Privacy Policy - EZer for Android

Effective Date: October 20, 2025 | Last Updated: October 20, 2025 | Version 1.0

Introduction

Welcome to EZer ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal financial data. This Privacy Policy explains how we collect, use, store, and protect your information when you use the EZer mobile application on Android devices.

By using EZer on Android, you agree to this Privacy Policy and consent to the data practices described herein.

1. Information We Collect

1.1 Information You Provide Directly

Account Information:

Name (optional)
Email address (for account creation and recovery)
Profile information (optional)
Currency and language preferences
Regional settings

Financial Data You Enter:

Transactions (manual entries)
Bank account names and types (not actual bank credentials)
Credit card nicknames (not card numbers)
Budget information
Savings goals
Bill information
Receipt images and scanned documents
Transaction categories and notes

Important: We NEVER ask for or store:

Bank account passwords or login credentials
Credit/debit card numbers
CVV/PIN codes
Social Security Numbers
Government ID numbers

1.2 Information Collected Automatically (Android-Specific)

SMS Messages (Android Only - Requires Your Permission):

When you grant SMS permission, EZer reads your SMS messages to automatically extract financial transaction information from:

Bank transaction alerts
Credit card transaction notifications
UPI payment confirmations (GPay, PhonePe, PayTM, BHIM, etc.)
Bill payment confirmations
EMI payment alerts
Merchant transaction receipts

What We Do With SMS Data:

✅ Process SMS locally on your device to extract transaction details (amount, merchant, date, account)
✅ Create transaction records from extracted data
✅ Redact sensitive information (card numbers, full account numbers) before storage
✅ Delete original SMS content immediately after processing
❌ We NEVER store complete SMS message text
❌ We NEVER upload SMS content to our servers
❌ We NEVER share SMS data with third parties
❌ We NEVER use SMS for marketing or advertising

Notification Access (Android Only - Optional):

When you grant notification listener permission, EZer can:

Read financial transaction notifications from banking apps
Extract transaction data from payment app notifications
Process notification data locally on your device
Create automatic transaction entries

What We Do With Notification Data:

✅ Process notifications locally on your device only
✅ Extract financial transaction details only
✅ Immediately discard notification content after processing
❌ We NEVER store notification text
❌ We NEVER access non-financial notifications
❌ We NEVER upload notification data to servers

Device Information:

Device model and manufacturer
Operating system version (Android version)
App version
Device language and timezone
Screen size and resolution (for UI optimization)
Unique device identifier (for session management, encrypted)

Usage Data:

App features used and frequency
Screen views and navigation patterns
Error logs and crash reports (anonymized)
Performance metrics (app load time, response time)

1.3 Information from Imported Files

Bank Statement Imports:

When you import bank statements (PDF, CSV, Excel):

Transaction history from your bank statements
Account information (account nicknames, not full account numbers)
Transaction dates, amounts, descriptions, and categories

Receipt Images:

When you scan receipts using your camera:

Receipt images
OCR-extracted text (merchant name, amount, date, items)

2. How We Use Your Information

2.1 Primary Purposes

To Provide Finance Management Services:

Display your financial transactions and balances
Categorize expenses and income automatically
Generate budgets and track spending
Monitor bill due dates and send reminders
Track savings goals and progress
Provide financial insights and analytics
Create reports and visualizations

To Enable Automatic Transaction Capture (Android):

Parse SMS messages for transaction data
Read financial notifications for automatic entry
Extract transaction details using pattern matching
Prevent duplicate transaction entries

To Improve Your Experience:

Remember your preferences (currency, language, theme)
Provide personalized insights based on your spending patterns
Suggest budget categories based on your transactions
Recommend savings opportunities
Improve transaction categorization accuracy over time

2.2 Machine Learning and AI

Local Machine Learning:

Train categorization models locally on your device
Improve merchant recognition
Detect anomalies in spending patterns
Generate personalized financial insights

What We Do:

✅ All ML processing happens on your device
✅ Models learn from your anonymized transaction patterns
✅ You can disable ML features anytime
❌ We don't send your raw transaction data to external servers for ML training

2.3 Communications

Service Communications:

Transaction confirmation notifications
Bill payment reminders
Budget threshold alerts
Goal milestone achievements
Security alerts (unusual activity, login from new device)
App update notifications

Marketing Communications (Opt-in Only):

Feature announcements
Tips for better financial management
Promotional offers (only if you opt in)

You can control notification preferences in Settings.

