credit Card Details: Card name, credit limit, outstanding balance, due dates. We never collect card numbers, CVVs, or other card credentials. Optional, off by default: if you turn on Settings → Privacy & Data → "Precise card matching", the app remembers the last 4 digits shown in your card SMS and which of your cards they belong to — stored only on your phone's device storage, never sent to or stored on our servers, never included in sync or backups. You can forget a card's digits anytime from that card's detail screen, and turning the toggle off deletes the whole mapping. Our servers never receive card digits, masked or partial, either way.
- Pay Later Balances: Outstanding amounts for services like Simpl, LazyPay, Slice, etc.
- Personal Debts: Amounts owed to or by other people, including their names.
This data is stored on our servers and used only for calculating amortization schedules, EMI reminders, and debt-free date projections within the app.
2.4 Split Expense Data
If you use the split expense feature, you may enter names of friends or family members to track shared expenses and settlements. These names are stored with your account data and are not shared with the people you name or any third parties.
2.5 Device Information
- Device Identifiers: Device ID, operating system type and version, app version.
- Usage Analytics: App features used, frequency of use, crash and error logs (only in production for debugging purposes).
- Location: We do not collect GPS location data. However, your IP address may be logged for security and abuse-prevention purposes (rate limiting, audit logs, our CDN provider's standard request logs).
2.6 Universal Merchant Categorization (Opt-In)
WalletLoop maintains a community-built database of merchant categorizations so the app can recognize new merchants without an update. When you correct a merchant's category in the app — for example, marking "Local Cafe" as Food — you can choose to share that correction with our database to help other users. This is off by default. You explicitly opt in — we ask once, the first time you correct a merchant the app doesn't recognize, and you can change it anytime in Settings > Privacy > "Help improve categorization."
What we receive when you opt in:
- The merchant name (e.g. "Local Cafe")
- The category you picked (e.g. Food)
- An anonymous proof token used only to prevent the same device from sending the same correction multiple times in the same week. The proof token is a cryptographic hash that the server cannot link back to your device or account.
What we never receive — even when you opt in:
- Transaction amounts, dates, or account information.
- UPI handles, account numbers, or card numbers.
- Your name, phone number, email, or any identifier that could link a correction back to you.
- Merchant names that look like personal payments (e.g.
firstname.lastname@bank), phone numbers, or sensitive categories (clinics, therapy, legal services, pharmacies). These are filtered out on your device by an on-device classifier and never sent to our servers.
How long we keep this data: The anonymous proof tokens used for duplicate-prevention expire automatically after four weeks. After that, we retain only aggregate counts of how many distinct devices proposed each merchant — these counts are not linked to any device or account.
Your control: You can turn the toggle off in Settings > Privacy at any time. Turning it off stops new corrections from being shared and clears any pending corrections that haven't yet been sent.
The database itself is universal — every WalletLoop user benefits from corrections made by everyone who opts in, even if they keep the toggle off themselves. Approved entries are made available to all users via an anonymous public read.
3. How We Use Your Information
3.1 To Provide the Service
- Authenticate you securely using phone number, email, or Google account.
- Store and display your transaction history.
- Generate spending analytics, reports, and insights.
- Create and track budgets and spending goals.
- Calculate recurring expenses and provide notifications.
- Parse SMS to auto-import transactions (on-device).
- Track debts, loans, credit cards, and EMI schedules.
- Calculate split expenses between friends or family.
3.2 To Improve the Service
- Analyze app usage patterns (anonymized) to understand feature adoption.
- Identify and fix bugs and performance issues.
- Develop new features based on user needs.
- Improve SMS parsing accuracy for better transaction detection.
3.3 To Communicate With You
- Send push notifications for budget alerts and spending warnings.
- Notify you of important app updates or security issues (email/push).
- Respond to your support requests and inquiries.
3.4 Legal and Safety
- Comply with applicable laws and regulations.
- Detect and prevent fraud or unauthorized access.
- Enforce our Terms of Service and other agreements.
3.5 What We Do NOT Use Your Data For
- Selling your personal information or transaction data to third parties.
- Targeted advertising or behavioral tracking.
- Sharing with advertisers or marketing partners.
- Profiling for credit decisions (we don't share with credit bureaus).
