iOSAndroid

Privacy Policy

Kiwi Money ("we," "us," or "our") is committed to protecting your personal data in compliance with Sri Lanka's Personal Data Protection Act. This policy explains how we handle your information in the Kiwi expense-tracking app. By using our service, you agree to these terms.

Last updated: 28 February 2026

TL;DR — The Quick Version
  • We prioritize on-device storage to keep your data under your control.
  • We only collect your profile, subscription status, and necessary transaction details.
  • Your info is used solely to automate and categorize your expenses. We never sell it.
  • Data is encrypted, and sensitive info like OTPs is automatically filtered and discarded.
  • You can opt out of analytics or delete your account and data at any time.

🌍1. Scope and Jurisdiction

Kiwi Money is built in Sri Lanka and is governed by the Sri Lanka Personal Data Protection Act (PDPA).

  • Local First: We prioritize keeping sensitive financial information on your device.
  • Global Access: If you use Kiwi Money outside Sri Lanka, you consent to your data being handled according to Sri Lankan laws.

📥2. Information We Collect

CategoryWhat We CollectWhy We Collect It
Bank SMSTransaction details (amount, merchant, date, masked account) and the raw SMS for backend processing.To automatically log expenses, categorize spending, and provide financial insights.
Profile & LoginName, email, and profile picture via Google Sign-In.To manage your account and user profile.
SubscriptionsPlan IDs and purchase receipts.To manage your premium features.
App UsageAnonymized screen views and crash logs.To fix bugs and improve the app.
ReferralsYour unique referral code, referrer-invitee relationships (who invited whom), Conversion status, subscription status (free or paid), and reward fulfillment records (months credited, lifetime granted).To operate the referral program, track reward eligibility, apply subscription extensions, and prevent abuse.

⚙️3. How We Use Your Information

  • Automation & Insights: We process and store specific transaction data on our servers to provide accurate categorization and spending insights.
  • Personalization: To manage your profile and features like leaderboards.
  • Referral Program: We process referral data to track Conversions, determine reward eligibility, apply subscription extensions through RevenueCat, and detect fraudulent or abusive activity. When your App syncs with our servers, it sends your subscription status (free or paid) and referral state so we can calculate and apply any pending rewards.
🔒

Our Promise: We will only use your financial data for personalized recommendations if you explicitly opt-in. We never sell your data to third parties.

🚫4. What We Don't Do (The Boundaries)

  • No Selling Data: We do not sell, rent, or trade your information.
  • No Bank Access: We never ask for your bank login or passwords.
  • No Snooping: We use automated filters to isolate transactions and instantly discard non-financial content.
  • No Hidden Tracking: We do not track your physical location. We do not use your financial data for external advertising. We use limited, anonymized data for ad measurement purposes only (see Section 5).

🤝5. Third-Party Services

We use trusted partners who only have access to the data necessary to perform their tasks:

  • RevenueCat: Manages your subscriptions, payments, and referral reward fulfilment (subscription extensions and lifetime entitlements). When you earn a referral reward, we instruct RevenueCat to extend your billing period or grant a lifetime entitlement on your behalf.
  • WinWinKit: Platform used to store referral codes, referrer-invitee relationships, and Conversion records. This is used solely to operate the referral program.
  • Meta (Facebook): Receives anonymized app event data (such as app installs, trial starts, and subscription events) to measure the performance of our advertising campaigns. Meta does not receive your financial transaction details, bank SMS content, or spending data. You can opt out of ad tracking on iOS via your device's App Tracking Transparency settings, or on Android via your device's ad personalization settings.
  • Mixpanel: Collects anonymized usage data to help us improve.
  • Google: Provides secure login, personal Google Drive backup space, and intelligent AI tools to help accurately categorize your spending.

🛡️6. Data Security

  • Encryption: All data sent to our servers for categorization is encrypted in transit and at rest.
  • Filtered by Design: Our backend is programmed to identify and keep only transaction-related data, ignoring everything else.
  • Age Limit: Kiwi Money is for users 18 and older.

📂7. Your Data, Your Control

  • Backups: Your financial data is backed up to your personal Google Drive. We do not have access to this data.
  • Opt-out: You can opt out of analytics tracking at any time by contacting us.
  • Deletion: You have the right to request the deletion of your account and any data we hold.
  • Referral Data: If you delete your account, your referral code is deactivated and your referral relationships are removed from our servers. Invitees who already claimed your code and received rewards retain those rewards, but no further Conversions will be tracked. If you are an Invitee, deleting your account does not reverse the Conversion credit given to your referrer.

🔑8. Your Responsibility

You are responsible for your device security. Kiwi Money is not liable for unauthorized access caused by:

  • Sharing your Google credentials.
  • Leaving your device unlocked.
  • Allowing others physical access to your phone.

📬Questions?

If you have any questions about this policy or your data, please reach out to us.

For our terms and conditions, please see our Terms of Use.

support@kiwi-money.com