Privacy Policy
Effective Date: April 28, 2026
1. Introduction
Welcome to CashTrack, a personal finance tracking application developed and operated by Lean Bytes. We are committed to protecting your personal and financial data. This Privacy Policy explains how we collect, use, process, store, and safeguard your information when you use our mobile application on Android and iOS platforms.
By using CashTrack, you agree to the data practices described in this policy. If you do not agree, please discontinue use of the application.
2. Information We Collect
CashTrack collects different types of information depending on the features you use:
2.1 Account & Profile Information
- Display Name: The name you provide during onboarding or edit in your profile settings.
- Anonymous Account ID: CashTrack uses Firebase Anonymous Authentication to create a unique anonymous identifier for your account. No email address, phone number, or password is required.
2.2 Financial Data (User-Entered)
- Transactions: Merchant/description, amount, date/time, category, type (expense or income), and optional notes that you manually enter.
- Budget Settings: Your monthly budget limit and currency preference.
- Categories: Both built-in and custom categories you create, including category names, icons, and colors.
2.3 SMS Data (Optional – Android Only)
- If you enable SMS Auto-Tracking, the app listens for incoming SMS messages from financial institutions (e.g., bank transaction alerts).
- SMS message bodies are parsed on-device and then sent to Google Gemini AI for structured extraction of transaction details (merchant, amount, category, type).
- We do not store the raw SMS content on our servers. Only the extracted transaction data is saved locally and optionally synced to the cloud.
2.4 Voice Input Data (Optional)
- When you use the Voice Input feature, your speech is processed by the device's native speech recognition engine to convert it to text.
- The transcribed text is then sent to Google Gemini AI to extract transaction details.
- We do not store audio recordings. Only the resulting transaction data is saved.
2.5 Receipt Scanning Data (Optional)
- When you use the Scan Receipt feature, the selected image is processed on-device using Google ML Kit OCR (Text Recognition) to extract text from the receipt.
- The extracted text is then sent to Google Gemini AI for structured parsing into transaction details.
- We do not store receipt images on our servers. Only the resulting transaction data is saved.
2.6 AI Chat Data
- When you use the AI Assistant (chat) feature, a summary of your financial data (currency, budget, spending totals by category, and recent transactions) is sent alongside your question to Google Gemini AI to generate personalized financial insights.
- Chat conversations are stored in-memory only during your app session. They are not persisted to disk or synced to the cloud and are cleared when you close the app or clear the chat.
2.7 App Settings & Preferences
- Currency preference, notification toggles (push notifications, weekly summary, budget alerts), biometric lock toggle, theme mode (light/dark/system), and SMS tracking toggle.
- These are stored locally using DataStore and the local Room database, and may be synced to the cloud.
2.8 Crash & Diagnostic Data
- CashTrack uses Firebase Crashlytics to automatically collect crash reports and non-fatal error logs. This data includes device information, OS version, and stack traces to help us diagnose and fix issues.
- No personally identifiable financial data is included in crash reports.
3. How We Store Your Data
3.1 Local-First Architecture
CashTrack prioritizes your privacy by adopting a Local-First architecture:
- Room Database: All transactions, categories, and settings are stored locally on your device in a Room (SQLite) database.
- DataStore: App preferences (biometric lock status, SMS tracking toggle) are stored locally using Android DataStore.
3.2 Cloud Synchronization
CashTrack uses Google Cloud Firestore to sync certain data to the cloud for backup purposes:
- Transactions: When you add or delete a transaction, it is synced to Firestore under your anonymous user account.
- Settings: When you update settings, they are synced to Firestore.
- Cloud data is associated with your anonymous Firebase user ID — no personal identifiers such as email or phone number are linked to this data.
4. Third-Party Services
CashTrack integrates with the following third-party services. Each service has its own privacy policy governing how it handles data:
| Service | Provider | Purpose |
|---|---|---|
| Firebase Authentication | Anonymous user identity | |
| Cloud Firestore | Cloud data backup & sync | |
| Firebase Crashlytics | Crash reporting & diagnostics | |
| Gemini API | AI-powered transaction parsing, financial advice, and chat | |
| ML Kit (Text Recognition) | On-device receipt OCR |
All data transmitted to Google services is sent via encrypted HTTPS connections. For more information, please see Google's Privacy Policy.
