Privacy Policy

1. Summary

• No accounts, no Fundea servers, no cloud sync by default. Your transactions, budgets, goals and settings stay on your phone.
• No analytics SDKs, no ad networks, no tracking pixels. Fundea does not phone home.
• SMS auto-detect runs entirely on-device. Bank messages are read locally to extract amounts, merchants, and dates. They are never uploaded.
• Google Drive backup and Gmail scan are off by default and require your explicit sign-in. If you turn them on, Fundea talks directly to Google's APIs from your device — not through a Fundea server.
• You can export everything, and uninstalling the app deletes it.

2. Who runs Fundea

Fundea is an independent application. The developer is the data controller for any personal data the app processes. You can reach us at fundea.app@gmail.com.

3. Data stored on your device

The following are stored locally in app storage (SharedPreferences and the app's documents directory):

• Financial entries you create or that auto-detect captures: transactions (amount, date, category, note, payment method, tags, source), recurring rules, reminders, budgets, goals, and custom categories.
• Linked-account hints you choose to add — only the institution name and last-4 digits or UPI handle. Fundea never stores full card numbers, CVV, PIN, OTP, net-banking passwords, or expiry dates.
• Profile: a display name and an optional avatar image (copied from your gallery or camera into the app's documents directory).
• App-lock state: a one-way hash of your PIN and a flag for whether biometric unlock is enabled. The PIN itself is not stored.
• Preferences: theme, notification toggles, auto-lock timeout, learning hints used by the parser to remember corrections you make.

None of this is transmitted off the device unless you explicitly enable Google Drive backup (see section 6) or share an export file yourself.

4. Permissions we request

Permission	Why Fundea asks for it	Optional?
Read SMS (Android only)	Parse bank/UPI alerts on-device into transactions. Only messages from known financial senders are processed; the rest are ignored.	Yes — you can decline and add transactions manually.
Post notifications	Show budget alerts, bill reminders, goal milestones, daily nudges, and the monthly report.	Yes — you can deny it or turn off individual channels in Settings.
Camera	Take a profile-avatar photo if you choose “Take photo”.	Yes — the gallery option works without it.
Photos / media	Pick an avatar from your gallery; let you save export files.	Yes — only triggered when you initiate the action.
Internet	Used only when you opt in to Google sign-in for Drive backup or Gmail scan. The app does not make network requests for ordinary use.	Yes — required only for the optional Google features.
Use biometric / device credential	Unlock the app with your phone's fingerprint or face if you enable App Lock.	Yes — App Lock is off until you enable it.

5. SMS auto-detect

If you grant the SMS permission, Fundea reads incoming messages on your device and runs them through an on-device parser. Only senders matching a curated list of Indian banks, card issuers, UPI apps, and wallets are considered; promotional and OTP messages are ignored.

For a matched message, the parser extracts amount, direction (debit/credit), merchant or counterparty, date, payment instrument, and — for bills, EMIs and auto-debit notices — the due date. The result becomes a transaction or a reminder. The original SMS body is not uploaded, copied to a Fundea server, or shared with any third party. A short hash (the message id from your inbox) is kept in app storage so we don't process the same message twice.

You can review, edit, delete, or reject any auto-detected entry. Corrections train an on-device learning store so future detections improve. Revoking the SMS permission stops auto-detect entirely.

6. Optional Google Drive backup & Gmail scan

These features are off by default. You enable them from Settings → Google sync by signing in with a Google account. When you do, Fundea uses Google's official OAuth flow and asks for the minimum scopes it needs:

• Drive (drive.appdata) — write a single backup file fundea_backup.json into Google Drive's hidden “App Data” folder. This folder is invisible to other apps, including Drive's own UI; only Fundea can see it. The backup contains the same data already on your device (transactions, budgets, goals, linked-account hints, preferences) so you can restore after a reinstall.
• Gmail (gmail.readonly) — when Gmail scan is on, Fundea queries Gmail using the same parser as SMS auto-detect, restricted to a hard-coded list of bank/wallet sender domains and to messages from the last 30 days, with a cap of 50 results per scan. Subject and plain-text body are read on-device to extract amounts and dates; nothing is forwarded anywhere.

Limited Use disclosure: Fundea's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• Google user data obtained via these scopes is used only to provide the Drive backup and Gmail-scan features you turned on.
• Google user data is not transferred to a Fundea server, used for advertising, sold, or used to train any AI/ML model.
• Humans do not read your Google user data, except where you explicitly request support, where we are legally required to, or for security investigations.
• You can revoke Fundea's access at any time at myaccount.google.com/permissions, or by signing out from Settings → Google sync.

7. No third-party trackers, analytics, or ads

Fundea does not embed Google Analytics, Firebase Analytics, Crashlytics, Meta SDK, AppsFlyer, Mixpanel, or any comparable analytics/attribution/advertising SDK. There are no ads in the app. We do not sell or rent data to anyone — there is no data leaving your device for us to sell.

8. Security

• App Lock with PIN and optional biometric unlock. The PIN is stored as a one-way hash; we cannot recover it for you.
• Auto-lock after a configurable idle period (immediate to 45 seconds, or never).
• Screenshot prevention on sensitive screens (transaction details, linked accounts).
• Encryption at rest: secret values are stored using platform secure storage; the local database, when present, is opened with an AES-256 key kept in the OS keystore.
• HTTPS for all communication with Google APIs (handled by Google's official SDKs).

No system is perfect. If you find a security issue, please email fundea.app@gmail.com.

9. Retention & deletion

• On-device data is retained until you delete it inside the app or uninstall Fundea. Uninstalling removes the app's storage on Android.
• Drive backup: a single file fundea_backup.json in your account's hidden app-data folder. Use Settings → Google sync → Sign out, then visit Drive settings → Manage apps and choose “Delete hidden app data” for Fundea to remove it.
• OAuth grant: revoke at myaccount.google.com/permissions.
• Exports (CSV, XLSX, PDF reports) are written to your device's temporary folder and shared only when you choose to share them.

10. Children

Fundea is not directed at children under 13. We do not knowingly collect data from children. If you believe a child has used the app, uninstalling it will remove its data; nothing has been transmitted to us.

11. Your rights

Because Fundea processes your data on your device, you already have direct access, correction, export, and deletion rights through the app — via the transaction list, the export menu, and uninstall. If you are in a jurisdiction that grants additional rights (such as the EU/UK GDPR or India's DPDP Act), and need anything Fundea-specific that is not covered by those in-app controls, contact fundea.app@gmail.com.

12. Changes to this policy

If we materially change how Fundea handles data, we will update this page and bump the “Last updated” date. For significant changes — particularly anything that broadens what leaves your device — we will surface a notice in the app before the change takes effect.

13. Contact

Questions, requests, or security reports: fundea.app@gmail.com.