Effective: 2026-05-07 · Owner: Gowtham Seeda (sole proprietor, individual capacity).
The short version. Your bank SMS are read on your phone. Subscription/fee summaries sync to our backend so you can use the app across devices. We don't sell loans, insurance, or your data. One tap exports everything you have; one tap deletes it with a 7-day grace period.
DISCLAIMER. This policy is operated in good faith for a closed pilot. It will be reviewed by Indian fintech / data-protection counsel before public release.
| Field | Value |
|---|---|
| Operator | Gowtham Seeda (sole proprietor, individual) |
| Trade name | FeeGuard |
| Country of operation | India |
| Contact email | gowtham.seeda@gmail.com |
| Grievance officer (DPDP §5) | Gowtham Seeda — gowtham.seeda@gmail.com (response within 7 working days) |
| Data Protection Officer | Not appointed (we are below the Significant Data Fiduciary thresholds set by the Government under DPDP §10) |
We act as the Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP") for personal data we process.
These items live in an encrypted SQLite database on your phone (sqlcipher, AES-256-CBC). The encryption key is provisioned in the Android Keystore (StrongBox-backed where available) and never leaves your device.
| Field | Why we have it |
|---|---|
| Phone number (E.164) | Account identifier; used for OTP login |
| Account profile (display name if you set one) | UX |
Hashed SMS digests (raw_hash, SHA-1/SHA-256) |
De-duplication of synced rows. Cannot be reversed to the original SMS. |
| Anonymised aggregates: monthly fee total, count by category, sub count | Peer benchmarks (e.g. "you pay ₹X above the median for SMS-alert charges") |
| Account-number last 4 digits | Bank attribution; never the full account number |
| FCM device token | Push notifications |
| Razorpay subscription / order IDs | Pro billing reconciliation |
| Gmail OAuth refresh token (only if you connect Gmail) | Periodic re-fetch of fee emails on your behalf — see §2.3 |
| Crash stack traces | Only if you opt in to "Send crash reports" (Settings → Privacy) |
| Anonymous feature-usage events | Only if you opt in to "Send anonymous analytics" |
| App + OS version | Diagnostics; tied to your account only on backend logs |
If — and only if — you connect Gmail in Settings → Gmail:
fee, charge, EMI, NACH, mandate, etc.), (b) deep-fetch only those that look financial, (c) extract amount, sender, date, and a body excerpt (≤ 8KB), and (d) send those rows to your phone over TLS.gmail.readonly. Per Google's API Services User Data Policy, this access is used solely to provide the FeeGuard fee-detection feature and is not transferred to any third party except in the limited ways described in this policy.| Purpose | Lawful basis (DPDP §7) | Data used |
|---|---|---|
| Detect bank fees, EMIs, subscriptions, bounces | Performance of contract + your consent | On-device SMS / Gmail body excerpts |
| Authenticate you on a new device | Your consent | Phone, OTP via Twilio Verify |
| Send alerts (free-trial ending tomorrow, fee detected, mandate failed) | Your consent | FCM token, aggregates |
| Compute peer benchmarks ("median user pays ₹X for AMB charge") | Legitimate use, anonymised | Anonymised aggregates only |
| Process Pro subscription payments | Performance of contract | Phone, Razorpay subscription/order IDs |
| Crash diagnostics | Your specific consent (toggle) | Stack traces, app/OS version |
We do not, and will never, process your data for: lending or credit underwriting, insurance underwriting, brokering Account Aggregator data, advertising profiling, or selling/sharing data with third-party data brokers.
You can, at any time, free of charge:
sqlcipher on-device, key in Android Keystore (StrongBox where available)Breach notification. Per DPDP Rules 2025, in the event of a confirmed personal-data breach we will notify the Data Protection Board within 72 hours and affected users without undue delay.
FeeGuard is intended for adults (18+) managing their own bank accounts. We do not knowingly collect data from anyone under 18. If you believe we have, email gowtham.seeda@gmail.com and we will erase it within 7 days.
Backend is hosted on Railway (railway.com), which routes traffic via Cloudflare. While Railway's primary infrastructure is in the United States, all FeeGuard server-side data at rest is encrypted with AES-256, and the data we store is itself minimised (phone, hashed digests, aggregates — not raw SMS or email content).
Operationally we treat this as a cross-border transfer for DPDP §16 purposes: by using the app you consent to this transfer for the limited purposes set out in §3. If the Government of India later notifies a country list under DPDP §16(1), we will comply with any restrictions imposed.
If you do not consent to this transfer, do not create an account.
| Processor | Purpose | Country | Data shared |
|---|---|---|---|
| Railway (railway.com) | Backend hosting, Postgres, Redis | United States | All server-side data |
| Twilio (Verify API) | OTP delivery | United States | Phone number only (passed via Twilio Verify, no message stored by us) |
| Razorpay | Pro subscription billing | India | Phone, Razorpay subscription/order ID |
| Google (Firebase Cloud Messaging) | Push notifications | Global (Google) | FCM token, notification body |
| Google (Gmail API, optional) | Read fee/charge emails on your behalf if you opt in | Global (Google) | OAuth tokens; email metadata + body extracts of financial messages, processed in-flight only |
| Sentry (sentry.io) | Crash reporting | United States / EU | Stack traces, app/OS version (only if you opt in) |
| PostHog (eu.posthog.com) | Product analytics | EU | Anonymised event names (only if you opt in) |
We will publish a sub-processor list update at least 14 days before adding any new processor.
We do not currently operate a public web app. The OAuth callback page at our backend is functional only and does not set tracking cookies.
For any material change, we will notify you in-app at least 14 days before the change takes effect, and require fresh consent for any new processing purpose. Non-material changes (e.g. typo fixes, contact-detail updates) will be reflected here with an updated "Effective" date.
All privacy / grievance / security / legal correspondence: gowtham.seeda@gmail.com.