Your privacy,
taken seriously.
Overview
This Privacy Policy describes how Vitta ("we", "us", or "our"), a personal finance application developed by Rishh (rishh.com), collects, uses, and protects information when you use our mobile application and related services.
By using Vitta, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, please discontinue use of the application.
Data We Collect
We collect data in two ways: information you provide directly, and information generated automatically through your use of the app.
Account Information
When you sign in with Google, we receive and store:
| Field | Source | Purpose |
|---|---|---|
| Name | Google account | Display in app, group member identification |
| Email address | Google account | Account identification, notifications |
| Profile photo URL | Google account | Display in app and group screens |
| Google User ID | Google OAuth | Unique account identifier (never shown to other users) |
Financial Data You Enter
- Expense records — description, amount, category, date
- Income and savings goals
- Group expense splits and member contributions
- Custom expense categories you create
- Monthly budget settings
Automatically Collected Data
- Account creation and last-update timestamps
- App subscription plan (free or plus)
- SMS consent status and the date consent was given or revoked
- Category usage patterns — used locally to improve auto-categorisation accuracy for you specifically
How We Use Your Data
We use the data we collect exclusively to provide, maintain, and improve Vitta. Specifically:
| Purpose | Legal Basis |
|---|---|
| Storing and displaying your expense history | Contract |
| Enabling group expense splitting and settlements | Contract |
| Auto-categorising expenses using AI/ML | Legitimate interest |
| Sending account-related emails (e.g. account deletion links) | Contract |
| Personalising category suggestions based on your history | Legitimate interest |
| Enforcing subscription plan limits | Contract |
We do not use your data for advertising, profiling for third parties, training public AI models, or any purpose beyond operating Vitta for you.
SMS & Transaction Data
Vitta can optionally read transaction-related SMS messages on your device to automatically detect expenses (e.g. bank debit alerts). This feature is entirely opt-in and requires your explicit consent before activation.
How SMS processing works
- SMS reading happens entirely on your device — raw SMS text is never uploaded to our servers
- Only the extracted data (merchant name, amount, bank name, account suffix) is stored if you approve the transaction
- A confidence score is computed locally to determine whether a message is expense-related
- Low-confidence messages are shown to you for manual review before anything is saved
- You can approve or reject each detected transaction individually, or in bulk
Revoking SMS consent
You can revoke SMS access at any time in the app's Settings screen, or by revoking the permission in your device's system settings. Revoking consent stops all future SMS processing. Previously approved expenses already saved to your account are not automatically deleted but can be removed manually.
Data Storage & Security
Your data is stored in Google Cloud Firestore in the asia-south1 (Mumbai) region. Google Firebase provides encryption at rest using AES-256 and encryption in transit using TLS 1.2+.
Access controls
- Firestore security rules ensure that each user can only read and write their own data
- Group data is accessible only to verified group members
- No Vitta employee or administrator can access your expense data in plaintext
- Firebase Authentication handles all session management — we never store passwords
Your responsibility
You are responsible for maintaining the security of your Google account, which is used to access Vitta. We recommend enabling two-factor authentication on your Google account.
Data Retention
We retain your data for as long as your account is active. If you delete your account, all data associated with it — including your profile, expenses, categories, groups, savings records, and settings — is permanently and irrecoverably deleted from our systems.
You can initiate account deletion at any time by visiting rishh.com/account-deletion.
Your Rights
You have the following rights with respect to your personal data:
To exercise any of these rights, contact us at hello@rishh.com. We will respond within 30 days. For account deletion specifically, you can use our self-service tool at rishh.com/account-deletion.
Children's Privacy
Vitta is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at hello@rishh.com and we will delete the information promptly.
Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email to the address associated with your account, and update the "Last updated" date at the top of this page.
Continued use of Vitta after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please reach out — we're happy to help.
🔒 Privacy enquiries
Email: hello@rishh.com
Response time: Within 30 days
Data deletion: rishh.com/account-deletion
Website: rishh.com