Aveliq
Legal

Privacy Policy

Your privacy isn't a feature we bolted on — it's the foundation Aveliq is built on. This policy explains, in plain language, what we collect, why we collect it, and how we protect it.

Last updated: May 25, 2026

1. The short version

  • Aveliq reads only verified banking SMS — never personal messages, chats, or OTPs.
  • SMS parsing happens on your device. Raw message content never leaves your phone.
  • You can export or delete all your data at any time, from inside the app.
  • We never sell your data. We never share it with advertisers.

2. Information we process

2.1 SMS data (on-device only)

Aveliq requires SMS read permission on Android in order to detect banking transaction alerts. We scan only messages from verified bank sender IDs and transaction templates. Everything else — friends, family, OTPs, promotions — is ignored at the source. The raw text of your SMS is processed locally on your device and is never transmitted to our servers.

2.2 Transaction metadata

When Aveliq parses a banking SMS, it extracts only structured fields such as amount, merchant, channel, account masking, and timestamp. If you opt into cloud sync, this structured data — never the raw SMS — is encrypted before leaving your device and stored under your account.

2.3 Account & contact information

If you create an account or join the waitlist, we store your email, basic profile information, and account-related preferences. We use this only to operate the service, send transactional updates, and improve the product.

2.4 Diagnostic & usage data

With your consent, we collect anonymized crash reports and aggregate usage analytics. This data cannot be used to identify you and does not include the content of your transactions.

3. How we use your data

  • To detect and categorize your banking transactions on your device.
  • To generate AI insights and personalized recommendations.
  • To provide optional cloud backup and cross-device sync.
  • To improve reliability, security, and product quality.
  • To communicate important account or service updates.

4. How we protect your data

All cloud-synced data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are managed through a hardware-backed key management service and rotated regularly. Access to production systems is restricted, audited, and protected by hardware security keys.

5. Data sharing

We do not sell or rent your personal data. We share data only with vetted sub-processors strictly necessary to operate the service (e.g. cloud infrastructure providers), under strong contractual safeguards. We never provide data to advertisers or data brokers.

6. Your rights & controls

  • Access: You can view all the data Aveliq holds about you from inside the app.
  • Export: Download your transactions and account data in standard formats.
  • Delete: One tap removes your account and all associated data from our systems.
  • Revoke permissions: Disable SMS access at the OS level at any time.
  • Object/restrict: Contact us to limit processing for specific purposes.

7. Data retention

We retain your data only as long as your account is active. When you delete your account, your data is permanently removed from production systems within 30 days, and from backups within 90 days, except where applicable law requires longer retention.

8. International transfers

Aveliq operates globally. Where data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) and equivalent regional protections.

9. Children's privacy

Aveliq is not directed to children under 13 (or the applicable age in your jurisdiction). We do not knowingly collect personal data from children.

10. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you through the app or by email before they take effect.

11. Contact us

Questions, concerns, or requests? Email us at support@aveliq.app. Our team responds within 2 business days.