Data Safety Disclosure

At a glance

• No data collected by Fundea or any Fundea-operated server.
• No data shared with third parties.
• Data processed on device includes financial info, contacts metadata from bank SMS, photos, and app activity — never uploaded by Fundea.
• Optional Google sync sends backup data only to your Google Drive (app-private folder) and reads only your bank emails when you turn it on.

Data collected by Fundea

None. Fundea has no backend, no analytics SDK, and no advertising SDK. The developer does not receive, store, or process your data.

Data shared with third parties

None. The app does not transmit your data to advertisers, data brokers, analytics providers, or any other third party.

Data processed on your device

The following information is read or stored locally on your phone to provide app features. None of it is collected or shared by Fundea.

Type of data	How it's used	Required?
Financial info — purchase history, transactions, account hints (last-4 / UPI handle), budgets, goals	Core ledger, charts, budgets, goal tracking, reminders	Required (you enter or auto-detect it)
Messages — SMS content from bank/UPI senders	On-device parsing into transactions and bill reminders. Promotional and OTP messages are ignored.	Optional (auto-detect feature)
Photos & videos — single image you pick	Profile avatar, copied into the app's private folder	Optional
Personal info — your display name	Greeting line on the dashboard	Optional
App activity — corrections you make, dedup hashes, learning hints	Improve future SMS parsing accuracy on your device	Required for auto-detect
App info & performance — your settings (theme, notification toggles, lock timeout)	Remember your preferences between launches	Required
Authentication info — PIN hash, biometric flag	App Lock. The plaintext PIN is never stored.	Optional (App Lock is off by default)

Optional Google integrations

If you turn these features on, Fundea uses Google's official OAuth flow on your device. The data goes between your device and Google. No Fundea-operated server sits in between.

Feature	What is sent / read	Where it goes
Google Drive backup (drive.appdata)	A single JSON file fundea_backup.json containing the same ledger, settings and goals already on your device.	Hidden “App Data” folder in your Google Drive — visible only to Fundea on your account.
Gmail scan (gmail.readonly)	Read-only access. Fundea queries messages from a hard-coded list of bank and wallet sender domains, last 30 days, capped at 50 results, and parses them on-device.	Stays on your device. Only the parsed result (a transaction or reminder) is saved locally.

Security practices

• Data is encrypted in transit for all Google API traffic (HTTPS, handled by Google's SDKs).
• Data is encrypted at rest: secrets use platform secure storage; database files are AES-256 encrypted with a key in the OS keystore.
• You can request data deletion: see below.
• Independent security review: not yet performed; Fundea is a small independent project. Reports go to fundea.app@gmail.com.
• Family-friendly compliance: Fundea follows Google Play's Families Policy by not collecting data and not showing ads. The app is rated for ages 13+ regardless.

How to delete your data

• In-app: swipe a transaction to delete it; long-press categories, payment methods, goals, budgets and reminders to remove individually; clear all by uninstalling the app.
• Uninstall removes Fundea's local storage on Android.
• Google Drive backup: open Drive settings → Manage apps, find Fundea, and choose “Delete hidden app data”.
• Revoke Google access: myaccount.google.com/permissions → Fundea → Remove access.
• Need help? Email fundea.app@gmail.com.

Children

Fundea is not directed at children under 13 and does not knowingly collect data from them.

Read more

Full details in the Privacy Policy. Use of optional Google APIs is governed by the Google API Services User Data Policy, including the Limited Use requirements.