4. Data Storage and Security
4.1 Where Your Data is Stored
- Database: Transaction data, categories, budgets, debts, and user profiles are stored in a PostgreSQL database hosted on Supabase in the Mumbai (ap-south-1) region — within India.
- API Server: Our backend API runs on Railway and is fronted by Cloudflare for DDoS protection and TLS termination.
- Device-Side: Raw SMS content, your 4-digit PIN (in
expo-secure-store), offline transaction queue, theme preference, and SMS dedup memory are stored locally on your device only. - Authentication: Firebase Auth handles phone numbers, email addresses, and Google sign-in credentials. We do not store passwords; Firebase does.
4.2 Security Measures
- Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption (HTTPS).
- Encryption at Rest: Your device data is encrypted by your operating system. Server data is encrypted at the database level by Supabase.
- Authentication: We use Firebase Auth with phone OTP, email magic-link, and optional Google Sign-in.
- App Lock: A 4-digit PIN protects in-app access. The PIN is hashed and stored exclusively on your device — we never receive it.
- Access Control: Only the founder has access to production server data, and access is logged.
- Rate Limiting: API endpoints are protected with rate limiting to prevent abuse.
- Log Redaction: Authorization headers, cookies, tokens, and PIN hashes are stripped from all server logs before they leave our infrastructure.
- No Raw SMS Storage: Raw SMS content is never stored on our servers, eliminating exposure of sensitive banking data.
4.3 Security Limitations
While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data, but we maintain reasonable and appropriate safeguards.
5. Third-Party Services
WalletLoop relies on a small number of third-party infrastructure providers. Each is listed below with what we share, why, and a link to their privacy policy.
5.1 Firebase Authentication (Google)
We use Google Firebase for authentication. Firebase processes your phone number, email address, and Google account information (when you choose Google Sign-In). Please review Google's Firebase Privacy Policy for details.
5.2 Firebase Cloud Messaging (FCM)
We use Firebase Cloud Messaging to send push notifications (budget alerts, EMI reminders, daily summaries). FCM requires a device token to deliver notifications. This token is stored on our server and shared with Firebase. Notification content itself is short-lived and never contains transaction amounts or merchant data.
5.3 Supabase (Database Host)
Our PostgreSQL database is hosted on Supabase in the Mumbai (ap-south-1) region — within India. Supabase processes the structured data you save in WalletLoop (transactions, debts, budgets, profile). Review Supabase's Privacy Policy for details.
5.4 Railway (API Server Host)
Our backend API server runs on Railway. Railway processes API requests in transit but does not store WalletLoop user data. Review Railway's Privacy Policy for details.
5.5 Cloudflare (CDN & Proxy)
Cloudflare sits in front of our API for DDoS protection and TLS. Cloudflare receives standard HTTP request metadata (IP address, request path, response status, user-agent) for routing and abuse-prevention, in line with their standard policy. Review Cloudflare's Privacy Policy for details.
5.6 Sentry (Crash Reporting)
We use Sentry to detect crashes and server errors in production. Sentry receives error stack traces, device type, OS version, app version, and (on the server) the URL path and status code of the request that triggered the error. No financial data, SMS content, authentication tokens, or PIN data is sent to Sentry — these are stripped by our redaction filter before transmission. Sample rate for performance traces is 10%. Review Sentry's Privacy Policy for details.
5.7 Better Stack / Logtail (Server Access Logs)
Server-side HTTP request logs (method, URL path, response status, latency) stream to Better Stack (formerly Logtail) for operational debugging and incident response. Authorization headers, cookies, JWT tokens, and PIN hashes are redacted before any log line leaves our server. We do not send request or response bodies. Review Better Stack's Privacy Policy for details.
5.8 BetterUptime (Uptime Monitoring)
BetterUptime pings our public health-check endpoint from external locations to measure availability. No user data is involved — only the response to a server-only health probe.
5.9 Google Favicon API
To display logos for non-Indian merchant brands within the app, we use Google's public favicon endpoint (www.google.com/s2/favicons). This sends the merchant's website domain name (e.g., "swiggy.com") to Google to retrieve the logo image. No personal or financial data is sent. (For Indian banks and NBFCs, we render curated calm-design monograms instead of fetching favicons.)
5.10 Google Play Store and Apple App Store
When you download the app from Google Play Store or Apple App Store, those platforms may collect and process your usage data according to their respective privacy policies. Pro subscription billing (when launched) is handled exclusively through these stores — we never receive your payment-method details.
