Privacy Policy
Last updated: July 2026
This Privacy Policy explains how SPV Services collects, uses, and protects your personal information when you use our Android application and related web services. By using SPV Services, you agree to the terms described in this policy.
1. Information We Collect
We collect the following categories of information to provide and improve our services:
- Account Information: Name, email address, phone number, website URL, and password when you register.
- Identity Documents (KYC): Photographs of your National ID (NID), Passport, or TIN Certificate, and a live selfie image used for identity matching.
- Payment SMS Messages: Incoming SMS payment confirmation messages from bKash, Nagad, and Rocket received on your registered device. Only payment-related messages from these providers are processed.
- Transaction Data: Payment amounts, transaction IDs, sender mobile numbers, timestamps, and payment providers extracted from SMS messages.
- Wallet Numbers: Your registered bKash, Nagad, and Rocket wallet numbers used to identify incoming payments.
- Device Information: Android device information required for app functionality and SMS monitoring service.
2. How We Use Your Information
- To verify your identity and comply with fraud prevention requirements.
- To detect and record incoming payment SMS messages on your device.
- To provide real-time payment verification through our API for your website or app.
- To display your transaction dashboard, reports, and alerts.
- To issue and manage your API key after subscription activation.
- To send important account notifications (KYC status, subscription, account alerts).
- To investigate and prevent fraudulent or abusive use of the platform.
- To improve our services and fix technical issues.
3. SMS Permission
SPV Services requires READ_SMS and RECEIVE_SMS Android permissions to function. These permissions are used exclusively to:
- Detect incoming payment confirmation SMS messages from bKash, Nagad, and Rocket.
- Extract transaction details (TxnID, amount, sender) from those messages.
We do not read, store, or transmit any SMS messages other than payment confirmations from the above providers. Personal messages, OTPs, or messages from other senders are never accessed or processed.
4. Data Storage & Security
- All data is stored securely in Google Firebase Firestore, a cloud database provided by Google LLC.
- KYC identity documents (photos, selfie) are stored as encrypted data within Firestore documents. They are not uploaded to public storage.
- Access to your data is restricted: you can only read your own data, and administrators can access it only for verification and support purposes.
- API keys are generated using cryptographically secure random values and are protected by biometric authentication in the app.
- We implement Firestore Security Rules to prevent unauthorized access between accounts.
- All communication between the app and Firebase is encrypted via TLS/HTTPS.
5. Data Sharing
We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share data only in the following circumstances:
- Service Providers: Google Firebase (data storage, authentication) — bound by Google's data processing terms.
- Legal Requirements: If required by applicable law, court order, or government authority.
- Business Transfer: In the event of a merger or acquisition, data may be transferred to the new owner under the same privacy commitments.
6. Data Retention
- Account data is retained for as long as your account is active.
- Transaction records are retained for up to 12 months from the transaction date.
- KYC documents are retained for verification compliance purposes and deleted within 90 days of account deletion.
- Cached photos taken during KYC on your device are deleted immediately after successful submission.
7. Your Rights
You have the following rights regarding your personal data:
- Access: You can view your account information, transaction history, and KYC status inside the app.
- Correction: You can update your profile information in Settings.
- Deletion: You may request deletion of your account and all associated data by contacting us. Account deletion is processed within 7 business days.
- Portability: You may request an export of your transaction data by contacting support.
8. Children's Privacy
SPV Services is intended for merchants and business users. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has provided personal data, we will delete it promptly.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. Continued use of SPV Services after changes are made constitutes your acceptance of the updated policy.
10. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us: