Skip to content

Legal

Ruka Privacy Policy

Last updated: May 2026 · Version 2.0

In short: Your financial data is yours. We do not sell it, share it for advertising, or use it to train AI models. Receipt images and voice recordings are processed transiently and deleted immediately.

1. Introduction & Who We Are

Ruka ("we", "our", "us") is a mobile expense tracking application developed and operated by Night Jar Studios, a solo-founder software studio based in India. Ruka is designed for independent professionals — contractors, freelancers, interior designers, and small business owners — who need a fast, offline-capable way to track business expenses and export tax-ready reports.

This Privacy Policy explains what personal information we collect when you use the Ruka Android app ("App"), why we collect it, how it is protected, and the choices and rights you have regarding your data.

By installing or using the App you agree to this policy. If you disagree with any part of it, please do not use the App.

Our core privacy commitment: Your financial data is yours. We do not sell it, share it for advertising purposes, or use it to train AI models. Receipt images and voice recordings are processed transiently and deleted immediately — they are never stored on our servers beyond the seconds required to analyse them.

2. Scope of This Policy

This policy applies to:

  • The Ruka Android app (package: com.nightjarstudios.ruka)
  • The Firebase Hosting pages at bosys-bd6f9.web.app (invite acceptance page, legal pages)
  • All Cloud Functions that process data on behalf of the App (receipt OCR, voice transcription, subscription billing webhooks, team invitations)

It does not apply to third-party services linked from the App. Please review the privacy policies of those services separately (listed in Section 12).

3. Information We Collect

3.1 Account & Identity Data

  • Phone number — collected when you sign in via Firebase Phone Authentication (OTP). Used solely to create and identify your account. We do not collect your name or email address unless you choose to provide them in Settings.
  • Display name & business name — optional fields you may enter in Settings. Used to personalise exports (PDF headers) and to identify you to your team members in shared projects. Synced to Firebase Firestore as part of your account settings.

3.2 Expense & Financial Data

  • Expense records — amounts, merchant names, dates, times, payment methods, notes, tags, project assignments, line items, tax amounts, and discount amounts — whatever you enter manually, by voice, or by scanning a receipt. This is the core data of the App.
  • Projects — project names, colours, budgets, and team membership you create to organise expenses.
  • Custom tags — tag labels and colours you define in Settings.
  • App settings — currency preference, theme, notification preference, budget limit, biometric lock toggle. Synced to Firestore so settings restore after reinstall or on a new device.

All expense data is stored primarily on your device using an encrypted SQLite database. Firestore cloud sync is automatic once you are signed in and is used for backup and multi-device access.

3.3 Receipt Images

  • When you scan a receipt, the image is temporarily uploaded to Firebase Storage in the asia-south1 (Mumbai) region solely for OCR processing by Google Vertex AI (Gemini 2.5 Flash).
  • The image is permanently deleted from our servers immediately after processing — typically within 10–30 seconds. If a Cloud Function error occurs, the deletion is retried; images are never retained beyond the function’s 120-second timeout.
  • A copy of the image may optionally be saved on your device only (in the app’s private storage directory) so you can view it later in the expense detail sheet. This local copy never leaves your device unless you explicitly share or export it.
  • If you are offline when scanning, the image is stored locally in a pending queue and uploaded only when connectivity is restored. The pending image is deleted from local storage after successful processing.

3.4 Voice Recordings

  • Free users & English voice input: Audio is captured on-device and processed entirely on-device using Android’s Speech Recognition API. Audio is never transmitted to our servers.
  • Pro subscribers using regional language voice input (Hindi, Telugu, Tamil, Marathi, Kannada, Bengali, Gujarati, Malayalam, and other supported languages): Audio is recorded in M4A format (22 050 Hz mono) and securely transmitted over TLS to our Cloud Function (processVoiceCallable) in asia-south1, which passes it inline to Google Vertex AI (Gemini 2.5 Flash) for transcription and expense field extraction. The audio is processed in a single API call and immediately discarded — it is not stored on our servers at any point.
  • Voice recordings are never used to train AI models on our behalf. Google’s data handling for Vertex AI Gemini is governed by Google’s Cloud Data Processing Addendum.

