Privacy Policy

Your privacy is important to us. Learn how ExLog protects your data.

Questions about our Privacy Policy? Contact us at privacy@exlog.app

Table of Contents

1. Overview

ExLog ("we," "us," "our," or "App") is an intelligent expense tracking application designed to help users manage their finances efficiently. We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information.

This Privacy Policy explains our practices regarding data collection and protection. By downloading and using ExLog, you agree to the terms outlined in this policy. If you do not agree with our practices, please do not use the App.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Email address, name, password (encrypted), profile preferences
  • Transaction Data: Manual transaction entries, category assignments, payee information, amounts, dates, notes
  • Category Preferences: Custom categories, spending limits, notification preferences
  • CSV Import Data: Historical financial data uploaded through our import feature

2.2 SMS Data

ExLog requests access to your SMS messages solely to automatically parse bank and UPI transaction notifications. We:

  • Only read SMS messages from banking institutions and UPI service providers
  • Extract transaction details (amount, payee, date, transaction type)
  • Do NOT store, transmit, or share the raw SMS content to any external servers
  • Process all SMS data locally on your device
  • Allow you to control which SMS messages are imported

2.3 Device Information

  • Device Type & OS: iPhone model, iOS version
  • Location Data (Optional): GPS location only when explicitly enabled by you for transaction geo-tagging
  • Crash & Performance Data: Anonymized analytics through Firebase Crashlytics
  • Usage Analytics: App usage patterns to improve user experience

2.4 Automatically Collected Information

  • Cookies & Local Storage: Authentication tokens, user preferences, cached data
  • IP Address: For security, fraud detection, and service improvement
  • Timestamps: When you access the App and perform actions
  • Firebase Analytics: Anonymous usage data for improving the App

3. How We Use Your Information

We use the information we collect for the following purposes:

To Provide Services

Enable core features such as SMS parsing, transaction tracking, categorization, analytics, reminders, and cloud synchronization

To Improve the App

Analyze usage patterns, fix bugs, optimize performance, and develop new features based on user feedback

To Maintain Security

Detect fraud, prevent unauthorized access, and protect your account and financial data

To Communicate

Send transaction reminders, app updates, support messages, and legal notices

To Comply with Law

Respond to legal requests, law enforcement inquiries, and enforce our Terms of Service

4. SMS Access & Privacy

Important: SMS Security & Privacy Commitment

Your bank and UPI SMS messages contain sensitive financial information. ExLog handles this data with the highest level of security and transparency.

4.1 SMS Processing

  • All SMS parsing occurs locally on your device
  • We extract only the transaction amount, payee name, date, and transaction type
  • Raw SMS text is never transmitted to our servers
  • You retain full control—permission can be revoked anytime in iOS Settings

4.2 What We Don't Do

  • ❌ We never share SMS content with third parties
  • ❌ We never store raw SMS text on our servers
  • ❌ We never use SMS data for advertising or marketing
  • ❌ We never sell your financial data
  • ❌ We never cross-reference SMS with other data for profiling

4.3 Your Control

You can revoke SMS access at any time through iOS Settings → ExLog → Messages. Doing so will disable automatic SMS importing, but you can still manually enter transactions.

5. Data Security

5.1 Encryption

  • In Transit: All communication with Firebase uses TLS 1.2+ encryption
  • At Rest: Firebase Firestore encrypts data at rest using AES-256
  • Local Storage: Sensitive data on your device is encrypted using iOS Keychain
  • Password: Passwords are never stored; Firebase handles hashing with bcrypt

5.2 Access Controls

  • Firebase security rules restrict access to your own data
  • Multi-factor authentication (via Firebase Auth) for enhanced account security
  • Staff access to data is restricted and logged
  • Regular security audits and penetration testing

5.3 Limitations

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security. We will notify you of any data breach affecting your personal information as required by law.

6. Data Retention

Data Retention Timeline

Account Active:
All data retained as long as your account is active
30 Days After Deletion:
We retain data for 30 days to allow account recovery
After 30 Days:
All personal data is permanently deleted (backups retained for 90 days for disaster recovery)
Legal Requirements:
We may retain data longer if required by law (tax/financial regulations)

7. Third-Party Services

ExLog uses the following third-party services:

Firebase (Google Cloud)

Authentication, Firestore database, Cloud Messaging, Analytics, Crashlytics

Google Privacy Policy →

Apple (iOS Framework)

Device identification, SMS access, location services, push notifications

Apple Privacy Policy →

These third parties have their own privacy policies. We are not responsible for their data practices. Review their privacy policies before using ExLog.

8. Your Rights

8.1 Access & Portability

You have the right to access your personal data and request a copy in a portable format. Contact us for a data export request.

8.2 Correction & Deletion

You can update your account information anytime within the App. You can also request complete account and data deletion through Settings → Account → Delete Account.

8.3 Opt-Out Rights

  • Disable notifications in iOS Settings
  • Revoke SMS/Location permissions anytime
  • Opt-out of analytics through App Settings
  • Unsubscribe from marketing emails

8.4 Regulatory Rights

If you are in the EU (GDPR), California (CCPA), or other regulated regions, you have additional rights including data access, erasure ("right to be forgotten"), and objection to processing. Contact us to exercise these rights.

9. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Material changes will be announced through the App or via email to your registered address.

Your continued use of ExLog after changes become effective constitutes your acceptance of the updated policy. We recommend reviewing this policy regularly.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Mailing Address

ZeroByte Technologies
India

Last Updated: April 2, 2026
Effective Date: April 2, 2026