Meet Arjun.
Arjun is 28, lives in Bangalore, works in tech. He doesn't think much about privacy. He's not doing anything to hide. He just lives his life, pays for things, and moves on.
Let's follow him through a Tuesday.
7:14 AM
Alarm goes off. Before he's out of bed, Blinkit. Milk and eggs. ₹94. Paid via UPI. Delivered in 12 minutes.
One transaction. Already, something is known. He shops impulsively in the morning. He lives somewhere with 10-minute delivery coverage, which narrows it to a handful of urban pockets. He buys small quantities, which suggests a single-person or small household. No bulk buying, so either a small fridge or someone who doesn't plan ahead.
From one transaction.
9:02 AM
He books an Ola to the office. ₹180. Pickup: his apartment complex. Drop: an office park in Whitefield.
Now we know his commute. About 14 kilometres, leaving around 9 AM. He doesn't drive. That's a lifestyle signal: late-ish start, probably a flexible desk job, not a factory shift.
1:18 PM
Swiggy. ₹340. A biryani place, delivered to his office address.
He eats at his desk. One portion, so he orders alone. ₹340 on a weekday lunch says disposable income. He's not counting rupees here. And the biryani skews something regional about where he grew up or what feels like comfort food.
7:45 PM
Amazon Pay. ₹1,299. A video game.
He games. Evening purchase. No long commute home. He spends on leisure without overthinking it.
11:03 PM
Netflix auto-renewal. ₹649. Premium plan, not basic.
He pays for individual subscriptions rather than a shared family plan. Probably living alone or with a flatmate.
One Tuesday. One Very Detailed File.
Now stretch this across 11 months. Add the Swiggy order with wine on a Friday. The pharmacy delivery that appears twice in January. The new address that starts showing up in March, which might mean a move, or a relationship. The food deliveries that drop off in November and a gym membership that appears, which signals a resolution of some kind.
A finance app sitting on Arjun's transaction history doesn't just see his spending. It sees the rhythm of his life. When he wakes up. What he eats alone. Whether something changed.
This is not theoretical. This is exactly what financial apps are building when they ask for access to your email inbox, your SMS feed, or your bank transactions.
Here's the Part That Gets Missed
Arjun's bank already knows all of this.
His UPI apps, PhonePe or Paytm, already see every merchant, every amount, every timestamp. That data exists and there is genuinely nothing he can do about it. That is the cost of participating in digital payments, and most people have made that peace.
The question is not whether his bank knows. The question is: why is he handing the same dataset to three or four more companies just so he can see a pie chart at the end of the month?
Every new app he connects to his financial life is another entity building a copy of that file. Another server somewhere holding a version of his Tuesday. Another privacy policy he won't read. Another potential breach. Another acquisition that might change what gets done with the data five years from now.
The banks have the data because they have to. The question worth asking is why the expense tracker does.
What Apps Are Actually Asking For
This is where it gets specific. A fair caveat first: we don't know with certainty how each of these companies processes, stores, or shares data internally. What we're working from is the access they request, which is publicly visible, and what that access technically enables. Companies claim to use data responsibly. We are not disputing that. We are asking what the access surface looks like from the outside, because that's all a user has to reason from.
CRED asks you to link your Gmail account to track credit card bills. Their privacy policy states they restrict reading to financial emails and don't access personal mail. That may well be true. But the OAuth permission they request from Google reads "View your email messages and settings," which is technically full inbox access. The boundary between financial and personal is a policy commitment enforced by their own code on their own servers. There is no technical lock that prevents broader access. You are trusting the claim.
Fold (fold.money) takes a better approach for bank accounts, using the Account Aggregator framework. But for credit card tracking, they use email access as well, since credit card data isn't on AA yet. Same situation applies: the permission is technically broad, the restraint is a stated policy.
Walnut and Money View work primarily by reading your SMS feed to detect transactions. The access that reads your HDFC alert also sees your OTPs, delivery confirmations, pharmacy orders, and gym renewal notices. The app surfaces spending data. The pipeline ingests considerably more.
PhonePe and Paytm, as UPI rails themselves, sit on the most complete picture of all. They are closer to infrastructure than apps at this point. But both have financial services arms offering credit, insurance, and investment products, which means your payment behaviour has direct commercial value to the same company.
Again, none of this is illegal, and for most of these companies, there is no reason to assume bad faith. The point is the access surface, and the question of whether that surface should be this wide just to see a spending breakdown.
The Breach That Hasn't Happened to You Yet
Even setting aside what these companies do with data intentionally, there is the question of what happens when things go wrong.
Data breaches happen. They happen to large, well-resourced companies. They happen to careful ones. Several Indian fintech and data companies have had significant incidents in recent years where user data ended up in places it shouldn't have. The names aren't the point. The pattern is.
When you grant a finance app access to your email or SMS history, you are not just trusting their product team today. You are trusting their security infrastructure, their third-party vendors, their data retention policy, and whoever inherits the database when the company is acquired, pivots, or winds down.
Arjun's biryani order on a Tuesday afternoon is harmless data in isolation. Arjun's salary band, health spend patterns, location history, inferred relationship status, and creditworthiness signal, all sitting together in one dataset, is something you really do not want to find on a leaked database.
The Problem I Keep Running Into
I'll be honest about where this is coming from.
I want to track my own spending. Not for anyone else, not to feed a recommendation engine or improve a lending model. Just for me, to understand where my money goes and make better decisions. That's a completely reasonable thing to want.
But every solution I've found asks me to hand over more than I'm comfortable with. My email. My SMS. My bank credentials through a screen I barely have time to read. And each time I connect one of these apps, I know I'm adding another name to the list of companies that now hold a version of my financial life.
My bank already has all of this. My UPI app already has all of this. I accepted that because I had to. What I cannot make peace with is the idea that to build a simple budget tracker for myself, I have to voluntarily expand that circle to include three more companies, each with their own servers, their own retention policies, and their own risk surfaces.
It shouldn't be this hard. The data is already on my phone. My transactions already flow through my device. There should be a way to do this locally, natively, without any of it leaving my hands at all.
That the default solution to personal finance is to give your inbox to someone else's cloud is the problem. And I don't think enough people are talking about it.
First in a series on what your apps actually know about you, and what a privacy-first alternative could look like.