Legal

SMS Permission Policy

Spenlio asks for one sensitive permission — reading SMS — because bank messages are the entire product. Here is precisely what that permission is used for, and what it is never used for.

Updated July 2026

The permission, in one paragraph

Spenlio reads bank and card messages on this device to build your budget. Reading never uploads them, personal conversations are never touched, and sharing for learning is a separate opt-in choice. This is the same wording shown before Android's permission dialog in the app — the promise there and the promise here are the same one.

Why SMS access is required

In much of the world, banks confirm every transaction with an SMS. Those messages are the only complete, automatic record of your financial activity that you already own. Spenlio's one job — turning them into a ledger of transactions, accounts, cards, and insights — is what Google Play calls SMS-based money management, and it cannot work without reading the inbox.

What reading means

  • Messages are read and parsed on this device. Reading never uploads your messages.
  • Spenlio looks for institutional senders — banks, card issuers, financial services.
  • Messages that aren't financial — one-time passwords, security alerts, promotions — are recognized and set aside, not counted as money movement.
  • The ledger built from your messages is stored only on your phone.

What is excluded, always

Any sender that is a phone number is treated as a person. Personal conversations are never uploaded, never included in server lookups, and never used for learning — no matter how many messages there are. This exclusion is built into every network path in the app, not just promised in policy.

Reading vs. sharing

Reading is on-device and required for the app to function. Sharing is different and optional: if you choose to help Spenlio learn formats it can't read yet, unread institutional messages can be sent to Spenlio's servers under the conditions described in the Data & AI Learning Policy. Sharing is off until you turn it on, gated behind its own consent screen, and never a condition for using the app.

Revoking access

You can revoke SMS access at any time in Android Settings → Apps → Spenlio → Permissions. Revoking stops all reading immediately; the ledger you've already built stays on your phone and remains usable.

Google Play declaration

Spenlio declares the SMS permission to Google Play under the permitted "SMS-based money management" use case, and this page is part of that public commitment. If app behavior around SMS ever changes materially, this policy and the in-app disclosure change with it — and material changes to sharing re-ask for consent.

Questions?

Anything about this policy or your data: contact Spenlio.