FeeGuard — Privacy Policy

Effective: 2026-05-07 · Owner: Gowtham Seeda (sole proprietor, individual capacity).

The short version. Your bank SMS are read on your phone. Subscription/fee summaries sync to our backend so you can use the app across devices. We don't sell loans, insurance, or your data. One tap exports everything you have; one tap deletes it with a 7-day grace period.

DISCLAIMER. This policy is operated in good faith for a closed pilot. It will be reviewed by Indian fintech / data-protection counsel before public release.


1. Who we are

Field Value
Operator Gowtham Seeda (sole proprietor, individual)
Trade name FeeGuard
Country of operation India
Contact email gowtham.seeda@gmail.com
Grievance officer (DPDP §5) Gowtham Seeda — gowtham.seeda@gmail.com (response within 7 working days)
Data Protection Officer Not appointed (we are below the Significant Data Fiduciary thresholds set by the Government under DPDP §10)

We act as the Data Fiduciary under the Digital Personal Data Protection Act, 2023 ("DPDP") for personal data we process.

2. What data we collect, where it lives, and how it's protected

2.1 On-device only — encrypted, never uploaded

These items live in an encrypted SQLite database on your phone (sqlcipher, AES-256-CBC). The encryption key is provisioned in the Android Keystore (StrongBox-backed where available) and never leaves your device.

2.2 On our backend — encrypted at rest, in transit

Field Why we have it
Phone number (E.164) Account identifier; used for OTP login
Account profile (display name if you set one) UX
Hashed SMS digests (raw_hash, SHA-1/SHA-256) De-duplication of synced rows. Cannot be reversed to the original SMS.
Anonymised aggregates: monthly fee total, count by category, sub count Peer benchmarks (e.g. "you pay ₹X above the median for SMS-alert charges")
Account-number last 4 digits Bank attribution; never the full account number
FCM device token Push notifications
Razorpay subscription / order IDs Pro billing reconciliation
Gmail OAuth refresh token (only if you connect Gmail) Periodic re-fetch of fee emails on your behalf — see §2.3
Crash stack traces Only if you opt in to "Send crash reports" (Settings → Privacy)
Anonymous feature-usage events Only if you opt in to "Send anonymous analytics"
App + OS version Diagnostics; tied to your account only on backend logs

2.3 Gmail integration (optional, opt-in)

If — and only if — you connect Gmail in Settings → Gmail:

2.4 What we never collect or store

3. Why we collect each item (purpose limitation, DPDP §6)

Purpose Lawful basis (DPDP §7) Data used
Detect bank fees, EMIs, subscriptions, bounces Performance of contract + your consent On-device SMS / Gmail body excerpts
Authenticate you on a new device Your consent Phone, OTP via Twilio Verify
Send alerts (free-trial ending tomorrow, fee detected, mandate failed) Your consent FCM token, aggregates
Compute peer benchmarks ("median user pays ₹X for AMB charge") Legitimate use, anonymised Anonymised aggregates only
Process Pro subscription payments Performance of contract Phone, Razorpay subscription/order IDs
Crash diagnostics Your specific consent (toggle) Stack traces, app/OS version

We do not, and will never, process your data for: lending or credit underwriting, insurance underwriting, brokering Account Aggregator data, advertising profiling, or selling/sharing data with third-party data brokers.

4. Your rights (DPDP §11–14)

You can, at any time, free of charge:

5. Data retention

6. Security

Breach notification. Per DPDP Rules 2025, in the event of a confirmed personal-data breach we will notify the Data Protection Board within 72 hours and affected users without undue delay.

7. Children's data (DPDP §9)

FeeGuard is intended for adults (18+) managing their own bank accounts. We do not knowingly collect data from anyone under 18. If you believe we have, email gowtham.seeda@gmail.com and we will erase it within 7 days.

8. Cross-border transfers

Backend is hosted on Railway (railway.com), which routes traffic via Cloudflare. While Railway's primary infrastructure is in the United States, all FeeGuard server-side data at rest is encrypted with AES-256, and the data we store is itself minimised (phone, hashed digests, aggregates — not raw SMS or email content).

Operationally we treat this as a cross-border transfer for DPDP §16 purposes: by using the app you consent to this transfer for the limited purposes set out in §3. If the Government of India later notifies a country list under DPDP §16(1), we will comply with any restrictions imposed.

If you do not consent to this transfer, do not create an account.

9. Third-party processors

Processor Purpose Country Data shared
Railway (railway.com) Backend hosting, Postgres, Redis United States All server-side data
Twilio (Verify API) OTP delivery United States Phone number only (passed via Twilio Verify, no message stored by us)
Razorpay Pro subscription billing India Phone, Razorpay subscription/order ID
Google (Firebase Cloud Messaging) Push notifications Global (Google) FCM token, notification body
Google (Gmail API, optional) Read fee/charge emails on your behalf if you opt in Global (Google) OAuth tokens; email metadata + body extracts of financial messages, processed in-flight only
Sentry (sentry.io) Crash reporting United States / EU Stack traces, app/OS version (only if you opt in)
PostHog (eu.posthog.com) Product analytics EU Anonymised event names (only if you opt in)

We will publish a sub-processor list update at least 14 days before adding any new processor.

10. Cookies / web

We do not currently operate a public web app. The OAuth callback page at our backend is functional only and does not set tracking cookies.

11. Changes to this policy

For any material change, we will notify you in-app at least 14 days before the change takes effect, and require fresh consent for any new processing purpose. Non-material changes (e.g. typo fixes, contact-detail updates) will be reflected here with an updated "Effective" date.

12. Contact

All privacy / grievance / security / legal correspondence: gowtham.seeda@gmail.com.