Privacy Policy

We built Cashlytics on a simple promise: your financial data belongs to you and only you. This policy explains exactly what we collect, what we don't, and why.

Offline-first No data selling SMS stays on-device Premium removes ads

Effective date: May 26, 2026 · Last updated: May 26, 2026

Overview
Data we collect
Data we do NOT collect
App permissions explained
SMS permissions and data handling
Google Drive backup
How your data is stored
Third-party services and advertising
Children's privacy
Your rights
Changes to this policy
Contact us

1 Overview

Cashlytics ("we", "our", "the app") is a personal finance ledger and smart notebook application developed for Android. We are committed to protecting your privacy.

      The short version: Cashlytics stores all your financial data, notes, and SMS-parsed transactions locally on your device. We do not operate servers that store your personal information. We do not sell data. The only optional cloud interaction is a backup you explicitly initiate to your own personal Google Drive account. To support free use, the app shows ads from Google AdMob — these are described in detail in Section 8.
    

2 Data we collect

Cashlytics collects and stores the following data locally on your device only:

Data type	Purpose	Where stored
Transaction records (person name, amount, date, direction)	Finance ledger functionality	On-device (Room database)
Expense entries (amount, category, description)	Personal spending tracker	On-device (Room database)
Notebook entries (text, keywords, category)	Smart notebook functionality	On-device (Room database)
SMS content from whitelisted bank senders	Auto-detect and parse bank transaction alerts	Parsed on-device; only the extracted fields you approve are saved to the Room database. Original SMS text is not retained.
Voice input (microphone audio)	Converted to text on-device; audio is never stored or transmitted	Processed locally, discarded immediately
Google account identifier (if Drive backup enabled)	To authenticate and write backup to your personal Drive	Your Google account only
Advertising ID (Android AAID)	Used by Google AdMob to serve ads and prevent ad fraud — see Section 8	Read by the AdMob SDK; not stored by Cashlytics

3 Data we do NOT collect

We want to be explicit. Cashlytics does not collect, transmit, or store any of the following:

Your name, email address, or any account information
Location data of any kind
The content of SMS messages from senders that are not on your whitelist
One-time passwords (OTPs) or promotional SMS (these are dropped by a filter before any parsing)
Your contact list or phone book
Browsing history or app usage data
Any of your personal finance data on our servers — we do not operate any backend servers for user data

4 App permissions explained

Cashlytics requests the following Android permissions:

Permission	Why it's needed	Optional?
`READ_SMS`	Required to read incoming and historical SMS from sender IDs you have explicitly added to your whitelist, so the app can auto-log bank transactions. See Section 5 for the full handling details.	Yes — you can use the app without enabling SMS auto-capture
`RECEIVE_SMS`	Required for real-time auto-capture: when a bank SMS arrives from a whitelisted sender, the app parses it on-device and queues the transaction for your approval.	Yes — pairs with READ_SMS; opt-in
`RECORD_AUDIO`	Enables voice input for transactions and notebook entries. Audio is processed locally by Android's SpeechRecognizer and never stored or sent anywhere.	Yes — you can use text input instead
`POST_NOTIFICATIONS`	Used to send budget alert notifications if you configure spending limits.	Yes — alerts are opt-in
`WRITE_EXTERNAL_STORAGE`	Required on Android 9 and below to save exported PDF and Excel files to your device storage.	Yes — only needed for export on older Android
`FOREGROUND_SERVICE` & `FOREGROUND_SERVICE_DATA_SYNC`	Used by Android WorkManager to perform user-initiated Google Drive backups reliably while the app is in the background.	Yes — only triggered when you enable backup
`AD_ID` (Google advertising ID)	Provides Google AdMob access to the Android Advertising Identifier for ad serving, fraud prevention, and limited analytics. You can reset or opt out via Android Settings → Privacy → Ads.	Required for ads in the free tier; not used by Premium users
Google Sign-In (via Google API)	Used only if you choose to enable Google Drive backup. We request the minimum scope needed to write a backup file to your Drive.	Yes — backup is fully optional

No permission is required to use the core finance ledger, notebook, or manual expense entry features.

5 SMS permissions and data handling

Because SMS access is a sensitive permission, this section explains in detail how Cashlytics uses it. Cashlytics complies with the Google Play Permissions and APIs that Access Sensitive Information policy.

      The short version: Cashlytics reads only SMS from bank senders you whitelist, parses the transaction details on your device, and asks you to approve each entry before saving it. Nothing is uploaded to any server, ever.
    

Why we request SMS access

Cashlytics requests the READ_SMS and RECEIVE_SMS permissions solely to auto-detect bank transaction alerts (e.g., "PKR 5,000 debited from your account") and log them into your local expense ledger. This is the core feature that distinguishes Cashlytics from a manual expense tracker.

What SMS content we read

Only messages from sender IDs you have explicitly added to your whitelist in Settings → SMS auto-capture (for example: HBL, UBL, JazzCash, HDFC, ICICI, Chase). All other SMS — including personal messages from your contacts — are ignored.
One-time password (OTP) and promotional messages are automatically discarded by a content filter before any parsing.
Before the Android permission prompt is ever shown, the app displays an in-app disclosure dialog explaining exactly what will be read and how it will be used. You must tap "Allow & continue" before the system prompt appears.

