Legal

Privacy Policy

Last updated:

Overview

Alkemi is a personal finance app built on a single principle: your financial data belongs to you and never leaves your device. This policy explains exactly what data we collect, how we use it, and what we do not do.

Short version: we collect almost nothing, store everything locally on your phone, and have no servers that receive your financial data.

Data we collect and where it lives

Financial data (on-device only)

All financial data — transactions, account balances, budgets, savings goals, debts, and categories — is stored exclusively in a local SQLite database (alkemi.db) inside your device's private app sandbox. This database:

  • Is never uploaded to any server
  • Is not accessible to other apps on your device
  • Is deleted when you uninstall the app

SMS messages

Alkemi reads bank SMS messages to automatically capture transactions. The content of these messages is processed locally on your device by a regex-based parser. The raw SMS text is never stored persistently — only the parsed transaction data (amount, merchant, account, direction) is saved to your local database. SMS content is never transmitted anywhere.

Push notifications

Alkemi listens to notifications from a configurable list of trusted financial apps (e.g. Google Pay, PhonePe, Paytm, major bank apps). Notification content is parsed locally, the same way SMS is handled. Raw notification text is not stored or transmitted.

Backups

When you choose to export a backup, Alkemi encrypts the database file using XChaCha20-Poly1305 authenticated encryption with a key derived from your chosen password via Argon2id (64 MiB memory, 16-byte random salt). The encrypted file is then handed to your device's native share sheet — you choose the destination (local storage, Google Drive, email, etc.). Alkemi does not upload your backup to any Alkemi-controlled server.

Data we do NOT collect

  • We do not collect analytics or usage telemetry
  • We do not run advertising SDKs
  • We do not build a behavioural profile of you
  • We do not sync your data to a cloud service
  • We do not share your data with any third party
  • We do not request location, camera, microphone, or contacts permissions

Android permissions

Alkemi requests the following permissions and only these:

  • READ_SMS / RECEIVE_SMS — to read and listen for bank SMS messages for automatic transaction capture
  • POST_NOTIFICATIONS — to display reminders for debt due dates and recurring expenses
  • FOREGROUND_SERVICE — to run the notification listener reliably in the background
  • BIND_NOTIFICATION_LISTENER_SERVICE — to access push notifications from trusted financial apps

We do not request INTERNET for financial data access, ACCESS_FINE_LOCATION, READ_CONTACTS, CAMERA, or RECORD_AUDIO.

Waitlist (this website only)

If you submit your email address on this website to join the early-access waitlist, we store that email address in a secure database (Supabase) solely to send you a single notification when the app launches. We will not send marketing emails, share your email with third parties, or use it for any other purpose. You can request deletion of your email at any time by contacting us.

Children's privacy

Alkemi is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to this policy

If we make material changes to this policy, we will update the date at the top of this page. Since no financial data ever leaves your device, changes to this policy are likely to be minor.

Contact

Questions about this policy: shahma27@gmail.com