3.5 Team & Collaboration Data

  • If you use the Teams feature (Pro), Firestore stores: team membership records (phone UID + role), team project metadata, and team expense records synced by all members.
  • Your display name (if set) is visible to other members of your team projects. Your phone number is never exposed to other team members.
  • Invite links are single-use and contain only an opaque invite token. No personal data is embedded in the link itself.

3.6 Subscription & Billing Data

  • Subscription purchases are processed entirely by the Google Play Store. We do not collect or store your payment card details.
  • RevenueCat (our subscription management platform) provides us with anonymised purchase events: product ID, transaction timestamp, price in USD, and country code. This is used only to determine your subscription status (free vs. Pro) and to track aggregate revenue.
  • Your Firebase UID is used as the RevenueCat customer identifier so we can link your entitlement to your account.

3.7 Device & Usage Data

  • Firebase Crashlytics — collects anonymised crash reports including stack traces, device model, OS version, and app version. Does not collect personal financial data.
  • Firebase Analytics — collects basic engagement signals (sessions, screen views) and the Android Advertising ID (GAID). We do not use custom event tracking for individual user financial behaviour. See Section 11 for advertising ID details.
  • Scan counter — a count of lifetime receipt scans is stored both on-device and in Firestore (keyed to your UID) to enforce the free-tier scan limit. This is a single integer — not the actual scan content.
  • Play Store install referrer — if you install via a team invite link, the Android Play Install Referrer API reads the referral token from the Play Store to automatically pre-populate the invite acceptance flow. This token is not shared externally and is discarded after use.

4. How We Use Your Information

We use your information as follows (purpose — data used — legal basis under GDPR):

  • Account authentication — Phone number, Firebase UID — Contract performance
  • Core app functionality (storing, displaying, and syncing your expense records) — All expense & financial data — Contract performance
  • Receipt OCR (extracting expense fields from a receipt photo) — Receipt image (transient), extracted fields — Contract performance
  • Voice expense entry (transcribing and parsing a spoken expense) — Voice recording (transient, Pro regional only) — Contract performance
  • PDF & CSV export (generating tax-ready reports) — Expense data, display name, business name — Contract performance
  • Team collaboration (sharing project expenses with invited members) — Display name, expense records, team membership — Contract performance / Legitimate interest
  • Subscription management (verifying Pro entitlement) — RevenueCat purchase events, Firebase UID — Contract performance
  • Daily reminders (optional push notifications at 9 PM to log expenses) — Notification permission (no personal data) — Consent
  • App stability (diagnosing crashes and errors) — Anonymised crash reports (Crashlytics) — Legitimate interest
  • Aggregate analytics (understanding how the app is used to improve it) — Anonymised usage events (Firebase Analytics) — Legitimate interest
  • Security & fraud prevention (free scan limit enforcement) — Scan counter (integer), Firebase UID — Legitimate interest

We do not use your data for: targeted advertising, selling to data brokers, training AI models, or any purpose not listed above.

5. How We Share Your Information

We do not sell, rent, or trade your personal data. We share data only in these limited circumstances:

5.1 Service Providers (Sub-processors)

We share data with the following vendors who process it on our behalf:

  • Google Firebase (Google LLC) — authentication, cloud database (Firestore), file storage, analytics, crash reporting. Data processed in US and India data centres.
  • Google Vertex AI / Gemini (Google LLC) — receipt image OCR and Pro regional voice transcription. Data processed transiently; not retained by Google for model training under Google’s Cloud Data Processing Addendum.
  • RevenueCat Inc. — subscription lifecycle management. Receives your Firebase UID and anonymised purchase event data from Google Play.

All sub-processors are contractually bound to process data only as instructed and to implement appropriate security measures.

5.2 Team Members

When you create or join a shared project, your display name (if set) and the expenses you log to that project are visible to other members of that project. You control which projects are shared and who is invited.