3. How We Store Your Information

3.1 Local Storage (Android Device)

Encrypted Database:

All financial data is stored in an encrypted SQLCipher database on your device
AES-256 encryption standard
Encryption keys are unique to your device and never leave your device
Data cannot be accessed without your biometric authentication or PIN

Secure Preferences:

App settings stored using Android Encrypted Shared Preferences
Biometric credentials managed by Android Keystore System

3.2 Cloud Backup (Optional - Your Choice)

Google Drive Backup (If You Enable It):

Complete encrypted backup of your financial database
Stored in your personal Google Drive account
Encrypted before upload (you control the encryption key)
Only you can access and restore your backups
We cannot access your Google Drive files

What's Backed Up:

Transaction history
Account information
Budget and goal data
App preferences
Receipt images (optional)

What's NOT Backed Up:

SMS messages (never stored)
Notification content (never stored)
Temporary cache data

3.3 Data Retention

On Your Device:

Data remains until you delete it or uninstall the app
You can manually delete transactions, accounts, or all data anytime

Cloud Backups:

Retained in your Google Drive until you delete them
You control backup retention through Google Drive settings

Deleted Data:

When you delete data, it's permanently removed from local storage
Deleted data may remain in cloud backups until you delete the backup
We cannot recover deleted data

4. How We Share Your Information

4.1 We Do NOT Sell Your Data

We will NEVER:

Sell your financial data to third parties
Share your data with advertisers
Provide your transaction details to data brokers
Monetize your personal information

4.2 Third-Party Services We Use

Google Services (If You Enable Cloud Backup):

Google Drive API: For encrypted backup storage
Google Sign-In: For authentication (optional)
What they receive: Encrypted backup files only (they cannot decrypt)
Privacy Policy: https://policies.google.com/privacy

Google ML Kit (For Receipt OCR):

What it does: Processes receipt images locally on device to extract text
What they receive: Nothing - processing is entirely on-device
Privacy: No data sent to Google servers

Analytics Services (Anonymized Only):

Google Analytics for Firebase: App usage statistics (anonymized)
What they receive: Anonymized app usage metrics, crash reports
What they DON'T receive: Your financial data, SMS content, personal information
You can opt out in Settings > Privacy

4.3 Legal Requirements

We may disclose your information if required by law:

In response to valid legal requests (court orders, subpoenas)
To protect our rights and property
To investigate fraud or security issues
To protect user safety

We will notify you of legal requests unless prohibited by law.

5. Android-Specific Permissions

5.1 Permissions We Request

Permission	Purpose	Required/Optional	What We Access
READ_SMS	Automatic transaction capture from bank SMS	Optional	Only financial SMS messages
RECEIVE_SMS	Real-time transaction detection	Optional	Only financial SMS alerts
NOTIFICATION_LISTENER	Read transaction notifications	Optional	Only banking/payment app notifications
POST_NOTIFICATIONS	Send bill reminders and alerts	Optional	N/A
CAMERA	Scan receipts and documents	Optional	Camera feed (not stored)
READ_MEDIA_IMAGES	Attach receipt images	Optional	Only selected images
USE_BIOMETRIC	Secure app lock with fingerprint/face	Optional	Biometric authentication only
SCHEDULE_EXACT_ALARM	Bill reminders and notifications	Optional	N/A
INTERNET	Cloud backup, app updates	Required	Network access
WAKE_LOCK	Background notifications	Optional	N/A
VIBRATE	Notification vibration	Optional	N/A

5.2 How to Manage Permissions

You can control all permissions:

Android Settings > Apps > EZer > Permissions
Or within EZer: Settings > Permissions
Revoke any permission anytime

Impact of Denying Permissions:

SMS/Notifications: Manual transaction entry required
Camera: Cannot scan receipts (can still attach from gallery)
Biometric: PIN protection only
Storage: Cannot attach images to transactions
Notifications: No bill reminders (must check app manually)

6. Your Privacy Rights

6.1 Access and Control

You have the right to:

✅ Access all your data stored in the app
✅ Export your data (CSV, JSON, Excel, PDF formats)
✅ Delete specific transactions or all data
✅ Modify or correct any information
✅ Disable specific features (SMS parsing, ML, analytics)

How to exercise these rights:

Settings > Privacy Dashboard
Settings > Data & Export
Settings > Delete All Data

6.2 Data Portability

Export Your Data:

