💳 RuPay Benefits Tracker

Privacy Policy

Last updated: June 2025

🔒 Your data stays yours

This Privacy Policy explains how RuPay Benefits Tracker ("the App") collects, uses, and protects your information. By using the App, you agree to the practices described below.

1. Who Can Access This App

RuPay Benefits Tracker is a private application. Access is restricted to authorized email addresses only. Unauthorized users are shown a "Private App" screen and cannot access any data.

2. Information We Collect

• Google Account Info: Your name and email address, obtained via Google Sign-In, used solely to authenticate your identity.
• Gmail Data: When you connect Gmail, the App reads emails matching RuPay benefit patterns to extract voucher/coupon codes. Only email metadata and body text are processed. No emails are stored on any server.
• Card & Benefit Data: Bank card names, benefit details, and quarterly tracking data you manually enter are stored in Firebase Firestore, linked to your user ID.
• Promo Code Cache: Extracted promo codes are cached in Firebase Firestore and your device's localStorage to avoid repeated Gmail scans.

3. How We Use Your Information

• Authenticate you and restrict access to authorized users only
• Display your RuPay card benefits and track quarterly usage
• Extract and display promo/voucher codes from your Gmail
• Sync your data across your devices via Firestore

We do not use your information for advertising, analytics, or any commercial purpose.

4. Gmail Access

The App requests read-only Gmail access (gmail.readonly scope) solely to scan for RuPay benefit emails. Specifically:

• Only emails matching RuPay-related search queries are fetched
• Email content is processed in your browser — it is never sent to any third-party server
• Gmail access tokens are stored locally on your device and expire within 55 minutes
• You can revoke Gmail access at any time via Google Account Permissions

5. Data Storage

• Firebase Firestore: Card data and promo code cache stored at users/{your_uid}/ — only accessible by you
• localStorage: Device-local cache for instant loading; cleared when you switch Gmail accounts
• No third-party sharing: Your data is never sold, shared, or transmitted to any third party

6. Data Security

Firebase Firestore security rules ensure only authenticated users can read or write their own data. All connections use HTTPS/TLS encryption. App Check with reCAPTCHA v3 prevents unauthorized API access.

7. Data Retention & Deletion

Your data is retained as long as your account exists. To delete all your data, contact the app owner. Gmail access can be revoked independently via Google Account settings without affecting Firestore data.

8. Third-Party Services

• Firebase (Google) — authentication, database, hosting
• Google Identity Services — Gmail OAuth
• Gmail API — email reading

9. Changes to This Policy

This policy may be updated occasionally. Continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact

For privacy questions or data deletion requests, contact: mesdpw4@gmail.com

---