Our Commitment to Privacy

RakshaLink is built on a foundation of privacy. We believe protecting you from scams shouldn't come at the cost of your privacy. That's why we've designed our app to work entirely on your device.

πŸ”’ Core Privacy Principle

Scam detection happens on your device by default. We don't upload message content. Optional diagnostics are off by default.

Information We Don't Collect

Unlike other security apps, RakshaLink does NOT collect:

  • ❌ Message content from WhatsApp, SMS, or any other app
  • ❌ Your contact list or phone numbers
  • ❌ Personal identifiers like name, email, or phone number
  • ❌ Location data or GPS coordinates
  • ❌ Browsing history or app usage patterns (Usage Access only checks current foreground app)
  • ❌ Photos, videos, or media files
  • ❌ OTP codes or passwords
  • ❌ Financial information uploaded to our servers

Note: If you enable the optional Spending Tracker, transaction amounts, merchant names, and UPI IDs are processed and stored locally on your device only. This data is never transmitted to RakshaLink servers and is auto-deleted after 30 days. You may withdraw consent anytime by disabling the Spending Tracker in Settings.

App Permissions Explained

RakshaLink requires minimal permissions to function:

Permission Why We Need It What We Access
Notification Access To scan incoming message previews for scam detection Only notification text, processed locally
Camera (Optional) For QR code scanning feature QR code data only, analyzed on-device
Usage Access (Optional) For Screen Share Protection - detects when banking apps are open while screen sharing Only checks foreground app, no history stored or transmitted
Display Over Apps (Optional) To show security warnings when screen sharing is detected with banking apps Only displays warning overlay, no data collected
Internet (Optional) To download ML model updates and report scams to authorities No personal data is transmitted

How We Process Data

On-Device Processing

When you receive a notification:

  1. RakshaLink reads the notification preview text
  2. Our on-device AI model analyzes it for scam patterns
  3. Risk assessment is displayed to you
  4. The raw notification text is discarded after analysis

Spending Tracker (Optional)

If you explicitly enable the Spending Tracker in Settings, RakshaLink also:

  1. Identifies bank/UPI transaction notifications (using verified sender detection)
  2. Extracts structured fields: amount, merchant name, category, last 4 digits of account, UPI ID, bank name
  3. Stores these fields locally in an encrypted database (AES-256)
  4. Auto-deletes all spending data after 30 days

This feature uses the existing Notification Access permission to read bank/UPI notifications. No additional permissions are required.

What the Spending Tracker does NOT store

  • ❌ Raw notification or message text
  • ❌ Full account or card numbers (only last 4 digits)
  • ❌ OTP codes or passwords
  • ❌ Available balance information

Spending data never leaves your device. It is not included in analytics, crash reports, or any optional sharing. RakshaLink never builds financial profiles or behavioral tracking. Disabling the Spending Tracker immediately deletes all stored spending data.

Screen Share Protection (Optional)

If you enable Screen Share Protection in Settings, RakshaLink uses two additional permissions:

  1. Display Over Apps: Shows security warnings when screen sharing is detected with banking apps
  2. Usage Access: Detects which app is currently in the foreground (current app only)

Privacy guarantee

We only check the current foreground app. We do NOT track app usage history, time spent in apps, or upload any app data. All detection happens on-device in real-time and is immediately discarded.

Family Protection (Optional)

If you choose to set up a family group, RakshaLink stores limited information on our backend (Google Cloud, India region) to enable family scam alerts and emergency contact features:

  1. Group membership: A group ID and your chosen display name (e.g., "Mom", "Dad")
  2. Phone number (Family Pro only, with explicit consent): The coordinator's phone number is stored encrypted at rest using AES-256, so the app can show "Call Mom" as a one-tap action when a family member's device blocks a high-risk scam
  3. Alert metadata: When a scam is blocked, the alert type (e.g., "UPI fraud") is shared with your family β€” message content is NEVER shared

What we never share with family

  • The actual scam message text
  • Sender names or phone numbers
  • Money amounts or account information
  • Anything from your scan history beyond the alert category

Phone number handling (Family Pro)

We store phone numbers securely (AES-256 encryption at rest, key managed via Google Secret Manager) to enable family scam alerts and emergency calls. Phone numbers are:

  • Stored only with your explicit consent (a separate consent prompt before storage)
  • Never shared with third parties or sold
  • Used only for the Family Protection "Call" action β€” sent via secure FCM push only to your verified Pro coordinator's device
  • Masked in the app UI ("+91 ***** 1234"), never shown in full
  • Automatically deleted when you leave your last family group (via Settings β†’ Family Protection β†’ Leave group), or when the coordinator transfers the role to another member

Right to delete

You can delete all your Family Protection data at any time by leaving the family group from Settings β†’ Family Protection β†’ Leave group. If you are not part of any other family group, your phone number and contact data are deleted from our backend immediately. For step-by-step instructions covering every data category (Family group, phone number, Pro subscription, scan history), see our Data Deletion guide.

Family backend data retention

Family Protection data is held in our backend (Google Cloud, India region) for the life of your family group:

  • Group membership and display names: Retained while you remain in the group. Removed immediately when you leave (and orphan member contact records are swept during daily housekeeping).
  • Scam-alert delivery audit log: Pseudonymous records of family alerts sent (severity, scam category, recipient count, timestamp) are retained for 14 days for delivery-issue debugging, then automatically deleted by a daily cleanup job. The original message content is never stored.
  • Family tip rate-limit logs: Retained for 24 hours and automatically deleted.
  • Encrypted coordinator phone: Retained while the coordinator role is active. Cleared immediately when the role is transferred or when the coordinator leaves the group.

Data Retention

All data is stored locally on your device with automatic deletion:

Data Type Purpose Retention Stored Where
Scan history (risk results) Review past scam detections 30 days On-device only (encrypted)
Spending records Weekly spending overview 30 days On-device only (encrypted)
App settings & preferences User configuration Until uninstall On-device only
  • You can clear all data anytime in Settings β†’ Privacy β†’ Clear history
  • Disabling the Spending Tracker immediately deletes all spending data
  • Uninstalling the app removes all data permanently

Analytics & Telemetry

By default, RakshaLink sends no analytics. If you opt in, we collect anonymous counters:

What's Shared (Only if you opt-in)

  • βœ“ Rule hit rates and detection patterns
  • βœ“ Device model and app version
  • βœ“ Feature usage statistics
  • βœ“ Crash reports (no message content)

We never collect message content, contacts, phone numbers, or OTPs.

You can opt-out anytime in Settings β†’ Privacy.

DPDP Act 2023 Compliance

RakshaLink is designed to align with India's Digital Personal Data Protection Act, 2023:

Legal Basis for Processing

We process data based on your explicit consent, which you can withdraw anytime.

Data Fiduciary Details

Data Fiduciary: Mohan Gangahanumaiah
Registered Address: Bangalore, Karnataka, India
Contact: support@rakshalink.in

Your Rights Under DPDP Act

You have the following rights regarding your data:

βœ“ Right to Access
βœ“ Right to Correction
βœ“ Right to Erasure
βœ“ Right to Grievance Redressal
βœ“ Right to Nomination
βœ“ Right to Data Portability

To exercise any of these rights, contact us at support@rakshalink.in

Children's Privacy

In accordance with DPDP Act 2023, we define children as individuals below 18 years of age.

  • RakshaLink does not knowingly collect data from children
  • Parental consent is required for users under 18
  • Parents can request data deletion for their children

Security Measures

We implement industry-standard security measures:

  • πŸ” All on-device data is encrypted
  • πŸ›‘οΈ No cloud storage of personal information
  • πŸ”’ Secure communication for model updates
  • 🚫 No third-party data sharing

Third-Party Services

We don't use third-party ad SDKs. Google Play Services is used for device integrity checks, and ML Kit runs on-device for QR scanning. These services don't have access to your message content.

Contact Information

Grievance Officer

Name: Mohan Gangahanumaiah
Email: support@rakshalink.in
Response Time: Within 48 hours
Resolution Time: Within 30 days

For any privacy concerns or questions about this policy, please contact us. We're committed to addressing your concerns promptly.

Updates to This Policy

Last Updated: February 2026 (v1.14.0 - Spending Tracker)

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We'll notify you of significant changes through the app.