Go to Settings > Data & Export
Choose format: CSV, JSON, Excel, or PDF
Select date range and data types
Download to your device or share

6.3 Right to be Forgotten

Delete Your Account and Data:

Settings > Privacy > Delete Account
Confirm deletion (this is permanent)
All local data is immediately deleted
Cloud backups remain until you delete them from Google Drive
We cannot recover deleted data

6.4 Consent Management

You can withdraw consent anytime:

Settings > Privacy Dashboard
Toggle off specific data collection features
SMS access, notifications, analytics, ML features

7. Security Measures

7.1 Data Protection

Encryption:

AES-256 encryption for all local data storage
SQLCipher encrypted database
Encrypted cloud backups
TLS/SSL for network communications

Authentication:

Biometric authentication (fingerprint, face)
PIN protection fallback
Session timeout after inactivity
Failed attempt lockout

App Security:

Screenshot prevention on sensitive screens
Secure keyboard for PIN entry
Memory protection (prevents data leakage)
Code obfuscation to prevent reverse engineering

7.2 SMS and Notification Security (Android-Specific)

How We Protect SMS Data:

SMS processed entirely on your device (never sent to servers)
Original SMS content discarded immediately after parsing
Only extracted transaction data (amount, merchant) is stored
Sensitive information (card numbers, account numbers) is redacted
SMS content is never included in backups
SMS content is never included in crash reports or logs

Notification Security:

Notifications processed locally only
Content immediately discarded after extraction
Non-financial notifications ignored
Never uploaded to cloud or servers

7.3 Third-Party Security Audits

Regular security assessments (planned)
Penetration testing (planned)
Vulnerability disclosure program
Bug bounty program (coming soon)

8. Children's Privacy

EZer is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us at privacy@ezer.app.

9. International Data Transfers

Data Location:

Your data is stored locally on your Android device
Cloud backups are stored in your Google Drive (location depends on your Google account settings)
We do not transfer data to servers outside your country (local-first approach)

For users in the European Union:

We comply with GDPR requirements
Your data is processed on your device (local processing)
Cloud backups follow Google's GDPR compliance measures

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes:

We will notify you via in-app notification
The "Last Updated" date will be revised
Significant changes will require your consent

Your continued use of EZer after changes indicates acceptance of the updated Privacy Policy.

11. Your Choices and Controls

11.1 SMS and Notification Access

You can:

Enable/disable SMS access anytime in Settings
Enable/disable notification listener anytime
Review which SMS patterns are being matched
See a log of automatically captured transactions
Delete any auto-captured transactions

To disable:

Settings > Permissions > SMS Access > Disable
Or Android Settings > Apps > EZer > Permissions > SMS > Deny

11.2 Analytics and Tracking

You can opt out of:

Usage analytics
Crash reporting
Performance monitoring
ML-based insights

How: Settings > Privacy > Analytics > Disable

11.3 Cloud Backup

You can:

Enable/disable cloud backup anytime
Delete all cloud backups
Choose what to backup (transactions, receipts, settings)
Set backup frequency (manual, daily, weekly, monthly)

How: Settings > Backup & Restore

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: privacy@ezer.app
Support: support@ezer.app
Website: https://ezer.app/privacy
Address: [Your Company Address]

Data Protection Officer: [Name] (dpo@ezer.app)

Response Time:

Privacy requests: Within 7 business days
Data deletion requests: Within 14 business days
General inquiries: Within 48 hours

13. Compliance and Certifications

We comply with:

General Data Protection Regulation (GDPR) - EU
California Consumer Privacy Act (CCPA) - USA
Personal Data Protection Act (PDPA) - Singapore
Information Technology Act - India
Android Developer Policies and Guidelines

Security Standards:

SOC 2 Type II (planned)
ISO 27001 (planned)
PCI DSS for payment data handling

14. Important Disclaimers

14.1 SMS Access Disclaimer (Android-Specific)

EZer's SMS access is strictly limited to:

Reading financial transaction SMS messages only
Extracting transaction data for automatic entry
Local on-device processing only

We do NOT:

Read personal or non-financial SMS messages
Store complete SMS message content
Upload SMS data to any server
Share SMS data with any third party
Use SMS for any purpose other than transaction capture

Technical Implementation:

SMS content is parsed using pattern matching for known bank/payment formats
Only messages matching financial transaction patterns are processed
Messages are filtered by sender (known banks, payment apps only)
Non-matching SMS are immediately ignored (not read, not stored)

