Privacy Policy
Effective Date: March 29, 2026
Last Updated: March 29, 2026
Sri Sadguru Software Solutions LLP ("we," "our," or "us") operates the Ginti mobile application (the "App"). This Privacy Policy explains what information we collect, how we use it, and your choices regarding your data.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address and display name — provided through Google Sign-In, Apple Sign-In, or email/password registration.
- Profile photo URL — if provided by your sign-in provider (Google or Apple).
We use Firebase Authentication (operated by Google) to manage sign-in. We do not store your Google or Apple passwords.
1.2 Financial Transaction Data
When you use Ginti to track expenses, the following data is collected and stored:
- Transaction amount, currency, and type (expense or income)
- Merchant or payee name
- Category (e.g., Food, Transport, Shopping)
- Payment method (e.g., online transfer, credit card, cash)
- Date and time of the transaction
- Original notification or message text that triggered the transaction
1.3 Notification and Message Content
- Android: During onboarding, Android users are shown a dedicated disclosure screen explaining exactly which apps Ginti monitors (banking apps, payment apps such as Google Pay, and bank notification apps) and why notification access is needed. Notification listener access is entirely optional — users may skip it and use the app with manual entry only. Ginti uses Android's Notification Listener Service to read notifications from a predefined list of financial apps only. All other notifications (social media, email, messaging, etc.) are completely ignored and never read, stored, or transmitted. Ginti does not read SMS messages directly. You can revoke notification access at any time through Android Settings → Apps → Special app access → Notification access.
- iOS: Ginti provides a "Paste from Clipboard" button on the home screen. When you tap it, Ginti reads your clipboard to check for financial text such as bank SMS messages. Your clipboard is never read automatically or in the background — it is only accessed when you explicitly tap the button.
1.4 Budget and Preferences
- Cash and online account balances
- Monthly and daily spending limits
- Currency preference
- Category budgets
- Auto-approve settings
1.5 Information We Do NOT Collect
- Device identifiers or advertising IDs
- Location data
- Contacts, photos, or files
- Bank login credentials
- Biometric data
- We do not use any analytics SDKs, crash reporting services, or advertising frameworks
2. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Account data (email, display name, photo): processed under contract — necessary to provide the service.
- Transaction data (amounts, merchants, categories): processed under contract — core functionality of the App.
- Notification/clipboard text: processed under contract — required for automatic transaction detection.
- AI parsing (sanitized text sent to AI): processed under contract — core to providing automatic transaction categorization.
- Subscription data (Firebase UID shared with RevenueCat): processed under contract — necessary to manage your paid subscription.
3. How We Use Your Information
| Purpose | Data Used |
|---|
| Create and manage your account | Email, display name, photo |
| Parse and categorize transactions automatically | Notification/clipboard text (sanitized before AI processing) |
| Display spending analytics and budgets | Transaction amounts, categories, dates |
| Manage your subscription | Firebase user ID (shared with RevenueCat) |
| Sync data across devices | All transaction and profile data (via Firebase Firestore) |
| Queue transactions when offline | Message text (stored locally until connectivity returns) |
4. AI-Powered Transaction Parsing
Ginti uses AI to extract transaction details (amount, merchant, category) from notification text.
Before any text is sent to the AI:
- Account numbers are masked
- Credit/debit card numbers are masked
- Phone numbers are removed
- Payment identifiers (e.g., routing numbers) are partially redacted
- Long reference numbers are removed
- Email addresses are stripped
The sanitized text is sent to Google's AI service for parsing. The AI response is used solely to extract structured transaction data. We do not use AI output for profiling, advertising, or any purpose other than transaction categorization.
5. Third-Party Services
We use the following third-party services that may process limited user data:
| Service | Provider | Purpose | Data Shared |
|---|
| Firebase Authentication | Google | User sign-in | Email, display name, OAuth tokens |
| Cloud Firestore | Google | Data storage and sync | User profile, transactions |
| Cloud Functions for Firebase | Google | Subscription verification, coupon redemption | Firebase user ID, auth token |
| AI Service | Google | Transaction text parsing | Sanitized notification text (PII removed) |
| RevenueCat | RevenueCat Inc. | Subscription and payment management | Firebase user ID, purchase receipts |
| Apple Sign-In | Apple | Authentication on iOS | OAuth token, email, name |
| Google Sign-In | Google | Authentication | OAuth token, email, name, photo |
In-app purchases are processed by Apple (App Store) or Google (Google Play). We do not directly handle credit card or payment information for subscriptions.
6. Data Storage and Security
- Cloud storage: Your account profile and transaction data are stored in Google Cloud Firestore, secured by Firebase Authentication. Data is encrypted in transit (TLS) and at rest.
- Local storage: App settings, offline queues, and notification preferences are stored on your device using AsyncStorage. This data never leaves your device unless explicitly synced.
- No bank credentials: Ginti never asks for, stores, or transmits your bank login credentials. Transaction detection is based solely on notification content.
7. International Data Transfers
Your data is stored and processed on Google Cloud infrastructure (Firebase/Firestore). Google complies with the EU-US Data Privacy Framework for transfers of personal data from the EU/EEA to the United States. RevenueCat also processes data in the United States under appropriate safeguards. By using the App, you acknowledge that your data may be transferred to and processed in the United States.
8. Data Retention
- Your data is retained for as long as your account is active.
- Inactive accounts may be deleted after 2 years of inactivity with prior notice to your registered email address.
- You can export your transaction data at any time as a CSV file from the Profile screen.
- Upon account deletion, all associated data in Firestore (profile, transactions, recurring transactions) will be permanently deleted.
9. Your Rights and Choices
- Access and export: You can view all your data in the app and export transactions as CSV at any time.
- Correction: You can edit any transaction or profile information directly in the app.
- Deletion: You can delete individual transactions or request full account deletion.
- Revoke permissions: You can revoke notification listener access (Android) at any time through your device's system settings. On iOS, clipboard access is entirely user-initiated — simply do not tap the "Paste from Clipboard" button if you do not want clipboard content to be read.
- Sign out: Signing out clears your local session data.
10. California Residents (CCPA)
If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal data. To exercise any of these rights, contact us at hello@ginti.app.
11. European Users (GDPR)
If you are located in the European Union or European Economic Area, you may have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, port, and erase your personal data, as well as the right to restrict or object to processing. To exercise these rights, contact us at hello@ginti.app.
12. Children's Privacy
Ginti is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will delete it promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. Continued use of the App after changes constitutes acceptance of the updated policy.
14. Contact Us
If you have questions or concerns about this Privacy Policy or your data, contact us at:
Sri Sadguru Software Solutions LLP
Email: hello@ginti.app
Legal/Business: info@srisadgurusoftware.com
Website: srisadgurusoftware.com