This policy explains what data the SpendSense Android app collects, where it is stored, and your rights as a user. By installing the app you agree to the practices described below.
SpendSense is a local-first app. Your transactions, budgets, goals, splits, receipts, and any optional location tags live in an encrypted database on your device, and SpendSense does not store your financial data on our backend. The only data that ever leaves your device is: (1) a small anti-fraud record — anonymous identifiers and timestamps used to enforce one free trial per device; and (2) optional crash and performance diagnostics, collected only if you choose to turn them on. We do not show advertisements, and we do not use analytics or advertising trackers. If you enable the optional Drive Backup feature, encrypted backup blobs are written to your own Google Drive. We do not maintain SpendSense user accounts and do not collect personally identifying information. Each item is explained below.
SpendSense reads bank SMS messages and payment-app notifications on your device to automatically detect financial transactions. From those messages we extract: transaction amounts, merchant names, bank names, partial account numbers (typically the last 4 digits as they appear in the SMS), and timestamps.
We do not collect: full SMS bodies, OTP codes, passwords, names, email addresses, phone numbers, contacts, or any personally identifying information.
The app may also collect the following, only when you opt in to the respective feature:
All financial data is stored locally on your device in an encrypted database (SQLCipher, AES-256). The encryption key is derived from a per-install device identifier and never leaves your device. Your financial data does not leave your device except as described in the sections below.
To enforce one free trial per device and to detect tampering, the app stores a small anti-fraud record on our backend (Google Firestore). It consists of:
This record contains no personal information, no SMS content, and no transaction amounts. We retain it permanently to prevent free-trial abuse via uninstall/reinstall — neither you nor we can delete it. Everything else — your transactions, budgets, goals, splits, receipts, and location data — stays on your device.
To help us find and fix bugs and improve performance, SpendSense can collect anonymous diagnostics — but only if you opt in. You control these during the initial setup and at any time in Settings → Privacy & diagnostics; turning a toggle off stops further collection.
These diagnostics never include your SMS content, transaction amounts, merchant names, account numbers, location, or any other financial or personal data. They are used solely to diagnose crashes and improve app performance — never for advertising, profiling, or sale to third parties.
SpendSense does not have its own user accounts — there is no sign-up or sign-in to SpendSense.
If you are a Premium subscriber and enable Drive Backup, the app writes AES-256-encrypted backup blobs to a hidden folder inside your own Google Drive. The encryption key stays on your device — we cannot read these backups, and we receive no information about your Google account or your Drive's other contents.
We request the READ_SMS and Notification Listener permissions solely to detect bank- and payment-app-originated transaction messages. We do not read personal SMS conversations, social-media notifications, or any non-financial messages. SMS bodies are processed on-device and discarded once the transaction is parsed; only the extracted fields (amount, merchant, bank, timestamp) are persisted, and only to your local encrypted database.
SpendSense does not display advertisements, and we do not use Google Analytics, Firebase Analytics, Mixpanel, Amplitude, or any advertising or marketing tracker. We do not share data with advertising networks, analytics brokers, or third-party trackers. The only optional data collection is the crash and performance diagnostics described under Diagnostics (Optional) above — these are used solely to fix bugs and improve performance, not for analytics, advertising, or profiling.
SpendSense uses the following Google services:
Firebase Authentication — creates the anonymous user identifier described under What we send to our backend. See Google's privacy policy.
Google Firestore — stores only the anti-fraud record described above. See Firebase privacy.
Firebase Crashlytics (optional) — receives crash and ANR diagnostics, only if you opt in to crash reporting. See Firebase privacy.
Firebase Performance Monitoring (optional) — receives app performance metrics, only if you opt in to performance monitoring. See Firebase privacy.
Google Play Billing — for subscription purchases. We do not see or store your payment information. See Play terms.
Google Drive (optional, Premium only) — for encrypted backups, only if you enable Drive Backup.
On-device data is retained until you delete it via the app, clear app data from Android Settings, or uninstall the app. The anti-fraud record described above is retained permanently. If you opt in to diagnostics, crash and performance data are processed by Firebase and retained according to Google's default retention periods (for example, Crashlytics retains crash data for up to 90 days); you can stop collection at any time in Settings → Privacy & diagnostics. We do not retain any other server-side records of your usage.
You can remove your data by any of the following:
To stop optional diagnostics collection, turn off the Crash reports and Performance toggles in Settings → Privacy & diagnostics. See the Data Deletion page for full instructions.
SpendSense is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with information, please contact us at the email below and we will delete it.
We may update this policy from time to time. Material changes will be communicated via an in-app notice and the "Last updated" date at the top of this page. Continued use of the app after a change constitutes acceptance of the revised policy.
Because SpendSense does not store your financial data on our servers, your data is fully under your control on this device:
For privacy concerns, data requests, or questions about this policy, contact us at support@aycreation.com.