14.2 Notification Listener Disclaimer (Android-Specific)

EZer's notification listener is strictly limited to:

Reading notifications from banking and payment apps only
Extracting transaction data from notification content
Local on-device processing only

We do NOT:

Read notifications from social media, messaging, or other apps
Store notification content
Upload notification data to servers
Access notification actions or respond to notifications

Technical Implementation:

Notification listener filters by app package name (banking apps only)
Only notifications matching transaction patterns are processed
Non-financial notifications are immediately ignored

14.3 No Bank Account Access

Important: EZer does NOT:

Connect to your bank accounts directly
Access your bank account balance via banking APIs
Perform any bank transactions on your behalf
Store your bank login credentials

We only:

Read transaction SMS/notifications that banks send to you
Allow you to manually import bank statement files
Let you manually enter transactions

15. Frequently Asked Questions

Q: Can EZer read all my SMS messages?

A: Technically, the Android SMS permission allows reading all SMS. However, EZer is programmed to only read and process financial transaction SMS from known banks and payment apps. All other SMS are ignored and never stored. This is enforced in our code and can be verified through code audits.

Q: Is my SMS data sent to your servers?

A: No. SMS processing happens entirely on your device. We never upload SMS content to any server. Only the extracted transaction data (amount, merchant, date) is stored locally in your encrypted database.

Q: Can I use EZer without giving SMS permission?

A: Yes! SMS access is completely optional. You can use EZer by manually entering transactions or importing bank statements. All features work without SMS access except automatic transaction capture.

Q: What happens if I revoke SMS permission later?

A: You can revoke SMS permission anytime. EZer will stop reading SMS immediately. Your existing transaction data remains intact. You'll need to enter transactions manually going forward.

Q: How do I know my data is secure?

A: Your data is encrypted on your device using AES-256 encryption. Cloud backups are also encrypted before upload. We use the same encryption standards as banking apps. You can also enable biometric lock for additional security.

Q: Can EZer employees access my financial data?

A: No. Your data is encrypted on your device with keys we don't have access to. Cloud backups are encrypted with your personal encryption key. We cannot decrypt or view your financial data.

Q: What happens to my data if I uninstall the app?

A: All local data is deleted when you uninstall. Cloud backups remain in your Google Drive until you delete them. You can restore your data if you reinstall EZer and use the same Google account.

Q: Do you share data with Google?

A: We use Google Drive for optional cloud backups (encrypted) and Google ML Kit for on-device receipt OCR (no data sent to Google). We also use Firebase Analytics with anonymized, aggregated data only (no personal or financial information).

16. Android-Specific Privacy Features

Android Privacy Dashboard Integration:

View EZer's data access in Android Privacy Dashboard (Android 12+)
See when SMS, Camera, and Location were accessed
Review app permissions timeline

Background Access Indicators:

Android shows indicator when app accesses SMS in background
Android shows camera/mic indicator when in use
You can monitor all background access

Approximate Location:

EZer uses approximate location only (city-level) for regional features
Never uses precise GPS location
Location access is optional

Clipboard Access:

EZer does not access your clipboard
No clipboard monitoring or data capture

17. Summary of Key Privacy Points

✅ What We DO:

• Store data locally in encrypted database on your device
• Process SMS/notifications locally on-device only
• Encrypt cloud backups before upload
• Give you complete control over your data
• Allow data export in multiple formats
• Let you delete all data anytime
• Use industry-standard security measures
• Comply with GDPR, CCPA, and privacy regulations

❌ What We DON'T DO:

• Sell your data to third parties
• Share financial data with advertisers
• Store complete SMS messages
• Upload SMS content to servers
• Access your bank accounts directly
• Store bank passwords or credentials
• Read non-financial SMS or notifications
• Access your clipboard
• Track your precise location
• Show ads based on your financial data

18. Legal Basis for Processing (GDPR)

For EU users, our legal basis for processing your data:

Data Type	Legal Basis	Purpose
Account information	Contract	Provide app services
Transaction data	Contract	Finance management features
SMS content (Android)	Consent	Automatic transaction capture
Usage analytics	Legitimate Interest	Improve app performance
Marketing emails	Consent	Promotional communications
Cloud backups	Consent	Data backup and recovery

You can withdraw consent anytime in Settings > Privacy.

By using EZer on Android, you acknowledge that you have read and understood this Privacy Policy.

Last Reviewed: October 20, 2025 | Next Review: April 20, 2026

Privacy Policy for Android