Privacy Policy

1. Introduction

WalletLoop ("we," "our," or "us") is committed to protecting your privacy. Our promise is simple: privacy-first money tracking — no ads, no data sold, no loans pushed. This Privacy Policy explains exactly what we collect, what we don't, and what we do with it.

WalletLoop is designed to help you track personal expenses across multiple digital payment platforms. We understand that financial information is sensitive, and we treat it accordingly.

2. Information We Collect

2.1 Information You Provide Directly

• Authentication Data: Phone number for OTP-based login, email address (if you choose email authentication), and Google Account information (if you use Google Sign-in).
• Financial Profile: Monthly income and savings goals (optional, used only for budget calculations and insights).
• Transaction Data: Expense entries you manually create, including amount, category, merchant/platform name, date, and optional notes.
• Profile Information: Your name and profile preferences.

2.2 SMS Data (Special Handling)

With your explicit permission, WalletLoop requests access to your SMS messages to detect and parse financial transaction notifications from banks and UPI applications. SMS data is processed entirely on your device and never transmitted to our servers in raw form.

• What we do: We use regex patterns to identify transaction SMS from Indian banks (SBI, HDFC, ICICI, Axis, Kotak, etc.) and UPI providers (Google Pay, PhonePe, Paytm, etc.).
• What we extract: Only structured transaction data (amount, merchant name, date, transaction type, account type) is extracted from SMS.
• What we send: Only the extracted structured data is sent to our servers if you choose to save the parsed transaction. Raw SMS content never leaves your device.
• You control it: You must approve each parsed transaction before it's saved. You can revoke SMS access permission at any time through your device settings.

2.3 Notification Data (Android Only)

With your explicit permission, WalletLoop can read push notifications from UPI payment apps (Google Pay, PhonePe, Paytm, BHIM, etc.) and banking apps to auto-detect transactions. This uses Android's Notification Listener Service, which you enable via your device's Settings > Notification Access.

• What we access: Notification title, body text, and the app that sent it — only from a pre-defined list of UPI/banking apps. We do not read notifications from messaging, social media, or other apps.
• What we extract: Only structured transaction data (amount, merchant name, transaction type) is parsed from notification text.
• What stays on device: Raw notification text is never transmitted to our servers. Only the parsed transaction data is synced — and only after you confirm it.
• You control it: You can disable this at any time in Settings > Notification Access or in the WalletLoop app settings. The rest of the app continues to work normally without this permission.

2.4 Debt and Financial Tracking Data

If you use WalletLoop's debt tracking features, you may optionally enter:

• Loan Details: Loan amounts, interest rates, EMI amounts, tenure, disbursement dates, and bank/institution names.
• Credit Card Details: Card name, credit limit, outstanding balance, due dates. We never collect card numbers, CVVs, or other card credentials.
• Pay Later Balances: Outstanding amounts for services like Simpl, LazyPay, Slice, etc.
• Personal Debts: Amounts owed to or by other people, including their names.

This data is stored on our servers and used only for calculating amortization schedules, EMI reminders, and debt-free date projections within the app.

2.5 Split Expense Data

If you use the split expense feature, you may enter names of friends or family members to track shared expenses and settlements. These names are stored with your account data and are not shared with the people you name or any third parties.

2.6 Device Information

• Device Identifiers: Device ID, operating system type and version, app version.
• Usage Analytics: App features used, frequency of use, crash and error logs (only in production for debugging purposes).
• Location: We do not collect GPS location data. However, your IP address may be logged for security purposes.

2.7 Bank Statement Imports

If you choose to import bank statements (CSV or PDF), the file is processed on your device first. Only extracted transaction data (similar to SMS) is sent to our servers. The raw file is not uploaded to our servers.

2.8 Universal Merchant Categorization (Opt-In)

WalletLoop maintains a community-built database of merchant categorizations so the app can recognize new merchants without an update. When you correct a merchant's category in the app — for example, marking "Local Cafe" as Food — you can choose to share that correction with our database to help other users. This is off by default. You explicitly opt in during onboarding or in Settings > Privacy > "Help improve categorization."

What we receive when you opt in:

• The merchant name (e.g. "Local Cafe")
• The category you picked (e.g. Food)
• An anonymous proof token used only to prevent the same device from sending the same correction multiple times in the same week. The proof token is a cryptographic hash that the server cannot link back to your device or account.

