Ledgr

Privacy Policy

Ledgr is built on a simple principle: your financial data belongs to you. This policy explains what we access, what stays on your device, and how optional AI reports work.

Effective date: May 28, 2026 · App: Lucid Ledger (com.lucid.cost_tracking)

1. Who we are

Ledgr (Lucid Ledger) is an Android application for automatic expense tracking from bank SMS notifications. It is developed and operated by an individual developer based in Bangladesh. For questions, contact us at rifat@yourledgr.org.

2. What data Ledgr accesses

Ledgr requests the following Android permissions to function:

  • READ_SMS (required for core feature): Ledgr reads incoming and stored SMS messages from supported bank senders only. Current support covers Standard Chartered Bank Bangladesh, Eastern Bank Limited, Mutual Trust Bank, and BRAC Bank transaction alerts. It does not use personal messages, group chats, OTPs, or messages from unsupported senders for tracking.
  • POST_NOTIFICATIONS (optional): Used to send a notification when a transaction is detected with an unidentified merchant, so you can tag it. Also used for the optional daily reminder feature. You can decline this permission and the app continues to work.
  • RECEIVE_BOOT_COMPLETED (optional): Used to reschedule daily reminder alarms after device reboot if you have reminders enabled.
  • INTERNET: Used for optional AI reports, manual voice/text entry, and bounded anonymous beta metrics sync. The core SMS tracking and dashboard are local-first.
3. How data is stored

All transaction data, categories, merchant mappings, and settings are stored exclusively on your device using a local SQLite database (via Android Room). No account is required. No data is synced to a server. The core app works fully offline.

Ledgr also automatically exports your category and merchant mapping configuration to your device's Downloads folder as a JSON backup file. This file stays on your device and is never uploaded anywhere. You can delete it at any time.

4. AI reports (optional, requires explicit consent)

Ledgr includes optional AI-powered reports: the AI Spend Report on Today and the full monthly Spending Report. These reports explain spending patterns, changes, savings opportunities, and supporting evidence. AI reporting is disabled by default.

Before enabling it, you will see a consent screen explaining exactly what is sent. When you enable AI reports, the following may be transmitted to our backend API:

  • Aggregated spending totals by category, merchant, and time period.
  • Statistical summaries such as daily averages, top merchants, spending trends, and current challenge context.
  • An anonymous device identifier (randomly generated UUID, not tied to your identity).

The following is never transmitted:

  • Raw SMS message content.
  • Your name, phone number, bank account number, or any personally identifying information.
  • Individual transaction records with identifiable details.

When Demo Mode is active alongside real data, amounts are scaled by a privacy multiplier before transmission. Generated insights are cached on your device and reused so the API is not called repeatedly.

The AI backend uses a third-party large language model to generate report text. Aggregated data sent to our API may be processed by this model but is not used to train it under standard API terms.

5. Engagement metrics (beta only)

During the beta period, Ledgr records anonymized usage metrics such as app opens, Today usage, challenge activity, and monthly-focus engagement. These metrics are stored alongside a date, app version, and anonymous device identifier. No personal information is included.

Ledgr may sync aggregate metric rows to our backend once per foreground session or when you manually retry from Settings. Metric keys are validated to block sensitive terms, and synced metrics do not include raw SMS, merchants, categories, payment sources, notes, phone numbers, email addresses, or transaction details. You can still export local beta metrics from Settings for review.

6. Third-party services

We use the following third-party services:

  • Backend hosting: Processes API requests for AI reports, manual voice/text entry, and anonymous beta metrics sync where applicable.
  • AI model provider: Generates AI report text from summarized spending data when you opt in. Subject to the provider's API terms and privacy policy.

No analytics SDKs, advertising networks, or tracking libraries are embedded in the app.

7. Data retention and deletion

All data is stored on your device. You retain full control at all times:

  • Uninstalling the app deletes all app data, including your transaction database.
  • You can clear app data from Android Settings at any time.
  • Backup files in Downloads can be deleted manually.
  • There is no server-side account to delete because no account is created.
8. Children's privacy

Ledgr is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has used the app, contact us and we will assist with data removal.

9. Changes to this policy

We may update this privacy policy as the app evolves. Material changes will be communicated through the app or on this page. The effective date at the top will be updated with each revision. Continued use of the app after a change constitutes acceptance of the updated policy.

10. Contact

For privacy questions or data requests, contact us at rifat@yourledgr.org. We respond within 7 business days.