Skip to content
03Privacy policy

Ledgerly

This policy explains what Ledgerly, an Android app for personal finance, does with your information, and the choices you have. It is written to be read.

Ledgerly is developed and published by Mad Max Labs, a sole proprietorship. In this policy, the words we and us mean Mad Max Labs, and Ledgerly or the app means the Ledgerly Android app.

Ledgerly is built to keep your financial life on your phone. It has no user accounts and no sign-in. Your transactions, balances, budgets, and forecasts are created and stored on your device, and we operate no server that receives or holds them. A small number of optional features can send specific data off your device when you choose to use them, including the optional paid Ledgerly AI subscription. This policy names every one of them, says what is sent and to whom, and explains how to turn each one off.

Last updated 8 July 2026

The short version

If you read nothing else:

  • Ledgerly has no account and no login. The app never asks for your name, email, or phone number. If you buy the optional Ledgerly AI subscription on our website, we collect the email address, and the phone number if you choose to give one, that you enter at checkout, and payment itself is handled by Razorpay.
  • Your financial data is created and kept on your device. We do not hold a copy of it.
  • To capture your spending automatically, Ledgerly reads incoming SMS, and, only with your separate permission, certain on-screen order details and certain payment notifications. If you ask it to, it can also read your SMS inbox once to import your past transactions. All of this processing happens on your device.
  • Some optional features can send data off your device, and only when you ask them to: the AI features (to OpenAI using your own key, or through the Ledgerly AI service if you subscribe), receipt and statement import when you have set an OpenAI key, the INR Deals offers feature, web link previews, and subscription brand logos, which are fetched from Google's icon service only if you turn them on. Each is described below.
  • Ledgerly has no advertising, no analytics or tracking tools, and we do not sell or share your data.

Reading SMS

Ledgerly reads SMS so it can build your ledger without you typing every purchase in by hand. It does this in two ways: it listens for new messages as they arrive, and, only when you ask it to, it can read your existing inbox once to import your past transactions.

Listening for new messages uses the RECEIVE_SMS permission. This covers only new messages that arrive while Ledgerly is installed. When a message arrives, Ledgerly examines it on your device to see whether it looks like a financial transaction, that is, whether it contains transaction wording such as spent, debited, credited, or paid, together with an amount. Messages that do not match this pattern, including personal messages and promotional messages, are ignored and are not stored.

Importing your history uses the READ_SMS permission, and Ledgerly uses it for exactly one thing: the optional Import SMS history feature. Nothing happens until you open the import yourself, choose how far back to scan (30, 60, or 90 days, or all messages), and start the scan from its consent screen. Ledgerly then reads your SMS inbox once, on this device. Bank debit and credit messages become suggested transactions, everything else is ignored, and you review the full list before anything is saved. Transactions Ledgerly already knows about are skipped, possible duplicates are pointed out for you to decide, and you can remove an import afterwards from the same screen. Your messages are never uploaded.

For a message that does match, whether it arrived live or was found by the import, Ledgerly keeps only the parsed details it needs: the amount, a merchant or description, the date and time, an identifier for the sending bank or service, and the last four digits of the card or account when the message includes them. The original text of the message is not stored. All of this happens on your device, and none of it is sent to us or to anyone else.

The accessibility service

Ledgerly includes an optional accessibility service. When you turn it on, it can read item and price details from your orders inside shopping and food-delivery apps, so that a single order becomes an itemized list in your ledger.

This service is turned off by default. It does nothing unless you enable it yourself in your phone's accessibility settings. When it is enabled, it is limited in three ways:

  • It works only within a fixed list of supported apps that is built into Ledgerly and cannot be edited by you. In this version that list is Blinkit, Zepto, Swiggy, Instamart, Zomato, Amazon, Uber Eats, Flipkart, Shopsy, BigBasket, Myntra, Nykaa, AJIO, Dunzo, Google Pay, PhonePe, and Paytm, including their Lite variants. It does not read banking apps, messaging apps, or any app outside this list.
  • Item capture runs only when you actively ask for it, by tapping Ledgerly's capture button, its Quick Settings tile, or an action on a Ledgerly notification. It does not capture in the background.
  • Ledgerly can show you a confirmation, asking whether to log a purchase, before it saves what it has captured.

