Overview
LocalSpend is a private, offline expense tracker for Android. It reads payment SMS messages on your device to automatically log UPI and bank transactions. We are committed to protecting your privacy. This policy explains what data the app accesses, how it is used, and what is never done with it.
1. Data We Access
SMS Messages (READ_SMS permission)
LocalSpend requests the READ_SMS permission to read payment-related messages from your inbox. Specifically, the app:
- Reads message body text from known bank and payment app senders (e.g., HDFC, SBI, ICICI, Google Pay, PhonePe, Paytm)
- Extracts transaction amount, merchant name, payment method, and reference ID using on-device pattern matching
- Stores only the extracted fields (amount, merchant, category, timestamp) in a local SQLite database on your device
- Optionally stores the raw message body locally so you can review the source message — this is never transmitted
The app does not read personal messages, OTPs, or any SMS content other than financial transaction alerts.
Biometric Data (USE_BIOMETRIC / USE_FINGERPRINT permission)
LocalSpend uses Android's biometric API to lock the app. The app does not access, store, or transmit your biometric data. Authentication is handled entirely by the Android operating system.
Storage
The app writes a local SQLite database (localspend.db) to your device's internal app storage.
This file is private to the app and is not accessible by other apps.
2. Data We Do Not Collect
- No account or registration is required
- No personal information (name, email, phone number) is collected
- No location data is accessed
- No contacts are read
- No camera or microphone access
- No advertising identifiers
- No crash reporting or analytics SDKs
- No third-party SDKs that collect data
3. Data Sharing
We share nothing. LocalSpend does not transmit any data to any server, third party, or analytics platform — because there is no network connection made by the app for data purposes.
Your transaction data stays on your device and is only accessible to you through the LocalSpend app.
4. Data Storage and Security
All data is stored locally in a SQLite database within the app's private internal storage on your Android device. The database uses WAL (Write-Ahead Logging) mode for integrity.
Data is protected by:
- Android's app sandbox (other apps cannot access LocalSpend's storage)
- Biometric authentication gate before the app opens
- No network endpoints to attack
5. Data Retention and Deletion
- You can delete individual transactions by swiping left on any transaction
- You can delete all app data at any time via Android Settings → Apps → LocalSpend → Clear Data
- Uninstalling the app permanently deletes all locally stored data
6. Children's Privacy
LocalSpend does not knowingly collect any information from children under the age of 13. The app is intended for general audiences managing personal finances.
7. Changes to This Policy
If we update this Privacy Policy, the new version will be published at this URL with an updated Last Updated date. Continued use of the app after changes constitutes acceptance of the updated policy.
8. Your Rights
Since LocalSpend stores no data on any server, there is nothing for us to retrieve, correct, or delete on your behalf. All your data is on your own device and under your full control at all times.
9. Contact
If you have any questions about this Privacy Policy, please contact:
Email: your-email@example.com
GitHub: github.com/sagarchandagarwal/localspend
10. Permissions Summary
| Permission | Purpose | Data Transmitted? |
|---|---|---|
READ_SMS |
Read bank/UPI payment SMS to auto-log transactions | No — on-device only |
RECEIVE_SMS |
Listen for new payment SMS in real time | No — on-device only |
USE_BIOMETRIC |
Lock app behind fingerprint/Face unlock | No — handled by OS |
USE_FINGERPRINT |
Fallback biometric support | No — handled by OS |