Finledge Privacy Policy

---                                                                                                                                               

  PRIVACY POLICY                                                                                                                                    

  Effective Date: April 22, 2026                                                                                                                    

  Last Updated: April 22, 2026                                                                                                                      

  Developer: Arindam Banerjee (doing business as Finledge)                                                                                          

  Application: Finledge – Income & Expense Tracker                                                                                                  

  Package Name: com.arindam.finledge_incomeandexpensetracker

  Contact: arindamai007@gmail.com

  Country: India

  ---

  1. INTRODUCTION

  This Privacy Policy explains how Finledge ("we," "our," or "the app") collects, uses, stores, and protects your personal information when you use

  the Finledge – Income & Expense Tracker application ("the Service"). By using the Service, you agree to the terms of this Privacy Policy.

  We are committed to protecting your privacy. Finledge is designed as a fully local, on-device application. Your financial data never leaves your

  device unless you explicitly choose to export it.

  ---

  2. INFORMATION WE COLLECT

  2.1 Financial Transaction Data

  You manually enter income, expense, and transfer records including amounts, dates, categories, accounts, notes, and descriptions. This data is

  stored exclusively on your device in a local encrypted database and is never transmitted to any server or third party.

  2.2 SMS Messages

  Finledge requests the RECEIVE_SMS and READ_SMS permissions solely to detect bank and financial institution transaction alerts and automatically

  pre-fill transaction entries for your convenience.

  - What we read: Only SMS messages sent by recognised financial institution sender IDs (e.g. banks and payment services). We parse these messages

  to extract transaction amount, type (debit/credit), and merchant name where available.

  - What we do not read: Personal conversations, OTPs after parsing, messages from non-financial senders, or any other SMS content.

  - On-device only: All SMS parsing is performed entirely on your device. No SMS content — raw or parsed — is ever transmitted off your device,

  stored in any cloud service, shared with any third party, sold, or used for advertising purposes.

  - You are in control: SMS detection is opt-in and can be disabled at any time from Settings → Smart Features. Revoking the SMS permission from

  your Android device settings immediately stops all SMS access.

  2.3 Profile and Preference Data

  The app stores your configured preferences including theme selection, currency, reminder time, PIN settings, and active profile. This data is

  stored locally on your device using Android DataStore and is never transmitted externally.

  2.4 Biometric Data

  If you enable biometric unlock (fingerprint or face recognition), authentication is handled entirely by Android's BiometricPrompt API at the

  operating system level. Finledge never accesses, reads, stores, or processes your raw biometric data. The app only receives a pass or fail result

  from the Android OS.

  2.5 Notification Data

  The POST_NOTIFICATIONS permission is used solely to deliver daily reminders you configure in Settings → Reminders. No notification content is

  shared with any external service.

  2.6 Device Information

  Basic device information such as Android OS version is used passively to ensure compatibility and enable appropriate features (e.g. exact alarm

  scheduling, biometric unlock, notification permissions on Android 13 and above). This information is not collected, stored, or transmitted by

  Finledge.

  2.7 Backup Data

  When you use the Backup feature, a JSON file is exported to a storage location you choose on your device via Android's Storage Access Framework.

  Finledge does not upload backup files to any server or cloud service. You are solely responsible for the security of exported backup files.

  2.8 Subscription and Billing Information

  Finledge offers optional Premium subscriptions processed entirely through Google Play Billing. Finledge does not collect, access, or store any

  payment card information or billing details. All payment processing is governed by Google's Privacy Policy (https://policies.google.com/privacy).

  2.9 In-App Review

  Finledge may prompt you to rate the app using the Google Play In-App Review API. No personally identifiable information is collected or

  transmitted by Finledge during this process.

  ---

  3. HOW WE USE YOUR INFORMATION

  We use the information described above for the following purposes:

  - To provide and operate the core features of the Service (transaction tracking, budgeting, savings goals, loan management, recurring

  transactions)

  - To enable SMS-based automatic transaction detection on your device

  - To deliver daily reminders you have configured

  - To process and manage your Premium subscription through Google Play

  - To allow you to back up and restore your financial data on your device

  - To maintain app security through PIN and biometric authentication

  - To ensure compatibility with your device's Android version

  We do not use your information for advertising, marketing, profiling, automated decision-making, or any purpose beyond what is described above.

  ---

  4. LEGAL BASES FOR PROCESSING (GDPR — EU & UK USERS)

  If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal information under the following lawful

  bases:

  - Performance of a Contract: Processing your financial transaction data, account data, and subscription status is necessary to deliver the Service

   you have requested.

  - Consent: SMS access, notifications, and biometric unlock are all opt-in features. You provide explicit consent when enabling each feature, and

  you may withdraw consent at any time.

  - Legitimate Interests: We process minimal device information to ensure the app functions correctly and securely on your device. This processing

  is necessary and proportionate.

  - Legal Obligation: We will comply with applicable data protection laws and respond to lawful requests from data protection authorities.

