Privacy Policy

Project: FiCraft Last updated: 20 March 2026

Privacy Policy for FiCraft

Effective Date: March 20, 2026

Welcome to FiCraft (“we,” “our,” or “us”). We are committed to protecting your privacy. This Privacy Policy explains how your information is collected, used, and safeguarded when you use our mobile application (the “App”).

1. Our Core Privacy Principle: Offline-First

FiCraft is built on an offline-first architecture. All your personal and financial data is stored locally on your device. We do not currently have access to your data, nor do we transmit your financial records, SMS messages, or biometric data to any external servers.

2. Data We Access and How We Use It

A. SMS Permissions (Smart Inbox Feature)

To automate the tracking of your financial transactions, the App requests the READ_SMS permission.

What we do: The App strictly scans your SMS inbox for transactional alerts sent by banks, UPI providers (e.g. GPay, PhonePe, Paytm), and credit card issuers.
Local Processing Only: The reading, parsing, and extraction of transaction amounts and merchants happen 100% locally on your device.
No Cloud Transmission: We DO NOT upload, share, or transmit your personal text messages to our servers or any third parties.
Data Hashing: To prevent duplicate entries, the App generates a secure, anonymous mathematical hash (SHA-256) of processed messages, which is stored strictly on your local device database.

B. Financial Data

You may manually input or auto-approve financial data, including account names, balances, custom categories, and the last 4 digits of your accounts. This data is stored in a secure local database (SQLite) strictly within the App’s sandboxed environment on your device.

C. Biometric Data (App Lock)

If you enable the “App Lock” feature, the App uses your device’s native biometric hardware (FaceID / Fingerprint) via OS-level APIs. We do not collect, store, or have access to your biometric data. The authentication is handled entirely by your device’s operating system.

Because your data is stored locally on your device, we do not share, sell, or rent your personal or financial data to anyone.

You have the explicit option to export your own data as a CSV file and share it via your device’s native sharing capabilities. This action is entirely initiated and controlled by you.

4. Data Security

We utilize industry-standard practices to protect your data:

Sensitive preferences (like your security settings) are stored using encrypted secure storage (flutter_secure_storage).
We recommend utilizing your device’s built-in encryption and screen lock to further protect the local database.

5. Your Rights and Data Deletion

Because you hold your data locally, you have absolute control over it. You can delete all your data instantly by:

Deleting your accounts within the App.
Uninstalling the App or clearing the App’s storage via your device settings. (Note: Uninstalling the App will permanently destroy your financial records unless you have manually exported a backup).

6. Changes to This Privacy Policy

We may update this policy from time to time as we introduce new features (such as optional Cloud Sync). We will notify you of any changes by updating the “Effective Date” at the top of this policy.

7. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at: Email: ficraft@omkard.dev