← Back

Privacy Policy

Last updated: April 14, 2026

1. Introduction

This Privacy Policy explains how Odit ("the Service") collects, uses, stores, and safeguards your information, with particular attention to the SMS banking data that powers the Service. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Name and email address;
  • Account credentials (passwords are hashed and never stored in plain text);
  • Social login profile data (if you sign up via Google or GitHub);
  • Your consent status and timestamps for these Terms and Privacy Policy.

2.2 SMS Data

The core of the Service involves reading SMS messages from your Android device and syncing them to our servers. The scope of which messages are synced depends on the Privacy Mode you select (see Section 3). For each synced message, we collect:

  • Raw message content: The full text body of each SMS;
  • Message metadata: Sender address (phone number or short code), contact name, timestamp, message direction, thread ID, and read status;
  • Extracted financial data: For messages from recognized banking addresses only — transaction type, amounts, fees, balances, currency, and sender/receiver identifiers parsed from the message.

Important: In Permissive mode, all SMS messages on your device are synced, including personal messages. In Restrictive mode, messages from Ethiopian phone numbers (09/07/+251 prefixes) are excluded on-device and never transmitted. Regardless of mode, only messages from recognized banking addresses are processed for financial data extraction on our servers.

2.3 Device Information

When you connect a device, we collect:

  • A unique device identifier (UUID generated by the app, not your hardware ID);
  • Device name (as you label it);
  • The association timestamp.

2.4 Automatically Collected Information

When you access the web dashboard, we may collect:

  • IP address, browser type, and pages visited;
  • Device information (operating system, screen size);
  • Session cookies for authentication.

3. Privacy Modes — SMS Source Selection

You have control over which SMS messages leave your device. The Odit Android app provides two privacy modes that determine the scope of messages synced to our servers. You can select and change your mode in the app's Privacy Settings at any time.

3.1 Permissive Mode (default)

In Permissive mode, all SMS messages on your device are synced to our servers, regardless of the sender. This includes:

  • Messages from banking institutions and financial services;
  • Messages from Ethiopian phone numbers (personal contacts);
  • Messages from any other source (service notifications, etc.).

Why this mode exists: It ensures no banking messages are missed due to unusual sender formats. Only messages from recognized banking addresses are parsed for financial data; all other messages are stored but not processed.

Privacy consideration: In this mode, personal messages between you and other individuals are transmitted to and stored on our servers. While we do not process these messages for financial data, they are present in our systems.

3.2 Restrictive Mode

In Restrictive mode, messages from Ethiopian phone numbers are excluded from the sync entirely. Messages from senders matching the following patterns are filtered out on-device and never leave your phone:

  • Numbers starting with 09 or 07 (Ethiopian mobile prefixes);
  • Numbers starting with +251 (Ethiopia country code, including +25109 and +25107).

This means only messages from non-personal sources — such as bank short codes, service alerts, and institutional senders — are synced. Personal SMS conversations between Ethiopian phone numbers never reach our servers.

Trade-off: If a banking institution sends messages from a standard Ethiopian phone number rather than a short code, those messages will be excluded in Restrictive mode and will not appear in your dashboard.

3.3 Automatic Mode Enforcement

If your device contains more than 20,000 SMS messages, Restrictive mode is automatically enforced and Permissive mode is permanently disabled for that device. This safeguard prevents excessive data transmission and protects both your privacy and our server resources.

3.4 Changing Modes

You may switch between Permissive and Restrictive mode at any time from the app's Privacy Settings, subject to the automatic enforcement threshold described above. Changing your mode affects future syncs only; messages already synced to our servers are not retroactively deleted when switching to Restrictive mode.

4. How We Use Your Information

We use the information we collect to:

  • Parse and extract financial transaction data from your banking SMS;
  • Detect and categorize transactions, identify wallets, and track balances;
  • Provide the web dashboard, analytics, and financial insights;
  • Deduplicate messages across device resyncs and device changes;
  • Improve our SMS parsing patterns and accuracy;
  • Send technical notices, updates, and support messages;
  • Detect, prevent, and address technical issues and security incidents;
  • Comply with legal obligations.

5. Sharing of Your Information

5.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information or SMS data to third parties.

5.2 Third-Party Service Providers

We may share limited information with service providers who help us operate the Service (e.g. cloud hosting, error monitoring, analytics). These providers are contractually bound to use your data only for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal process (e.g. a court order or government agency request).

5.4 Business Transfers

If Odit is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

6. Data Security

We implement technical and organizational security measures to protect your data, including:

  • Encrypted data transmission (TLS) between your device and our servers;
  • Hashed and salted password storage;
  • Access controls and authentication on all API endpoints;
  • Rate limiting and abuse detection.

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your data for as long as your account is active. Specifically:

  • Account data: Retained until you delete your account;
  • SMS data (Permissive mode): All synced messages (including non-banking) and extracted financial data retained until you delete your account;
  • SMS data (Restrictive mode): Only non-personal messages (those not from 09/07/+251 numbers) and their extracted financial data are stored;
  • Session and log data: Retained for up to 90 days for security and debugging purposes.

When you delete your account, all associated data (messages, devices, extracted data, and personal information) is permanently deleted from our servers.

8. Your Privacy Rights

You have the right to:

  • Access: Request a copy of the personal and financial data we hold about you;
  • Correction: Request correction of inaccurate information;
  • Deletion: Request deletion of your account and all associated data;
  • Mode change: Switch between Permissive and Restrictive privacy modes in the Android app at any time (subject to the 20,000 message threshold);
  • Portability: Request export of your data in a standard format;
  • Withdraw consent: Stop using the Service and request account deletion at any time.

To exercise these rights, please contact us through our support channels.

9. Cookies and Tracking

We use session cookies for authentication and user preferences. We may use analytics tools to understand how the Service is used. You can configure your browser to refuse cookies, though some features of the Service may not function properly without them.

10. Third-Party Links

The Service may contain links to third-party websites. We have no control over and assume no responsibility for the content or privacy practices of those sites.

11. Children's Privacy

The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If you become aware that a child has provided us with personal information, please contact us.

12. International Data Transfers

Your information may be transferred to and stored on servers outside your country of residence. We take reasonable steps to ensure your data is treated securely and in accordance with this policy regardless of where it is processed.

13. Changes to This Privacy Policy

We may update this policy from time to time. When we make material changes, we will notify you through the Service and update the "Last updated" date. Material changes to how your SMS data is handled will require you to re-accept the updated policy before continuing to use the Service.

14. Contact Us

If you have any questions about this Privacy Policy, please contact us through our support channels.

← Back to Login