As part of a capture you have started, the service can also take a screenshot of the supported app's screen, so that the product image for that order can be saved alongside it. This happens only for a capture you triggered yourself. The image is cropped to the relevant product tile where Ledgerly can find it, and otherwise kept whole so you can crop it yourself; either way it is stored on your device and never uploaded.

The details captured this way, such as item names, prices, fees, and product images, are processed and stored on your device. They are not transmitted off your device.

Two related features use the same service and are also optional and off by default: the pre-swipe card nudge, which can suggest a card on a checkout screen inside the supported apps before you pay, and the on-screen spending reminder. If you turn the pre-swipe nudge on, it watches for checkout screens within those supported apps in order to show its suggestion.

Notification access

Ledgerly includes an optional notification reader. When you turn it on, it reads payment notifications so it can capture transactions that reach you that way. This is separate from SMS reading and from the accessibility service, and it is off until you grant notification access yourself.

When it is enabled, Ledgerly reads notifications only from a fixed set of payment apps: Google Pay, Paytm, PhonePe, and BHIM. This covers UPI payments that never generate an SMS, so they still land in your ledger. Ledgerly does not read any notification that is not a payment alert, and it ignores notifications from every app outside this set.

As with SMS, Ledgerly keeps only the parsed transaction details, not the original notification text, and this happens on your device.

Importing receipts and statements

You can import receipt photos and PDF statements into Ledgerly. Ledgerly only ever processes a file that you choose and hand to it. It does not browse or scan your photo library or your files on its own.

By default, Ledgerly reads an imported receipt or statement on your device, using Google's on-device ML Kit text recognition. In this default mode, the file does not leave your device.

If you have added your own OpenAI API key, described in the next section, import works differently: the receipt image or PDF you are importing is sent to OpenAI to be read. If you would prefer that imported files never leave your device, do not add an OpenAI key, or remove the one you have added.

Photos and media

Ledgerly requests access to images on your device for one narrow purpose. When you use the accessibility service's option to capture from a screenshot you have taken, Ledgerly briefly checks your device's media store to find that specific screenshot and attach it to the transaction. Ledgerly does not scan, browse, or upload your photo gallery.

Separately, the accessibility service itself can take a screenshot of a supported shopping app during a capture you triggered, as described under The accessibility service above. Those images are cropped and stored on your device only.

AI features and OpenAI

Ledgerly has six optional features that use an AI language model: the AI insight narrator, the Card Concierge chat, the wallet roast, the loan-reminder drafter, the goal price estimator, and AI-assisted import of receipts and statements.

These features are off until you set one of two things up in Settings: your own OpenAI API key (bring-your-own-key), or a Ledgerly AI subscription key. With your own key, calls go directly from your device to OpenAI and are billed to your own OpenAI account. Ledgerly ships with no built-in API key, so without one of these the AI features do nothing.

If you would rather not manage an OpenAI account, you can buy the optional Ledgerly AI subscription from our website. When it is active, the text AI features route through the Ledgerly AI service, a proxy server operated by Mad Max Labs on DigitalOcean infrastructure. The proxy authenticates your subscription key, applies fair-use limits, and forwards the request to the hosted model, which is currently an open-weight model served by DigitalOcean's inference service, not OpenAI. To meter usage, our service logs request counts, token counts, the model requested, timing, and result status. It does not store the content of your requests or of the answers. AI-assisted import of receipts and statements is not part of the hosted service and still requires your own OpenAI key. The subscription itself is described in the next section.

Your OpenAI API key and your Ledgerly AI subscription key are stored on your device, encrypted with AES-GCM keys held in the Android Keystore system, and are excluded from Android's cloud backup.

Data is sent only at the moment you actively use one of these features, never in the background. What is sent depends on the feature:

  • The five text features (the narrator, the Card Concierge, the roast, the loan-reminder drafter, and the goal price estimator) send summarized figures, not your raw list of transactions. For example: monthly totals, your top merchants or items, fee totals, a summary of the cards you have added, and, for the Card Concierge, the question you type. The one that carries more detail is the loan-reminder drafter: to write the note, it sends the name you have recorded for that friend and the amount and dates of the specific loan you picked.
  • AI-assisted import sends the receipt image or PDF file that you are importing.

When you use your own key, anything you send is handled by OpenAI under its own terms and privacy policy, which you can read at openai.com/policies/privacy-policy, and Mad Max Labs does not receive, store, or relay it. When you use the Ledgerly AI subscription, requests pass through the Ledgerly AI service in transit and are processed by DigitalOcean as our infrastructure provider, under DigitalOcean's privacy policy; we keep the usage-metering records described above and nothing else.