5. Permissions and Their Use
CashTrack requests only the permissions necessary for specific features. Each permission is optional and can be denied without affecting core functionality:
- RECEIVE_SMS / READ_SMS (Android only): Used exclusively for the "SMS Auto-Tracking" feature to capture incoming bank transaction alerts in real-time and automatically log transactions. This permission is only active when you enable SMS tracking in Settings.
- RECORD_AUDIO: Used for the "Voice Input" feature in the Smart Input screen, allowing you to add transactions by speaking naturally. Audio is processed locally by the device's speech recognition engine — we do not record or store audio files.
- READ_EXTERNAL_STORAGE (Android ≤ 12): Used for the "Scan Receipt" feature to allow you to select a receipt image from your device's gallery for OCR scanning.
- POST_NOTIFICATIONS (Android 13+): Used to deliver push notifications, weekly spending summaries, and budget alert notifications when you enable them in Settings.
- Biometric Authentication (Face ID / Fingerprint): Used to lock the app behind your device's biometric authentication (Face ID, fingerprint, or device credential) for extra security. Biometric data is processed entirely by your device's operating system — CashTrack never accesses or stores biometric data.
6. How We Use Your Information
We use the information we collect for the following purposes:
- Provide Core Functionality: Track your income and expenses, display analytics and charts, manage categories, and monitor budget progress.
- AI-Powered Features: Parse voice commands and receipt scans into transactions, provide smart financial insights on the home screen, and answer your financial questions via the AI chat assistant.
- Notifications: Send weekly spending summaries and budget overspending alerts when you opt in.
- Cloud Backup: Sync your data to Firestore so it can be recovered or accessed across devices.
- Crash Diagnostics: Identify and fix bugs and improve app stability.
- Personalization: Remember your currency, theme, display name, and notification preferences.
7. Data Retention
- Local Data: Stored on your device indefinitely until you clear it via "Clear All Data" in Settings, or uninstall the app.
- Cloud Data: Retained in Firestore until you delete your account or request deletion. Data is associated with your anonymous Firebase user ID.
- AI Chat History: Stored in-memory only; automatically cleared on app close.
- Crash Reports: Retained by Firebase Crashlytics per Google's standard retention period (typically 90 days).
8. Data Security
We implement the following security measures to protect your data:
- Local Database: Transaction and settings data is stored in a local Room database on your device.
- Network Encryption: All data transmitted to Firebase and Google AI services uses HTTPS/TLS encryption.
- Anonymous Authentication: Firebase Authentication uses anonymous sign-in, so no email or password is stored or transmitted.
- Biometric Lock: When enabled, the app requires your device's biometric authentication (fingerprint, Face ID, or device credential) each time it is opened.
- No Raw Data Transmission: Raw SMS messages, audio recordings, and receipt images are processed locally; only structured transaction data is sent to the cloud.
However, you are responsible for maintaining the security of your device and ensuring it has appropriate security measures (screen lock, up-to-date OS, etc.).
9. Children's Privacy
CashTrack is not designed for or directed at children under the age of 13. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected data from a child under 13, we will take steps to delete that data promptly.
10. Your Rights
You have the following rights regarding your data:
- Access & View: All your financial data is visible within the app at all times (transactions, analytics, settings).
- Edit & Update: You can update your profile name, currency, budget, categories, and other settings at any time.
- Delete Transactions: You can swipe-to-delete individual transactions from the transaction history.
- Clear All Data: You can erase all local data through the "Clear All Data" option in Settings.
- Account Deletion: You can request full account and cloud data deletion by contacting us at leanbytes0@gmail.com.
- Revoke Permissions: You can revoke any permission (SMS, microphone, notifications) at any time through your device's system settings.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Effective Date" at the top of this page. We encourage you to review this policy periodically. Your continued use of CashTrack after changes are posted constitutes acceptance of the updated policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: