Privacy Policy
In short: Expense Keeper reads your bank SMS on your phone and analyses them there. We run no servers, we have no account system, and we never receive, store, or see your messages or transactions. The only time your data leaves your phone is if you turn on Google Drive backup — and then it goes, encrypted, to your own Google Drive, not to us.
1. Who we are
Expense Keeper ("the app") is published and operated by Bhupendra Singh Rana, an individual based in Pune, Maharashtra, India ("we", "us"). Contact: support@theusecase.in.
2. What the app accesses on your device
SMS messages
Expense Keeper's core function is turning the transaction alerts your bank already sends you into an expense record. To do this the app reads SMS messages on your device. This happens entirely on your phone. Message content is never uploaded to us or to any third party.
The app only parses messages that look like financial alerts from a bank, card issuer, or wallet. Personal SMS from ordinary phone numbers are never passed to the financial parser.
Transactions and financial data
Amounts, merchants, categories, balances, bills, and account hints (such as the last four digits shown in an SMS) are derived from those messages and stored in a database on your device only.
3. Data we collect
We collect nothing. We operate no servers and no accounts, run no analytics or advertising SDKs, and have no ability to access your data. We cannot read your messages, transactions, or balances.
4. When data leaves your device
There are exactly three cases, and none of them send your data to us:
(a) Reference data download
The app periodically downloads a small public reference file (currency rates, merchant name mappings, category hints) over HTTPS from a public CDN. This is a one-way download. No personal information is sent in the request.
(b) Optional Google Drive backup — off by default
If you turn on cloud backup, the app signs you in with Google and stores an encrypted backup of your app data in your own Google Drive. Specifically:
-
We request only the
https://www.googleapis.com/auth/drive.appdatascope. This grants access to a hidden, application-specific folder in your Drive. It does not allow the app to see, read, or modify any other file in your Google Drive. - The backup is encrypted with AES-256-GCM before it leaves your phone. Google stores only ciphertext.
- The encryption key is generated on your device and held in the Android Keystore. A copy is placed in the same private app folder in your Drive so that a new or reinstalled phone can restore your backup after you sign in. This is what lets backup work without a passphrase.
- The backup lives in your Google account. It is never sent to us and we cannot access it. We receive no copy and hold no key.
- We store your Google account email address on your device only, to show you which account backups are going to.
Data handled through Google Drive is subject to the Google Privacy Policy. Expense Keeper's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer, sell, or use Google user data for advertising, and we do not allow humans to read it.
(c) Google Play
Update checks, in-app review prompts, and the one-time Cloud Backup purchase are handled by Google Play. We receive no personal data from these beyond anonymous purchase status.
5. Permissions and why they are needed
| Permission | Why |
|---|---|
| Read / receive SMS | To detect and parse bank and card transaction alerts on your device. This is the app's core function. |
| Default SMS handler | Required by Android to reliably receive message events used for transaction detection. |
| Internet | To download the public reference data file, and to upload your encrypted backup to your own Drive if you enable it. |
| Notifications | To remind you about upcoming bills and card due dates. |
| Run at startup | So transaction detection resumes after your phone restarts. |
6. Deleting your data
- On your phone: uninstalling the app removes all app data, including every stored message and transaction.
- In your Drive: turning cloud backup off signs the app out and stops further backups. You can delete the stored backup at any time from your Google Account under "Manage your apps" / third-party app data, or by revoking Expense Keeper's access at myaccount.google.com/permissions.
- Because we hold no copy of your data, there is nothing for you to request from us.
7. Children
Expense Keeper is not directed at children under 13, and we do not knowingly collect data from them.
8. Security
App data is stored in your device's private app storage, protected by Android. Backups are encrypted with AES-256-GCM before leaving the device, with the key held in the Android Keystore. No security measure is perfect, but because we never hold your data, there is no central store of user information to breach.
9. Changes to this policy
If we change how the app handles data, we will update this page and the "last updated" date above. Material changes will also be noted in the app.
10. Contact
Bhupendra Singh Rana
A702, Twin Arcs, Punavale, Pune, Maharashtra 411033, India
support@theusecase.in