The Ledgerly AI subscription

The Ledgerly AI subscription is an optional paid plan, bought on our website, that lets the text AI features run without your own OpenAI key. If you never subscribe, nothing in this section applies to you.

When you subscribe, here is what happens with your information:

  • At checkout you give us an email address, and optionally a phone number. We use them to connect your payment to your access key and to help you if something goes wrong. We do not use them for marketing and we do not share them, except with Razorpay as part of processing the payment, and except that the rate-limit check protecting our checkout sees the email address to stop abuse.
  • Payment is processed by Razorpay, a payment processor regulated in India. Your card or UPI details go to Razorpay, not to us; we never see or store them. Razorpay's handling of your data is covered by Razorpay's privacy policy.
  • After payment, we create your personal access key and hold a small subscription record: the subscription and payment identifiers Razorpay gives us, your email, your phone number if you gave one, your access key, and the usage-metering records described in the AI section.
  • If you cancel, or a renewal charge finally fails, your access key is deactivated when the subscription ends. You can cancel at any time; how to cancel, and how refunds work, is described in our refund and cancellation policy and terms.

You can ask us to delete your subscription record after your subscription has ended by writing to the contact address at the end of this policy.

INR Deals offers

Ledgerly can show cashback and affiliate offers through a third-party service called INR Deals. This feature is off until you enter an INR Deals token in Settings.

If you connect it, Ledgerly runs a once-a-day background sync with the INR Deals service. That sync sends your INR Deals token, a publisher identifier, a random identifier that was generated on your device, and a range of dates. It does not send your transactions, your balances, or any of your spending data. When you choose to open an offer, Ledgerly opens an INR Deals affiliate link in your browser.

The random identifier is not tied to your name and is not sent to us; it stays between your device and INR Deals. If you never connect INR Deals, none of this takes place.

Subscription brand logos

On the subscriptions screen, Ledgerly can show real brand logos for the services you track, such as the Netflix logo next to your Netflix subscription. This feature is off by default. The app asks you before turning it on, and until you agree it shows letter tiles and icons generated on your device.

If you turn it on, Ledgerly fetches each logo from Google's favicon service, a Google web service that returns a website's icon. The only thing sent is the web domain of the brand, such as netflix.com, taken from a fixed list of known services built into the app. Your amounts, transactions, subscription prices, and SMS content are never part of the request. Google can see which brands' logos were requested, along with your device's network address, and handles the request under Google's privacy policy.

Fetched logos are cached on your device. If you turn the feature off in Settings, Ledgerly stops fetching and deletes the cached logos.

What leaves your device, at a glance

To put it in one place, here is everything Ledgerly can send off your device:

  • AI features: summarized figures, or a file you are importing, sent to OpenAI using your own key, and only when you use the feature.
  • Ledgerly AI subscription: if you subscribe, the text AI features' summarized figures travel through the Ledgerly AI service to its hosted model on DigitalOcean, instead of going to OpenAI, as described in the AI section.
  • Receipt and statement import: the file you are importing, sent to OpenAI, and only if you have added an OpenAI key.
  • INR Deals: a token, a publisher identifier, a random identifier, and dates, sent to INR Deals, and only if you connect it.
  • Web link previews: a request to a website you have linked to, in order to build a preview, unless you turn this off.
  • Subscription brand logos: the web domain of a known service, such as netflix.com, sent to Google's favicon service, and only if you have turned the feature on.
  • Android backup: a copy of the app's data may be included in your own device backup, as described under Storage below.

Ledgerly carries out no other transmission of your data, and everything in this list is optional or can be switched off. Your ledger itself never routes through a Mad Max Labs server. The one server we do operate, the Ledgerly AI service, receives only what the AI section describes, only for subscribers, and stores none of it beyond usage metering.

What Ledgerly does not do

Some things are easier to state plainly:

  • Ledgerly has no user account and no login.
  • We operate no server that stores your financial data. Your ledger lives on your device, not with us.
  • Ledgerly contains no advertising and no advertising software.
  • Ledgerly contains no analytics, telemetry, or usage-tracking software. The only counting we do anywhere is the Ledgerly AI service's fair-use metering for subscribers, described in the AI section; the app itself reports nothing.
  • We do not sell, rent, or trade your personal or financial data, and we do not use it to build advertising or marketing profiles.

