Privacy Policy
Effective & last updated: May 2026
Welcome to FundNest. This Privacy Policy explains what information we collect,
how we use it, and the choices you have. It applies to the Android app and any related services
operated by Black & White Studio ("we", "us", "our").
Privacy in one line. Your members, ledger and loan data live on your device,
encrypted with SQLCipher. Google Drive backups are AES-256 encrypted before upload to
your own Drive — we cannot access them. Firebase is used only for crash reporting,
analytics and remote configuration.
1. Who we are
FundNest is developed by Black & White Studio, a software company based in Dhaka, Bangladesh. Contact: info@blacknwhitestudio.com · +880 1945 936934.
2. Information we collect
Information you provide
- Google account info — name, email and profile photo for sign-in.
- Organization & member data — your Somiti name, members' names, photos, NID, contacts, savings, loans, withdrawals and ledger entries.
- Documents — any photos or files you attach to members or transactions.
- Subscription — handled by Google Play; we receive only purchase confirmation.
Information collected automatically
- Crash reports — anonymised stack traces via Firebase Crashlytics. No member or ledger data is included.
- Analytics events — anonymised feature-usage events via Firebase Analytics.
- Remote Config — feature flags and limits, no personal data sent.
3. How we use information
- To operate the Somiti management features (members, installments, loans, withdrawals, ledger).
- To authenticate you via Google Sign-In.
- To send local notifications for dues, meetings and backup status.
- To diagnose crashes and improve stability.
- To gate Free vs Pro features based on your Google Play subscription.
We do not use your financial or member data for advertising or profiling.
4. Local-first storage
All member, ledger, loan, installment, withdrawal, expense and meeting data is stored exclusively in a local Room database on your device, encrypted with SQLCipher. The encryption key is derived from the Android Keystore. Without an explicit Drive backup, this data never leaves your phone.
5. Encrypted Drive backup
When you enable Drive backup, FundNest writes an AES-256 encrypted backup file to a private app folder in your own Google Drive account, using the drive.appdata scope.
- We do not access, read or store your backup on our servers.
- You may revoke Drive access any time via Google account settings.
- Deleting the app does not auto-delete the Drive backup — do that manually if you wish.
6. Firebase services
FundNest uses:
- Firebase Authentication — verifies your Google Sign-In token.
- Firebase Crashlytics — anonymised crash reports.
- Firebase Analytics — anonymised usage analytics.
- Firebase Remote Config — feature flags, limits, sync URLs.
All are subject to Google's Privacy Policy.
7. In-app purchases (Pro)
Pro subscriptions are processed by Google Play Billing. We receive only purchase confirmation and entitlement state. Payment card details are never shared with us.
8. Permissions
- Camera — to capture member photos and document attachments locally.
- Notifications — for due, meeting and backup reminders.
- Internet — for Google Sign-In, Firebase and Drive backup only.
- Biometric — to unlock the app via fingerprint, if you enable it.
- Drive (drive.appdata) — to read/write your private backup file. Only requested when you enable backup.
9. Data sharing
We do not sell, rent or share your data with third parties for their own purposes. Data is shared only with Google (Firebase, Drive, Play) to operate the Service, and when required by law.
10. Security
- Room database is encrypted at rest with SQLCipher (AES-256).
- Encryption keys are derived from the Android Keystore.
- Backups are AES-256 encrypted before upload to Drive.
- Google tokens are stored in EncryptedSharedPreferences.
11. Retention & deletion
- Local data — kept on your device until you delete it in-app or uninstall.
- Drive backups — kept in your own Drive until you delete them.
- Firebase data — retained per Google's defaults (typically 60–90 days for raw events).
- Account deletion — email info@blacknwhitestudio.com.
12. Your rights
Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, port or object to processing of your personal data. Email us to exercise any of these rights.
13. Children's privacy
FundNest is not directed to children under 13. We do not knowingly collect data from children. Contact us if you believe a child has provided personal data and we will delete it promptly.
14. Changes & contact
We may update this Privacy Policy. Material changes will be communicated via an in-app notice or release notes. Questions? Email info@blacknwhitestudio.com or WhatsApp +880 1945 936934.
Fund