5.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Night Jar Studios, our users, or the public.

5.4 Business Transfers

If Night Jar Studios is acquired or merges with another entity, your data may be transferred as part of that transaction. We will notify you via in-app notice before your data is transferred and becomes subject to a different privacy policy.

6. Data Storage & Security

6.1 Local Storage

Your expense records are stored in an SQLite database in your device’s private app storage, accessible only to the Ruka app. This data is protected by Android’s application sandboxing. On devices with Android 10+ and file-based encryption enabled (the default), the database is encrypted at rest by the operating system.

6.2 Cloud Storage (Firebase Firestore)

Data synced to Firestore is encrypted in transit using TLS 1.2+ and encrypted at rest by Google using AES-256. Firebase infrastructure is certified under ISO 27001, SOC 1, SOC 2, and SOC 3. Access to your Firestore data is governed by security rules that restrict reads and writes to your own authenticated Firebase UID. Other users (including team members) can only access data in shared team project documents that you have explicitly participated in.

6.3 Receipt Image Handling

Receipt images are uploaded to Firebase Storage under a path keyed to your UID and a random UUID. Firebase Storage security rules restrict access to authenticated users. Images are deleted by our Cloud Function immediately after OCR completes — no human at Night Jar Studios ever views them.

6.4 Voice Data Handling

For Pro regional language voice, audio is transmitted directly from your device to our Cloud Function over HTTPS (TLS). It is passed in-memory to the Vertex AI API and is not written to any persistent storage at any point during the process.

6.5 Biometric Lock

If you enable biometric lock in Settings, the app requires fingerprint or face authentication whenever it resumes from background. This is enforced using Android’s BiometricPrompt API. Biometric data is managed entirely by your device’s secure hardware — Ruka never accesses or stores your biometric data.

6.6 Security Limitations

No system is perfectly secure. While we apply industry-standard protections, we cannot guarantee absolute security of data transmitted over the internet or stored on your device. You are responsible for keeping your device secure and not sharing access with others.

7. International Data Transfers

Ruka is available worldwide. Our Cloud Functions and Firebase backend are deployed in asia-south1 (Mumbai, India). However, some Google infrastructure components (including Firebase Authentication and certain Firestore operations) may route through US-based data centres operated by Google LLC.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, any transfer of your personal data outside those regions to the United States or India is conducted under:

  • Google’s Standard Contractual Clauses (SCCs) incorporated into Google Cloud’s Data Processing Addendum
  • RevenueCat’s Data Processing Agreement with applicable SCCs

These legal mechanisms provide equivalent protections to those required under GDPR and UK GDPR.

If you are located in India, data storage and processing in the Mumbai region keeps your data within India to the extent technically feasible. See Section 13 for DPDP Act details.

8. Data Retention

Retention periods by data type:

  • Expense records (Firestore) — Until you delete individual records or delete your account
  • Expense records (local device) — Until you uninstall the App or clear app data
  • Receipt images (Firebase Storage) — Deleted within 30–120 seconds of upload (immediately after OCR)
  • Receipt images (local device) — Retained locally until you delete the expense or uninstall the App
  • Voice recordings — Never persisted; processed in-memory only (seconds)
  • Account & settings (Firestore) — Until account deletion; erased within 30 days of deletion request
  • Pending scans queue (local) — Deleted after successful OCR processing
  • Scan counter (Firestore) — Until account deletion
  • Team data (Firestore) — Until team owner deletes the project, or you leave the team
  • RevenueCat subscription events — Retained by RevenueCat per their policy; aggregate revenue data retained indefinitely in our Firestore admin collection
  • Crash reports (Crashlytics) — 90 days (Firebase default)
  • Analytics data (Firebase Analytics) — Up to 14 months (Firebase default)

Account Deletion

You can delete your account at any time from Settings → Account → Delete Account. This action:

  • Deletes your Firebase Authentication record immediately
  • Deletes all your Firestore data (expenses, settings, team memberships) within 30 days
  • Deletes all pending receipt images from local storage
  • Clears all app preferences from your device

Local SQLite data is not automatically deleted — uninstalling the App clears it. Anonymised analytics and crash reports may persist in aggregate form per Firebase’s retention policy.

