Name: Kiwi Money
Author: Kiwi Money

⚡TL;DR — The Quick Version

We prioritize on-device storage to keep your data under your control.
We collect your profile, subscription status, and transaction details. Promo scanning is an optional feature you can enable separately.
Your info is used solely to automate and categorize your expenses. We never sell it.
Data is encrypted, and sensitive info like OTPs is automatically filtered and discarded.
You can opt out of analytics or delete your account and data at any time.

🌍1. Scope and Jurisdiction

Kiwi Money is built in Sri Lanka and is governed by the Sri Lanka Personal Data Protection Act (PDPA).

Local First: We prioritize keeping sensitive financial information on your device.
Global Access: If you use Kiwi Money outside Sri Lanka, you consent to your data being handled according to Sri Lankan laws.

📥2. Information We Collect

Category	What We Collect	Why We Collect It
Bank SMS	Transaction details (amount, merchant, date, masked account) and the raw SMS for backend processing.	To automatically log expenses, categorize spending, and provide financial insights.
Promotional Bank SMS (optional)	Promotional offers and discounts sent by your banks (merchant, discount, card type, validity dates) and the raw SMS for parsing.	To display card offers and discounts from your banks in one place. Only collected if you enable promo scanning.
Profile & Login	Name, email, and profile picture via Google Sign-In.	To manage your account and user profile.
Subscriptions	Plan IDs and purchase receipts.	To manage your premium features.
App Usage	Anonymized screen views and crash logs.	To fix bugs and improve the app.
Referrals	Your unique referral code, referrer-invitee relationships (who invited whom), Conversion status, subscription status (free or paid), and reward fulfillment records (months credited, lifetime granted).	To operate the referral program, track reward eligibility, apply subscription extensions, and prevent abuse.
Research & Feedback	Responses to qualifying questions, call recordings and transcripts (only with your consent), and notes from research conversations.	To understand how Kiwi is used and decide what to build next.

⚙️3. How We Use Your Information

Automation & Insights: We process and store specific transaction data on our servers to provide accurate categorization and spending insights.
Personalization: To manage your profile and features like leaderboards.
Referral Program: We process referral data to track Conversions, determine reward eligibility, apply subscription extensions through RevenueCat, and detect fraudulent or abusive activity. When your App syncs with our servers, it sends your subscription status (free or paid) and referral state so we can calculate and apply any pending rewards.
Promos (Optional): If you enable promo scanning, we process promotional SMS from your banks to display offers in the app. We do not use this data for advertising, share it with merchants, or send it to third parties.

🔒

Our Promise: We will only use your financial data for personalized recommendations if you explicitly opt-in. We never sell your data to third parties.

🚫4. What We Don't Do (The Boundaries)

No Selling Data: We do not sell, rent, or trade your information.
No Bank Access: We never ask for your bank login or passwords.
No Snooping: We only read messages from your banks, never personal texts or OTPs. If you enable promo scanning, we also read promotional messages from your banks, and nothing else.
No Hidden Tracking: We do not track your physical location. We do not use your financial data for external advertising. We use limited, anonymized data for ad measurement purposes only (see Section 5).

🤝5. Third-Party Services

We use trusted partners who only have access to the data necessary to perform their tasks:

RevenueCat: Manages your subscriptions, payments, and referral reward fulfilment (subscription extensions and lifetime entitlements). When you earn a referral reward, we instruct RevenueCat to extend your billing period or grant a lifetime entitlement on your behalf.
WinWinKit: Platform used to store referral codes, referrer-invitee relationships, and Conversion records. This is used solely to operate the referral program.
Meta (Facebook): Receives anonymized app event data (such as app installs, trial starts, and subscription events) to measure the performance of our advertising campaigns. Meta does not receive your financial transaction details, bank SMS content, or spending data. You can opt out of ad tracking on iOS via your device's App Tracking Transparency settings, or on Android via your device's ad personalization settings.
Mixpanel: Collects anonymized usage data to help us improve.
Google: Provides secure login, personal Google Drive backup space, and intelligent AI tools to help accurately categorize your spending and extract promotional offers from bank SMS.
Fathom: Records and transcribes research calls to help us take notes, only when you give consent at the start of the call. Recordings and transcripts are stored securely and used only for internal research. You can decline recording and we'll take manual notes instead.

🛡️6. Data Security

Encryption: All data sent to our servers for categorization is encrypted in transit and at rest.
Filtered by Design: Our backend only processes messages from your banks. For transaction scanning, we keep only transaction details. For promo scanning (if enabled), we keep only promotional content. All other message types are ignored.
Age Limit: Kiwi Money is for users 18 and older.

📂7. Your Data, Your Control

Backups: Your financial data is backed up to your personal Google Drive. We do not have access to this data.
Opt-out: You can opt out of analytics tracking at any time by contacting us.
Deletion: You have the right to request the deletion of your account and any data we hold.
Opting Out of Promos: Promo scanning starts only when you enable it in the Promos screen. To stop processing promotional SMS, you can request account deletion at any time, which removes all your data including transactions and promos. See "Deletion" above.
Referral Data: If you delete your account, your referral code is deactivated and your referral relationships are removed from our servers. Invitees who already claimed your code and received rewards retain those rewards, but no further Conversions will be tracked. If you are an Invitee, deleting your account does not reverse the Conversion credit given to your referrer.

🔑8. Your Responsibility

You are responsible for your device security. Kiwi Money is not liable for unauthorized access caused by:

Sharing your Google credentials.
Leaving your device unlocked.
Allowing others physical access to your phone.

📬Questions?

If you have any questions about this policy or your data, please reach out to us.

For our terms and conditions, please see our Terms of Use.

support@kiwi-money.com