Privacy Policy

App: WhereSpent (어디썼지?) for Android · Last updated: 2026-05-04

1. Summary

WhereSpent does not collect, transmit, or share any payment, location, or personal data with the developer. All such data is stored only on the user's device. The only exception is anonymous advertising identifiers used by Google AdMob in the free version of the app.

2. What data the app reads on-device

• Notification content — for a small set of payment-related notifications (banks, card issuers, payment apps), the app reads the title and body to extract amount and merchant. It does not read messenger, social, email, or other notifications.
• Approximate & precise location — once per detected payment, only at the moment a payment notification is received.
• SMS content — only if the user explicitly enables SMS detection (off by default) or runs the one-time past-SMS import.
• User-selected files — when the user picks a Google Takeout Records.json for the location-history import flow.

3. Where the data lives

Extracted records (date, amount, merchant, card last-4, location, address, user note) are written into the app's private SQLite database on the device. They are never transmitted to any developer-controlled server.

4. What the app sends off-device

By default: nothing. There is no sign-in, no developer account system, and no developer-side server that holds your data.

The following exceptions are explicit, opt-in, or industry-standard:

• Google Maps SDK (Map tab) — sends GPS tile requests to Google Maps to render the map. Google's privacy policy applies.
• Google AdMob (free version only) — serves anonymous ad impressions. AdMob receives the device advertising ID, approximate location, and standard ad targeting signals as required by AdMob policy. AdMob never receives your payment data, merchant names, notes, or precise location.
• User's own cloud backup (optional) — if enabled, the app writes a JSON/CSV export to a folder the user chooses in their own iCloud Drive or Google Drive via Android's Storage Access Framework. The developer does not see, route, or store this backup.
• Debug log upload (default off) — for in-development versions, anonymous logs may be sent to a test server (mms.koineu.com) when the user explicitly enables the toggle. Will be removed in production builds.

5. Permissions and why

• NotificationListenerService — required to read payment notifications from bank/card apps; this is the core feature.
• ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION — required to record location at the time of each payment.
• FOREGROUND_SERVICE / FOREGROUND_SERVICE_LOCATION — required to keep the location-fetch capability available while the phone is in the background.
• RECEIVE_SMS / READ_SMS (optional) — only if the user opts in to SMS detection.
• POST_NOTIFICATIONS — to display the foreground-service status notification.
• INTERNET — for Maps tile requests, AdMob, and optional cloud backup writes.

6. Data retention

The user chooses retention: 1 month / 6 months / 1 year (Pro) / unlimited (Pro). A daily background job auto-deletes records older than the chosen window.

7. User rights

• Access — the data is yours; view it any time inside the app.
• Export — full CSV export available from the Settings screen.
• Deletion — delete individual entries or all data from inside the app, or uninstall the app to remove everything.

8. Children

WhereSpent is not directed at children under 13. We do not knowingly collect data from children.

9. Changes

This policy may be updated when new features ship (e.g., subscription detection, AI BYO-key features). Material changes will be highlighted in the app's changelog.

10. Contact

Questions: contact the developer at hello@missmrcrazy.com.