Sanjay Gangwar ("we", "us", "the developer") built mMoney as a freemium Android application. This privacy policy explains how the app collects, uses, stores, and protects your data.
The short version: mMoney reads your financial SMS messages to automatically detect UPI and bank transactions. Transaction data is synced to our servers so you can access it across devices. We do not sell your data. Free-tier users see ads served by third-party ad networks; premium subscribers see no ads.
Data We Collect
Account information
- Authentication credentials — email address and hashed password (if using email sign-up), or profile information provided by Google, Facebook, or Apple Sign-In via Firebase Authentication.
- Subscription status — managed through RevenueCat to determine your Free or Premium tier.
Financial data
- SMS messages — the app reads incoming SMS messages on your device to detect UPI and bank transaction notifications. Only messages matching known financial patterns are processed; all other messages are ignored and never read or stored.
- Transaction records — extracted transaction details (amount, merchant/payee, date, type) are stored locally and synced to our servers.
- Manually entered transactions — any income, expense, or transfer entries you create manually.
HRA Rent Receipt data
- Landlord details — name, PAN number, and address that you enter for generating HRA rent receipt PDFs.
- Rent payment details — rent amounts, payment dates, and tenant information you provide.
This data is stored locally on your device and synced to our servers. It is used solely to generate rent receipt PDFs and is not shared with any third party.
Device and usage data
- Push notification token — a Firebase Cloud Messaging (FCM) token used to deliver push notifications to your device.
- Advertising identifiers — collected by third-party ad SDKs (Google AdMob, Facebook Audience Network) for free-tier users only. Premium users have no ad SDKs loaded.
How We Use Your Data
| Data | Purpose |
|---|---|
| Authentication credentials | Create and secure your account |
| SMS-detected transactions | Automatically log income and expenses |
| Transaction records | Display spending insights, categories, and history |
| Landlord / rent details | Generate HRA rent receipt PDFs |
| FCM token | Send push notifications (reminders, updates) |
| Subscription status | Determine Free vs. Premium tier (ads vs. no ads) |
| Advertising identifiers | Serve ads to free-tier users |
SMS Permission
mMoney uses the RECEIVE_SMS and READ_SMS permissions solely to detect incoming financial transaction messages (UPI payments, bank debits/credits, wallet transactions). The app filters SMS messages locally on your device using pattern matching. Only messages identified as financial transactions are processed and stored. Personal, promotional, OTP, and all other non-financial messages are ignored entirely and never read, stored, or transmitted.
You can revoke SMS permission at any time from Android system settings. The app will continue to function — you will simply need to enter transactions manually.
Cloud Sync and Data Storage
Your transaction data, account settings, and HRA receipt data are synced to our backend servers (Node.js + MongoDB) so you can access your data across devices and recover it if you switch phones.
- Data is transmitted over HTTPS (TLS encryption in transit).
- Server-side authentication is verified using Firebase Admin SDK on every request.
- Your data is stored on our privately hosted infrastructure and is not shared with or accessible to any third party.
Third-Party Services
The app integrates the following third-party services:
- Firebase Authentication — for user sign-in (email/password, Google, Facebook, Apple). Firebase Privacy Policy.
- Firebase Cloud Messaging (FCM) — for push notifications. Firebase Privacy Policy.
- RevenueCat — for subscription management. RevenueCat receives your anonymised app user ID and purchase receipts. RevenueCat Privacy Policy.
- Google AdMob (free tier only) — serves ads and may collect device identifiers, IP address, and ad interaction data. Google Privacy Policy.
- Facebook Audience Network (free tier only) — serves ads and may collect device identifiers and ad interaction data. Meta Privacy Policy.
Premium subscribers have ad SDKs (AdMob and Facebook Audience Network) completely disabled — they are not loaded at all, so no data is collected by these services for premium users.
Data Sharing
We do not sell, rent, or trade your personal data. Your data is shared only in the following limited circumstances:
- Third-party ad networks — advertising identifiers and ad interaction data are shared with AdMob and Facebook Audience Network for free-tier users only, solely for the purpose of serving ads.
- Legal requirements — if required by law, regulation, or legal process.
Data Retention and Deletion
- Local data is deleted when you uninstall the app or clear app data.
- Server-side data is retained as long as your account exists.
- You may request complete deletion of your account and all associated server-side data by contacting us at the email below. We will process deletion requests within 30 days.
Children's Privacy
mMoney is not intended for use by children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us so we can delete it.
Data Security
We take reasonable measures to protect your data:
- All network communication uses HTTPS (TLS encryption).
- Firebase Authentication tokens are verified server-side on every API request.
- Server infrastructure is privately hosted and access-controlled.
- Passwords are never stored in plain text (handled by Firebase Authentication).
No method of electronic storage or transmission is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
Your Rights
You have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion of your account and all associated data.
- Revoke SMS and other permissions at any time via Android system settings.
- Opt out of personalized ads via your device's ad settings.
Changes to This Policy
We may update this policy when features change. Any changes will be posted on this page with an updated "Last Updated" date. Continued use of the app after changes constitutes acceptance of the updated policy.
Contact
For questions or concerns about this privacy policy, contact:
Sanjay Gangwar
Email: contact@sanjaygangwar.dev
Website: sanjaygangwar.dev