Ledgr

Privacy Policy

Ledgr is built on a simple principle: your financial data belongs to you. This policy explains what we access, what we store, and how optional AI features work.

Effective date: April 14, 2026 · App: Lucid Ledger (com.lucid.cost_tracking)

1. Who we are

Ledgr (Lucid Ledger) is an Android application for automatic expense tracking from bank SMS notifications. It is developed and operated by an individual developer based in Bangladesh. For questions, contact us at rifar@yourledgr.org.

2. What data Ledgr accesses

Ledgr requests the following Android permissions to function:

  • READ_SMS (required for core feature): Ledgr reads incoming and stored SMS messages from Standard Chartered Bank Bangladesh and Eastern Bank Limited only. It filters messages by sender address ("StanChart", "EBL"). It does not read personal messages, group chats, OTPs, or messages from any other sender.
  • POST_NOTIFICATIONS (optional): Used to send a notification when a transaction is detected with an unidentified merchant, so you can tag it. Also used for the optional daily reminder feature. You can decline this permission and the app continues to work.
  • RECEIVE_BOOT_COMPLETED (optional): Used to reschedule daily reminder alarms after device reboot if you have reminders enabled.
  • INTERNET: Required only when you use the AI insights feature. Not used otherwise.
3. How data is stored

All transaction data, categories, merchant mappings, and settings are stored exclusively on your device using a local SQLite database (via Android Room). No account is required. No data is synced to a server. The core app works fully offline.

Ledgr also automatically exports your category and merchant mapping configuration to your device's Downloads folder as a JSON backup file. This file stays on your device and is never uploaded anywhere. You can delete it at any time.

4. AI insights (optional, requires explicit consent)

Ledgr includes an optional AI-powered insights feature that generates spending forecasts, personality analysis, and savings recommendations. This feature is disabled by default.

Before enabling it, you will see a consent screen explaining exactly what is sent. When you enable AI insights, the following is transmitted to our backend API (hosted on Vercel):

  • Aggregated spending totals by category, merchant, and time period.
  • Statistical summaries (daily averages, top merchants, spending trends).
  • An anonymous device identifier (randomly generated UUID, not tied to your identity).

The following is never transmitted:

  • Raw SMS message content.
  • Your name, phone number, bank account number, or any personally identifying information.
  • Individual transaction records with identifiable details.

When Demo Mode is active alongside real data, amounts are scaled by a privacy multiplier before transmission. Generated insights are cached on your device and reused so the API is not called repeatedly.

The AI backend uses a third-party large language model (currently Google Gemini) to generate the analysis text. Aggregated data sent to our API may be processed by this model but is not used to train it under standard API terms.

5. Engagement metrics (beta only)

During the beta period, Ledgr records anonymized usage metrics on your device: app opens, challenge completions, and reminder deliveries. These metrics are stored locally alongside a date and app version. No personal information is included.

You can export these metrics yourself from Settings for review. They are not automatically uploaded to any server.

6. Third-party services

We use the following third-party services:

  • Vercel (backend hosting): Processes API requests for AI insights when you opt in. Vercel's privacy policy applies to data processed through their platform.
  • Google Gemini API: Generates AI insight text from aggregated spending data when you opt in. Subject to Google's API terms and privacy policy.

No analytics SDKs, advertising networks, or tracking libraries are embedded in the app.

7. Data retention and deletion

All data is stored on your device. You retain full control at all times:

  • Uninstalling the app deletes all app data, including your transaction database.
  • You can clear app data from Android Settings at any time.
  • Backup files in Downloads can be deleted manually.
  • There is no server-side account to delete because no account is created.
8. Children's privacy

Ledgr is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has used the app, contact us and we will assist with data removal.

9. Changes to this policy

We may update this privacy policy as the app evolves. Material changes will be communicated through the app or on this page. The effective date at the top will be updated with each revision. Continued use of the app after a change constitutes acceptance of the updated policy.

10. Contact

For privacy questions or data requests, contact us at rifar@yourledgr.org. We respond within 7 business days.