  ---

  5. DATA STORAGE AND RETENTION

  ┌────────────────────────────────────┬─────────────────────────────────┬───────────────────────────────────────────────────────┐

  │             Data Type              │          Where Stored           │                   Retention Period                    │

  ├────────────────────────────────────┼─────────────────────────────────┼───────────────────────────────────────────────────────┤

  │ Transactions, categories, accounts │ Local device database           │ Until app is uninstalled or user resets data          │

  ├────────────────────────────────────┼─────────────────────────────────┼───────────────────────────────────────────────────────┤

  │ Preferences and settings           │ Local device DataStore          │ Until app is uninstalled                              │

  ├────────────────────────────────────┼─────────────────────────────────┼───────────────────────────────────────────────────────┤

  │ SMS content during parsing         │ Device memory only              │ Never persisted — discarded immediately after parsing │

  ├────────────────────────────────────┼─────────────────────────────────┼───────────────────────────────────────────────────────┤

  │ Parsed SMS transactions            │ Local device database           │ Until app is uninstalled or user resets data          │

  ├────────────────────────────────────┼─────────────────────────────────┼───────────────────────────────────────────────────────┤

  │ Backup files                       │ Device storage chosen by user   │ Controlled entirely by the user                       │

  ├────────────────────────────────────┼─────────────────────────────────┼───────────────────────────────────────────────────────┤

  │ Subscription status                │ Google Play (managed by Google) │ Per Google's retention policy                         │

  └────────────────────────────────────┴─────────────────────────────────┴───────────────────────────────────────────────────────┘

  All locally stored data is permanently deleted when you uninstall the app or use Settings → Data → Reset Data.

  ---

  6. DATA SHARING AND DISCLOSURE

  We do not sell, trade, rent, share, or disclose your personal information to any third party for any purpose including advertising, analytics, or

  data brokerage.

  The only third-party service involved in the operation of Finledge is Google Play Billing, which operates under Google's own Privacy Policy.

  Finledge does not pass user data to Google Play Billing — the service operates independently.

  We do not disclose personal information to:

  - Business affiliates or partners

  - Advertising networks

  - Analytics providers

  - Data brokers

  - Any government entity except where required by applicable law

  ---

  7. SECURITY

  Finledge implements the following security measures to protect your information:

  - All data is stored within Android's application sandbox, inaccessible to other applications

  - Optional PIN lock (4-digit) to prevent unauthorised access to the app

  - Optional biometric authentication (fingerprint/face) via Android BiometricPrompt

  - No data is transmitted over any network, eliminating network-level security risks entirely

  While we implement appropriate technical safeguards, no method of electronic storage is 100% secure. In the unlikely event of a security incident

  affecting your personal data, we will notify the relevant data protection authorities and affected users as required by applicable law, including

  within 72 hours under GDPR where applicable.

  ---

  8. YOUR RIGHTS

  Depending on your location, you may have the following rights regarding your personal information:

  - Right to Access: Request a copy of the personal information we hold about you

  - Right to Correction: Request correction of inaccurate data

  - Right to Deletion: Request deletion of your personal information

  - Right to Restriction: Request that we restrict processing of your information

  - Right to Object: Object to our processing of your information

  - Right to Data Portability: Request your data in a portable format (use Settings → Data → Export to Excel)

  - Right to Appeal: Appeal our decisions regarding your privacy requests

  In-app controls available to you:

  - Disable SMS access: Settings → Smart Features → toggle off (or via Android Settings → Apps → Finledge → Permissions)

  - Disable reminders: Settings → Reminders → toggle off

  - Disable PIN or biometric lock: Settings → Security

  - Delete transaction data: Settings → Data → Reset Data

  - Export your data: Settings → Data → Export to Excel

  - Delete all data: Uninstall the application

  To exercise any of the above rights, contact us at: arindamai007@gmail.com

  ---

  9. CHILDREN'S PRIVACY

  Finledge is not directed at children under the age of 13. We do not knowingly collect any personal information from children. If you believe a

  child under 13 has provided personal information through the app, please contact us at arindamai007@gmail.com and we will take immediate steps to

  delete that information.

  ---

  10. CALIFORNIA PRIVACY RIGHTS (CCPA/CPRA)

  If you are a California resident, you have the following additional rights under the California Consumer Privacy Act (CCPA) and California Privacy

   Rights Act (CPRA):

  - The right to know what personal information is collected about you

  - The right to know whether your personal information is sold or disclosed and to whom

  - The right to opt out of the sale or sharing of your personal information

  - The right to access your personal information

  - The right to request deletion of your personal information

  - The right to non-discrimination for exercising your privacy rights

  We do not sell or share your personal information. The personal information Finledge collects that falls under the California Customer Records

  statute is limited to financial information (transaction records) which is stored locally on your device and never disclosed to third parties.

  To exercise your California privacy rights, contact: arindamai007@gmail.com

  ---

  11. INTERNATIONAL USERS

  Finledge is operated from India. If you access the Service from the European Economic Area, United Kingdom, or other regions with data protection

  laws, please be aware that all data you enter into the app is stored locally on your device in your own country. No data is transferred

  internationally by Finledge.

  ---

  12. THIRD-PARTY LINKS AND SERVICES

  The app may provide links to Google Play Store pages (e.g. to manage your subscription or rate the app). These third-party services have their own

   privacy policies. We are not responsible for the privacy practices of third-party services.

  Google Play Privacy Policy: https://policies.google.com/privacy

  Google Payments Privacy Notice: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

  ---

  13. CHANGES TO THIS PRIVACY POLICY

  We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this

  policy and note the changes in the app's Google Play Store release notes. Your continued use of the app after changes are posted constitutes your

  acceptance of the updated policy.

  ---

  14. CONTACT US

  If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

  Developer: Arindam Banerjee (Finledge)

  Email: arindamai007@gmail.com

  Country: India

  ---

  This privacy policy was last updated on April 22, 2026.