What we never receive — even when you opt in:

• Transaction amounts, dates, or account information.
• UPI handles, account numbers, or card numbers.
• Your name, phone number, email, or any identifier that could link a correction back to you.
• Merchant names that look like personal payments (e.g. firstname.lastname@bank), phone numbers, or sensitive categories (clinics, therapy, legal services, pharmacies). These are filtered out on your device by an on-device classifier and never sent to our servers.

How long we keep this data: The anonymous proof tokens used for duplicate-prevention expire automatically after four weeks. After that, we retain only aggregate counts of how many distinct devices proposed each merchant — these counts are not linked to any device or account.

Your control: You can turn the toggle off in Settings > Privacy at any time. Turning it off stops new corrections from being shared and clears any pending corrections that haven't yet been sent. You can review every correction your device has shared by tapping Settings > Privacy > "What I've contributed."

The database itself is universal — every WalletLoop user benefits from corrections made by everyone who opts in, even if they keep the toggle off themselves. Approved entries are made available to all users via an anonymous public read.

3. How We Use Your Information

3.1 To Provide the Service

• Authenticate you securely using phone number or email.
• Store and display your transaction history.
• Generate spending analytics, reports, and insights.
• Create and track budgets and spending goals.
• Calculate recurring expenses and provide notifications.
• Parse SMS, app notifications, and bank statements to auto-import transactions.
• Track debts, loans, credit cards, and EMI schedules.
• Calculate split expenses between friends or family.

3.2 To Improve the Service

• Analyze app usage patterns (anonymized) to understand feature adoption.
• Identify and fix bugs and performance issues.
• Develop new features based on user needs.
• Improve SMS parsing accuracy for better transaction detection.

3.3 To Communicate With You

• Send push notifications for budget alerts and spending warnings.
• Notify you of important app updates or security issues (email/push).
• Respond to your support requests and inquiries.

3.4 Legal and Safety

• Comply with applicable laws and regulations.
• Detect and prevent fraud or unauthorized access.
• Enforce our Terms of Service and other agreements.

3.5 What We Do NOT Use Your Data For

• Selling your personal information or transaction data to third parties.
• Targeted advertising or behavioral tracking.
• Sharing with advertisers or marketing partners.
• Profiling for credit decisions (we don't share with credit bureaus).

4. Data Storage and Security

4.1 Where Your Data is Stored

• Server-Side: Transaction data, categories, budgets, and user profiles are stored in a PostgreSQL database hosted on Railway.app in India region (when available) or the nearest region.
• Device-Side: Unprocessed SMS data, raw bank statement files, and sensitive data cache are stored locally on your device using AsyncStorage (React Native's secure storage).
• Authentication: Firebase Auth handles phone numbers and passwords securely. We do not store passwords; Firebase does.

4.2 Security Measures

• Encryption in Transit: All data transmitted between your device and our servers uses TLS 1.2+ encryption (HTTPS).
• Encryption at Rest: Your device data is encrypted by your operating system. Server data is encrypted at the database level.
• Authentication: We use Firebase Auth with phone OTP and optional Google Sign-in for secure authentication.
• Access Control: Only authorized staff can access server data, and access is logged and monitored.
• Rate Limiting: API endpoints are protected with rate limiting to prevent abuse.
• No Raw SMS Storage: Raw SMS content is never stored on our servers, eliminating exposure of sensitive banking data.

4.3 Security Limitations

While we implement industry-standard security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data, but we maintain reasonable and appropriate safeguards.

5. Third-Party Services

5.1 Firebase Authentication

We use Google Firebase for authentication. Firebase will collect and process your phone number and email address. Please review Google's Firebase Privacy Policy for details.

5.2 Railway.app Hosting

Our backend server and database are hosted on Railway.app. Your data will be stored on their infrastructure. Review Railway.app's Privacy Policy for details.

5.3 Google Play Store and Apple App Store

When you download the app from Google Play Store or Apple App Store, those platforms may collect and process your usage data according to their privacy policies.

5.4 Firebase Cloud Messaging (FCM)

We use Firebase Cloud Messaging to send push notifications (budget alerts, EMI reminders, daily summaries). FCM requires a device token to deliver notifications. This token is stored on our server and shared with Firebase. Please review Google's Firebase Privacy Policy for details.