What we do with the data

The transaction amount, merchant or sender name, and direction (credit/debit) are extracted entirely on your device using our own offline natural-language parser.
Captured transactions are placed in a manual review queue. Nothing is added to your ledger without your explicit approval.
Your SMS data never leaves your phone. We do not transmit it to any server. We do not share it with any third party. We do not use it for advertising or analytics.

Where SMS data is stored

All parsed transaction data is stored exclusively in a local Room database on your device. Original SMS content is not stored by Cashlytics — only the extracted fields you choose to approve.

Your control

You can disable any sender at any time in Settings → SMS auto-capture.
You can revoke the OS-level SMS permission at any time via Android Settings → Apps → Cashlytics → Permissions.
Uninstalling Cashlytics deletes the local database and all captured data.

Cashlytics never uses SMS data to send messages, never intercepts SMS to other apps (no abortBroadcast), and makes no network calls in the SMS code path. All processing is on-device.

6 Google Drive backup

Cashlytics offers an optional feature to back up your data to Google Drive. Here is exactly how it works:

The backup feature is entirely opt-in. It is off by default.
When enabled, Cashlytics requests access to a private, app-specific folder in your Google Drive. Only Cashlytics can read files written to this folder.
The backup file contains your ledger entries and notebook entries in an encrypted format.
We never access, read, or transmit your Google Drive files. The backup is written directly from your device to your Drive using Google's official API.
You can revoke Drive access at any time via your Google account settings at myaccount.google.com/permissions.
Deleting the app or revoking access does not automatically delete your backup file from Drive — you can delete it manually from your Google Drive.

Cashlytics's use of Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.

7 How your data is stored

All app data is stored in a local SQLite database managed by Android Room on your device. This database is stored in the app's private storage directory, which is:

Not accessible to other apps (enforced by Android's security model)
Automatically deleted if you uninstall Cashlytics
Included in Android's standard device backup if you have that enabled in your Android system settings

Exported files (PDF and Excel) are saved to Android/data/com.cashlytics_tracker/files/ on your device storage and are accessible only to you.

8 Third-party services and advertising

Cashlytics integrates with the following third-party Google services. None of them receive your transaction data, ledger entries, notebook content, or SMS data.

Google AdMob (advertising)

To support free use, Cashlytics displays banner, native, and interstitial ads provided by Google AdMob. To serve and measure ads, AdMob may collect and process:

Your Android Advertising Identifier (AAID)
IP address, approximate location derived from IP, and device/network metadata
Ad interaction events (impressions, clicks)

AdMob's data handling is governed by Google's privacy policies, including the Google Ads and Personalised Advertising policy and the Google Privacy Policy.

Consent for users in the EEA, UK, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, Cashlytics uses Google's User Messaging Platform (UMP) to obtain your consent for personalised advertising before any ad is served. You may withdraw or change your consent at any time through the in-app consent options.

Opt out of personalised advertising

You can reset your Advertising ID or opt out of personalised ads at any time via Android Settings → Privacy → Ads. Premium subscribers do not see ads, and the Advertising ID is not used by Cashlytics for them.

Google Play Billing

If you purchase the Premium upgrade, the transaction is processed by Google Play Billing. Cashlytics does not receive or store your payment method or full payment details. We only receive a purchase confirmation from Google.

Google Drive

Only used if you explicitly enable backup. See Section 6.

On-device only — not third parties

The natural language processing (NLP) that parses your transactions, notebook entries, and SMS messages runs entirely on-device. No text is sent to any external AI or cloud API.

9 Children's privacy

Cashlytics is not directed at children under the age of 13. We do not knowingly collect personal information from children. Because the app stores all financial and SMS data locally and does not transmit that data to our servers, there is no mechanism by which we would receive such data from any user, regardless of age.

If you believe a child has provided personal information through this app, please contact us and we will assist in addressing the concern.

10 Your rights

Because all sensitive data is stored on your own device, you have full control:

Access: All your data is visible directly within the app.
Delete: You can delete individual entries via swipe-to-delete, or delete all data by uninstalling the app.
Revoke SMS access: Disable individual senders in Settings, or revoke the OS-level SMS permission in Android Settings.
Export: You can export your full data as a PDF or Excel file at any time.
Portability: Exported files are in standard formats (PDF, XLSX) you can use anywhere.
Revoke backup access: You can disconnect Google Drive at any time from within the app's Backup & Restore screen.
Withdraw ad consent (EEA/UK/CH): Reopen the in-app consent options to change your choice.
Reset Advertising ID: Use Android Settings → Privacy → Ads.

There is no account to delete because we do not create accounts. Uninstalling the app removes all locally stored data.

11 Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the app.

We encourage you to review this page periodically. Continued use of the app after any changes constitutes acceptance of the updated policy.

12 Contact us

If you have any questions about this Privacy Policy or how Cashlytics handles your data, please contact us:

Email: iamandroid.eng@gmail.com
App: Cashlytics — Finance & Notes

We aim to respond to all privacy-related inquiries within 7 business days.