On crash reporting: Ledgerly includes no third-party crash-reporting or analytics tool. If you install Ledgerly from Google Play once it is listed there, Google provides us with aggregated, anonymized stability information, such as overall crash rates, through Google Play's standard reporting for developers. This is a Google Play platform service. It is not something Ledgerly's own code collects or sends, it does not identify you, and it does not apply to direct APK installs from our website.

Storage, security, and backups

Your data is stored in a database on your device. Sensitive items, such as your OpenAI API key and your Ledgerly AI subscription key, are encrypted using the Android Keystore system.

Ledgerly allows Android's own backup feature to operate. This means that a copy of Ledgerly's on-device data may be included in the backup that Android makes to your personal Google account, depending on the backup settings on your device. That backup is created and controlled by Google and by you, through your Android settings. It is not a transfer of data to Mad Max Labs. Your encrypted keys are excluded from this backup. You can turn backup off for Ledgerly in your Android settings.

Permissions Ledgerly uses

The main Android permissions Ledgerly uses, and the reason for each:

  • Receive SMS: to read incoming transaction messages as they arrive, as described above.
  • Read SMS (optional): used for exactly one thing, the one-time Import SMS history feature, which only ever runs when you start it yourself. The scan happens on your device, you review everything before it is saved, and your messages are never uploaded.
  • Accessibility service: to capture itemized order details inside the supported shopping apps, and to power the optional pre-swipe card nudge and on-screen spending reminder, which draw over those apps through the accessibility overlay. Ledgerly does not hold Android's separate Display-over-other-apps permission.
  • Notification access: to read payment notifications from the supported payment apps.
  • Notifications: to show capture confirmations, alerts, and reminders. Android asks you to allow this separately.
  • Foreground service: to keep the optional capture service running reliably while you shop, with a visible persistent notification.
  • Battery-optimization exemption (optional): so aggressive battery managers do not silently stop capture. Ledgerly only requests this when you enable the features that need it, and you can refuse.
  • Access to images: to attach a screenshot you have chosen to capture from, as described under Photos and media.
  • Internet access: to support the optional features that contact OpenAI, the Ledgerly AI service, INR Deals, or a website you have linked to.

Each permission that involves reading SMS, screen content, or notifications must also be granted by you within Android itself, separately from installing the app.

Your rights and choices

Ledgerly is made for users in India, and this policy follows the principles of the Digital Personal Data Protection Act, 2023.

Because Ledgerly keeps your data on your device, and we hold no copy of it, you are in direct control of that data:

  • You can see all of your data inside the app at any time.
  • You can correct it: any transaction can be edited or recategorized in the app.
  • You can erase it: you can delete individual entries, clear data from Settings, or uninstall Ledgerly, which removes its data from your device. Because we keep no server-side copy of your ledger, there is nothing financial held by us for you to request the deletion of. The one record we can hold is the Ledgerly AI subscription record described above, and you can ask us to delete it once your subscription has ended.
  • You can withdraw consent: apart from web link previews, which are on by default and can be switched off, every feature that sends data off your device is off until you enable it yourself. You can withdraw that consent at any time by turning the feature off, removing your OpenAI key, switching the Ledgerly AI card away from Subscription, or disconnecting INR Deals.

If you have a question or a complaint about privacy, you can contact us using the details at the end of this policy, and we will respond.

Children

Ledgerly is intended for adults managing their own money. It is not directed at children, and we do not knowingly collect data from children. Under the Digital Personal Data Protection Act, 2023, processing the personal data of a person under the age of 18 in India requires verifiable consent from a parent or guardian. Ledgerly is not designed for use by anyone under 18.

Contact and updates

This policy is in effect now, and it covers Ledgerly as it is distributed today: as an APK installed directly from us, in early access. When Ledgerly launches on Google Play, the same policy will govern that release.

If we change this policy, we will update the date at the top, and we will note any significant change inside the app.

Ledgerly is published by Mad Max Labs, the trading name of Syed Zaid, who operates as a sole proprietor. Syed Zaid is the data fiduciary responsible for the personal data described in this policy.

For any question, request, or complaint about this policy or your privacy, you can contact us at madmaxlabsllc@gmail.com. We will respond.