9. Your Rights & Choices

9.1 Access & Portability

Pro subscribers can export their expense data at any time in PDF or CSV format via the Reports screen. All users, including free users, can request a copy of their raw expense data in a structured, machine-readable format by contacting us at ruka.feedback@gmail.com. This is your right to data portability.

9.2 Correction

You can edit any expense record, your display name, or your business name directly within the App at any time.

9.3 Deletion

Delete individual expenses within the App. Delete your entire account via Settings → Delete Account. For account deletion requests you cannot complete yourself, email us and we will action it within 30 days.

9.4 Notification Preferences

You can enable or disable daily expense reminders at any time from Settings → Notifications. You can also revoke notification permission in Android Settings → Apps → Ruka → Notifications.

9.5 Advertising ID

You can reset or opt out of personalised ads (which resets or limits the advertising ID) in your Android device settings. See Section 11 for details.

9.6 Biometric Lock

You can enable or disable the biometric app lock from Settings. Disabling it requires biometric authentication to confirm.

9.7 Withdrawing Consent

Where processing is based on consent (e.g., notifications), you can withdraw consent at any time without affecting the lawfulness of prior processing.

9.8 Complaints

If you believe we have not handled your data appropriately, please contact us first. EU/EEA residents may also lodge a complaint with their local data protection authority. UK residents may contact the ICO (ico.org.uk). Indian residents may contact the Data Protection Board of India once operational.

10. Children's Privacy

Ruka is a business finance tool intended for adults. We do not knowingly collect personal information from children under the age of 13 (or 16 in the EEA).

If you are a parent or guardian and believe your child has created an account or provided us with personal data, please contact us immediately at ruka.feedback@gmail.com. We will delete the data promptly upon verification.

11. Advertising ID & Analytics

The Ruka App does not display advertisements. However, Firebase Analytics uses the Android Advertising ID (GAID) for attribution and analytics purposes — for example, to understand which sources drive installs.

This is disclosed in the Google Play Data Safety section under "Device or other IDs".

How to limit advertising ID usage:

  • Android 12+: Go to Settings → Privacy → Ads → Delete advertising ID. This replaces your GAID with a string of zeros, effectively opting out.
  • Android 10–11: Go to Settings → Privacy → Ads → Opt out of Ads Personalisation.

Firebase Crashlytics collects anonymised crash reports. It does not collect financial data, receipt content, or personally identifiable expense information.

12. Third-Party Services

The App integrates with the following third-party services. Each is governed by its own privacy policy. We encourage you to review them (service — purpose — data shared — privacy policy):

  • Google Firebase Auth — Phone OTP sign-in — Phone number — firebase.google.com/support/privacy
  • Google Firestore — Cloud database (expense sync) — Expense records, settings — cloud.google.com/privacy
  • Google Firebase Storage — Transient receipt image upload — Receipt images (deleted after OCR) — firebase.google.com/support/privacy
  • Google Vertex AI (Gemini 2.5 Flash) — Receipt OCR, Pro voice transcription — Receipt images (transient), voice audio (Pro regional, transient) — cloud.google.com/vertex-ai/docs/generative-ai/data-governance
  • Firebase Analytics — Usage analytics — Advertising ID, session data — firebase.google.com/support/privacy
  • Firebase Crashlytics — Crash reporting — Device info, stack traces (anonymised) — firebase.google.com/support/privacy
  • RevenueCat — Subscription management — Firebase UID, purchase events — revenuecat.com/privacy
  • Google Play Billing — Payment processing — Handled entirely by Google Play — policies.google.com/privacy
  • Android Speech Recognition (on-device) — Voice entry (free / English) — Audio processed on-device; subject to your Google account settings — policies.google.com/privacy
  • Play Install Referrer — Team invite deep linking — Referral token only (no personal data) — policies.google.com/privacy

We are not responsible for the privacy practices of these third-party services and cannot control how they handle data they receive independently of our instructions.