6. Data Retention
6.1 How Long We Keep Your Data
- Transaction Data: Retained while your account is active. You can delete individual transactions at any time.
- Account Data: Retained while your account is active. Upon account deletion, all personal and transaction data is permanently deleted within 30 days.
- Device Data: Cached data on your device is deleted when you uninstall the app or manually clear the app cache.
- SMS Data: Raw SMS content never persists on our servers. Extracted transaction data (amounts, merchants, dates) follows the same retention as manually-entered transactions.
- Debt Data: Loan, credit card, and pay-later data is retained while your account is active. You can delete individual debt entries at any time.
- Server Logs: HTTP access logs and error reports are retained by our log providers (Better Stack, Sentry) for up to 90 days, then automatically deleted.
- Merchant-correction Proof Tokens (opt-in only): Anonymous proof tokens used for duplicate-prevention expire automatically after 4 weeks.
7. Your Rights and Choices
7.1 Access and Data Portability
You have the right to access all your personal data stored in WalletLoop. You can:
- View your profile and all transaction data within the app.
- Export your data as a CSV or PDF report from the app's export feature.
- Request a complete data export by contacting us at privacy@walletloop.in.
7.2 Correction and Deletion
- You can edit or delete any transaction you created.
- You can update your profile information at any time.
- You can delete your account directly from the app (Settings > Data > Delete Account) or by contacting us at privacy@walletloop.in. Your data will be permanently deleted within 30 days.
7.3 SMS Permission Control
- You can revoke SMS read permission at any time through your device's Settings > Apps > WalletLoop > Permissions.
- Without this permission, SMS auto-detection will not work — but you can continue using the app by adding transactions manually, and every other feature works as before.
7.4 Push Notifications
You can opt-out of push notifications (budget alerts, EMI reminders) in your device's notification settings for WalletLoop.
7.5 Universal Merchant Categorization (Opt-In Toggle)
Settings > Privacy > "Help improve categorization" controls the opt-in described in Section 2.7. Off by default. Toggling off clears any queued corrections that haven't been sent and prevents future ones.
8. Children's Privacy
WalletLoop is not intended for children under the age of 18. Under India's Digital Personal Data Protection Act (DPDPA), 2023, a "child" is any individual below 18 years of age. We do not knowingly collect personal information from children under 18 without verifiable parental consent. If we become aware that a child under 18 has provided us with personal information without parental consent, we will take steps to delete such information and terminate the child's account. Please contact us at privacy@walletloop.in if you have concerns.
9. Compliance with Indian Laws
9.1 Digital Personal Data Protection Act, 2023
WalletLoop complies with India's Digital Personal Data Protection Act (DPDPA), 2023. Under DPDPA:
- You have the right to access, correct, and erase your personal data.
- We process data only with your explicit, informed consent (collected at first sign-in and revisitable from Settings).
- We implement reasonable data security measures and follow purpose-limitation.
- We retain data only as long as necessary for the service or as required by law.
- You can withdraw consent at any time by deleting your account from Settings > Data > Delete Account.
- You have the right to nominate, in the event of death or incapacity, another individual to exercise your rights.
9.2 Information Technology Act, 2000
We maintain appropriate physical, electronic, and procedural safeguards as required under the Information Technology Act, 2000 (Section 43A and Rule 8).
10. International Data Transfers
WalletLoop is operated from India. Your primary database is stored in India (Supabase, Mumbai ap-south-1 region). Third-party infrastructure providers (Cloudflare, Sentry, Better Stack, Firebase, Google Play, Apple) may process data outside India in accordance with their own policies. Where data is transferred internationally, we rely on the recipient's standard contractual safeguards and ensure compliance with India's Digital Personal Data Protection Act, 2023.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes by updating the "Last Updated" date and posting the revised policy in the app. Your continued use of WalletLoop after changes constitutes your acceptance of the updated Privacy Policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:
WalletLoop Support
Email: privacy@walletloop.in
We typically respond to privacy inquiries within 7 business days.
13. Grievance Redressal
If you believe your personal data has been processed in violation of the Digital Personal Data Protection Act, 2023, you have the right to lodge a complaint with the Data Protection Board of India. You can also reach out to us first, and we will attempt to resolve your concerns within 30 days.