5.5 Sentry (Crash Reporting)

We use Sentry for crash reporting and error tracking in production. When the app crashes or encounters an error, Sentry may collect device type, OS version, app version, and error stack traces. No financial data, SMS content, or notification text is sent to Sentry. Review Sentry's Privacy Policy for details.

5.6 Google Favicon API

To display bank and institution logos within the app, we use Google's public favicon API. This sends the domain name (e.g., "hdfc.com") to Google to retrieve the logo image. No personal or financial data is sent.

5.7 Analytics (if enabled)

We may use optional analytics tools to understand app usage. You can opt-out of analytics collection in your app settings.

6. Data Retention

6.1 How Long We Keep Your Data

• Transaction Data: Retained indefinitely while your account is active. You can delete individual transactions at any time.
• Account Data: Retained while your account is active. Upon account deletion, all personal and transaction data is permanently deleted within 30 days.
• Device Data: Cached data on your device is deleted when you uninstall the app or manually clear the app cache.
• SMS Data: Raw SMS never persists on our servers. Extracted transaction data follows the same retention as other transactions.
• Notification Data: Raw notification text never persists on our servers. Extracted transaction data follows the same retention as other transactions.
• Debt Data: Loan, credit card, and pay-later data is retained while your account is active. You can delete individual debt entries at any time.
• Logs: Server error logs and analytics are retained for 90 days, then deleted.

7. Your Rights and Choices

7.1 Access and Data Portability

You have the right to access all your personal data stored in WalletLoop. You can:

• View your profile and all transaction data within the app.
• Export your data as a CSV or PDF report from the app's export feature.
• Request a complete data export by contacting us at privacy@walletloop.in.

7.2 Correction and Deletion

• You can edit or delete any transaction you created.
• You can update your profile information at any time.
• You can delete your account directly from the app (Settings > Data > Delete Account) or by contacting us at privacy@walletloop.in. Your data will be permanently deleted within 30 days.

7.3 SMS Permission Control

• You can revoke SMS read permission at any time through your device's Settings > Apps > WalletLoop > Permissions.
• Without this permission, the SMS parsing feature will not work, but the rest of the app continues to function.

7.4 Notification Access Control

• You can revoke Notification Access at any time through your device's Settings > Notification Access, or by toggling it off in the WalletLoop app settings.
• Without this permission, notification-based transaction detection will not work, but SMS scanning and all other features continue to function.

7.5 Push Notifications

You can opt-out of push notifications in the app settings or through your device's notification settings.

7.6 Opt-Out of Analytics

You can disable usage analytics collection in your app settings. This prevents us from collecting anonymous usage data.

8. Children's Privacy

WalletLoop is not intended for children under the age of 18. Under India's Digital Personal Data Protection Act (DPDPA), 2023, a "child" is any individual below 18 years of age. We do not knowingly collect personal information from children under 18 without verifiable parental consent. If we become aware that a child under 18 has provided us with personal information without parental consent, we will take steps to delete such information and terminate the child's account. Please contact us at privacy@walletloop.in if you have concerns.

9. Compliance with Indian Laws

9.1 Digital Personal Data Protection Act, 2023

WalletLoop complies with India's Digital Personal Data Protection Act (DPDPA), 2023. Under DPDPA:

• You have the right to access, correct, and delete your personal data.
• We process data with your explicit consent.
• We implement reasonable data security measures.
• We retain data only as long as necessary.
• You can opt-out of processing (excluding what's necessary for the service).

9.2 Information Technology Act, 2000

We maintain appropriate physical, electronic, and procedural safeguards as required under the Information Technology Act, 2000 (Section 43A and Rule 8).

10. International Data Transfers

WalletLoop is operated from India. Your data is primarily stored in India or within Indian-friendly jurisdictions. If any data is transferred internationally (for example, to Railway.app's infrastructure outside India), we ensure appropriate safeguards are in place under applicable Indian laws.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes by updating the "Last Updated" date and posting the revised policy in the app. Your continued use of WalletLoop after changes constitutes your acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

13. Grievance Redressal

If you believe your personal data has been processed in violation of the Digital Personal Data Protection Act, 2023, you have the right to lodge a complaint with the Data Protection Board of India. You can also reach out to us first, and we will attempt to resolve your concerns within 30 days.