Banking Notification Consent
Optional banking / wallet notification access for preparing transaction suggestions.
Banking Notification Consent
| Data Controller | Mózer Ferenc (sole trader) |
| Registered address | 6044 Kecskemét, Hetény-Belsőnyír 268/2., Hungary |
| Tax number | 41905517-1-23 |
| Contact (privacy) | privacy@cashleticsapp.com |
| Effective date | 5 July 2026 |
| Version | v1.5 |
| Governing language | Hungarian (BH-001). In case of any discrepancy between the Hungarian and English versions, the Hungarian version shall prevail. |
cashleticsapp.com/legal.php · Public user-facing document GDPR-compliant
|
1. Scope of Access — What the App Reads and What It Does NOT
1.1 What Cashletics reads
The Cashletics application reads the text of push notifications sent by your banking or financial service provider to your device. Specifically, the app processes:
the text content of the push notification (e.g. "Purchase: HUF 3,500 at XYZ Store")
the timestamp of the notification
the sender application name (e.g. "OTP Mobilbank") for categorisation purposes
1.2 What Cashletics does NOT access
|
1.3 Technical mechanism
Cashletics uses the Android Notification Listener Service (NotificationListenerService) API, which enables the app to read the text of notifications displayed on your device's notification bar. This permission must be explicitly granted by you in your device settings and can be revoked at any time.
2. Legal Basis for Processing
The processing of banking notification data is based on your freely given, specific, informed and unambiguous consent, in accordance with:
Art. 6(1)(a) of the General Data Protection Regulation (EU) 2016/679 (GDPR) — consent as the legal basis for processing
Article 7 GDPR — conditions for consent (freely given, revocable at any time without detriment)
|
3. Personal Data Processed
| Data category | Details |
| Notification text | Content of the push notification as displayed on screen (e.g. merchant name, amount, currency) |
| Timestamp | Date and time the notification was received |
| Sender app name | The name of the banking app that sent the notification (for categorisation) |
| Parsed transaction data | Amount, currency, merchant name — extracted automatically from notification text |
| Consent record | Date, time and version of consent given — stored in Cloud Firestore for GDPR Article 7(1) accountability |
3.1 Data minimisation
Cashletics processes only the data necessary for automatic transaction categorisation. Raw notification texts are parsed locally on your device; only the extracted structured data (amount, currency, merchant) is stored in the cloud. Original notification texts are not transmitted to our servers.
3.2 Sensitive financial data — no storage of account details
The app is designed to exclude account numbers, card numbers, and authentication credentials from any processing or storage. If a notification text contains such data, it is filtered out at the parsing stage before any data leaves your device.
4. Data Storage and Retention
| Data | Storage / Retention |
| Parsed transaction records | Cloud Firestore (Google LLC, USA — EU-US DPF). Retained until account deletion or explicit user request. |
| Consent record | Cloud Firestore. Retained for 5 years from consent date for GDPR accountability. |
| Raw notification texts | Processed locally on device only. Not transmitted to servers. |
Cloud Firestore is operated by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Data transfer to the USA is based on the EU-US Data Privacy Framework (DPF). Google LLC is certified under the DPF. Further information: https://www.privacyshield.gov
5. Data Processors
| Processor | Purpose | Location | Transfer basis |
| Google LLC / Cloud Firestore | Cloud storage of parsed transaction and consent data | USA (EU-US DPF) | EU-US DPF |
6. Your Rights as a Data Subject
Under the GDPR, you have the following rights in relation to your banking notification data:
| Right | How to exercise |
| Right of access (Art. 15) | Email: privacy@cashleticsapp.com |
| Right to rectification (Art. 16) | Email: privacy@cashleticsapp.com |
| Right to erasure (Art. 17) | In-app: Settings → Delete account, or email: privacy@cashleticsapp.com |
| Right to data portability (Art. 20) | Email: privacy@cashleticsapp.com — response within 30 days |
| Right to withdraw consent (Art. 7(3)) | See Section 7 below — withdrawal does not affect prior lawful processing |
| Right to lodge a complaint | Hungarian NAIH: naih.hu | ugyfelszolgalat@naih.hu | +36 1 391 1400 |
7. How to Withdraw Consent
You may withdraw your consent to banking notification processing at any time, without providing any reason, and without suffering any disadvantage. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.
7.1 Withdrawing the device-level permission
Step 1: Open your Android device Settings.
Step 2: Navigate to Apps → Special app access → Notification access.
Step 3: Find Cashletics and toggle the permission off.
7.2 Withdrawing via the app
Open the Cashletics app → Settings → Banking notifications → Disable notification reading.
7.3 Effect of withdrawal
Upon withdrawal, the app will immediately cease reading banking notifications. Previously imported and categorised transactions stored in your account will not be automatically deleted — you may request their deletion separately by emailing privacy@cashleticsapp.com or by deleting your account.
|
8. Google Play Store Financial Data Policy Compliance
This consent statement has been prepared in accordance with Google Play's Financial Data policy and the Data Safety section requirements for applications that access financial or payment-related data.
| Play Store requirement | Cashletics compliance |
| Prominent disclosure before permission request | ✓ In-app consent dialog displayed before first notification access (see HJ-001-EN) |
| Explicit consent required | ✓ User must actively grant Android notification permission + confirm in-app toggle |
| No sharing with third parties for advertising | ✓ Financial notification data is not shared with AdMob or any advertiser |
| Data Safety form disclosure | ✓ Declared under "Financial info → Other financial info" in Play Console Data Safety |
| Revocable permission | ✓ Revocable at device level and in-app at any time |
9. Contact and Data Controller Identity
| Data Controller | Mózer Ferenc (sole trader) |
| Registered address | 6044 Kecskemét, Hetény-Belsőnyír 268/2., Hungary |
| Tax number | 41905517-1-23 |
| Privacy enquiries | privacy@cashleticsapp.com |
| General support | support@cashleticsapp.com |
| Phone | +36 30 728 4422 |
| Website | cashleticsapp.com/legal.php |
| Privacy Policy | cashleticsapp.com/legal.php?lang=en |
Next review: 5 July 2027.