13. India — Digital Personal Data Protection Act 2023 (DPDP Act)

Ruka is developed in India and primarily serves Indian users. We are committed to compliance with the Digital Personal Data Protection Act 2023 (DPDP Act) and its forthcoming Rules.

As a Data Fiduciary, we:

  • Collect data with a clear purpose — every data point collected is described in Section 3 and used only for the purpose stated.
  • Provide notice — this policy is accessible in the App before or at the time of data collection.
  • Give you rights — you have the right to access, correct, and erase your personal data as described in Section 9.
  • Appoint a grievance officer — for data-related complaints, contact ruka.feedback@gmail.com. Complaints will be acknowledged within 48 hours and resolved within 30 days.
  • Localise data where possible — our Cloud Functions and primary Firestore instance are in the asia-south1 (Mumbai) region.
  • Do not process children’s data — the App is not intended for users under 18 without verifiable parental consent. We do not knowingly collect data from minors.

We will update this section as the DPDP Rules are notified and as we adapt our practices accordingly.

14. European & UK Residents (GDPR / UK GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, the following additional information applies.

Data Controller

Night Jar Studios (Vivek Putta) is the data controller for personal data processed through the App. Contact: ruka.feedback@gmail.com.

Legal Bases for Processing

We process your personal data under the following legal bases (Article 6 GDPR):

  • Contract performance (Art. 6(1)(b)) — to provide the App’s core features
  • Legitimate interest (Art. 6(1)(f)) — for analytics, crash reporting, and security
  • Consent (Art. 6(1)(a)) — for optional notifications (withdrawable at any time)

Your GDPR Rights

You have the right to: access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), portability (Art. 20), object (Art. 21), and withdraw consent (Art. 7(3)) at any time without affecting prior processing.

To exercise these rights, email ruka.feedback@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority (e.g., CNIL in France, BfDI in Germany, ICO in the UK). See Section 7 for transfer mechanisms used when your data is processed outside the EEA/UK.

15. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) grants you additional rights.

Categories of Personal Information Collected

  • Identifiers (phone number, Firebase UID)
  • Financial information (expense records you enter)
  • Audio information (voice recordings, Pro regional only, transient)
  • Device identifiers (advertising ID)
  • Usage data (analytics events, crash reports)

Your California Rights

  • Right to Know — what categories of personal information we collect, use, and disclose
  • Right to Delete — request deletion of your personal information
  • Right to Correct — request correction of inaccurate personal information
  • Right to Opt Out of Sale/Sharing — we do not sell or share personal information for cross-context behavioural advertising
  • Right to Limit Use of Sensitive Personal Information — we use sensitive data (financial records) only as necessary to provide the App
  • Right to Non-Discrimination — we will not discriminate against you for exercising these rights

To submit a CCPA/CPRA request, email ruka.feedback@gmail.com with the subject line "California Privacy Request". We will respond within 45 days.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in the App’s features, applicable law, or our data practices. The "Last updated" date at the top of this page will always reflect the most recent revision.

For material changes that affect your rights or the way we handle your data, we will notify you through an in-app notice at least 14 days before the changes take effect. Continued use of the App after that date constitutes acceptance of the revised policy.

We recommend reviewing this policy periodically. Previous versions are available upon request.

17. Contact Us

For privacy questions, data access or deletion requests, or concerns about how we handle your data, please contact: Night Jar Studios, Privacy & Data Protection, Email: ruka.feedback@gmail.com.

We aim to acknowledge all enquiries within 48 hours and resolve them within 30 days. For GDPR-related requests the deadline is 30 days (extendable to 90 days for complex requests). For CCPA requests the deadline is 45 days.

EU/EEA residents: you also have the right to lodge a complaint with your local data protection supervisory authority. UK residents: you may contact the Information Commissioner’s Office at ico.org.uk. Indian residents: you may contact the Data Protection Board of India once operational.

Privacy questions? Email ruka.feedback@gmail.com.

← All privacy policies