Privacy Policy

Last updated: March 2, 2026  |  Effective: March 2, 2026

1. Who We Are

NinjaX ("we," "us," or "our") is an Android application developed by CryptonStudio that helps users track, manage, and cancel recurring subscriptions. By using NinjaX, you agree to this Privacy Policy.

For privacy questions, contact us at: support@cryptonstudio.app

2. Data We Do NOT Collect

We want to be completely transparent about what we don't do:

• We do not upload your subscription list, financial data, or spending history to any server
• We do not collect or store your name, email address, or personal information on our servers
• We do not require account registration to use the app
• We do not track your location
• We do not share or sell your data to third parties
• We do not read your SMS, contacts, or personal communications
• We do not have access to your bank accounts or payment credentials

3. Data Stored On-Device

All subscription data you enter — service names, amounts, billing cycles, renewal dates, and categories — is stored exclusively on your device in a locally encrypted database (SQLCipher with AES-256 encryption).

This data is never transmitted to our servers. It is as secure as your device itself. We recommend enabling device encryption and a strong screen lock for maximum protection.

4. Notification Access (Optional — Pro Feature)

The Pro tier of NinjaX includes an optional feature to automatically detect subscriptions from payment notifications (e.g., UPI payment apps like PhonePe, Google Pay, Paytm). This requires the Notification Access permission on Android.

If you grant this permission:

• NinjaX reads notifications only from a pre-approved list of financial apps (UPI and payment services). All other app notifications are ignored and never read.
• Notification content is processed entirely on-device — it is never sent to our servers or any third party.
• Only the transaction amount and merchant name are extracted and stored locally to auto-populate subscription entries.
• You can revoke this permission at any time via Android Settings → Apps → NinjaX → Permissions.

This permission is optional. The free tier of NinjaX does not use or request notification access.

5. AI Email Drafting (Pro Feature)

The Pro tier includes an AI-powered feature that drafts cancellation emails on your behalf. This works as follows:

• When you request a cancellation email, the name of the subscription service you wish to cancel is sent to a CryptonStudio Firebase Cloud Function.
• This function calls the OpenAI API (GPT-4o-mini) to generate a professional cancellation email draft.
• The draft is returned to your device and displayed in-app. You review and send it from your own email client.
• No personal information (your name, email address, payment details, or full subscription list) is sent to the Cloud Function or to OpenAI.
• Only the service name is transmitted (e.g., "Netflix", "Spotify"). This minimal data is required solely to generate the email draft.

OpenAI's use of this data is governed by the OpenAI Privacy Policy. CryptonStudio does not store these requests beyond the duration of the API call.

6. Permissions Used

NinjaX requests the following Android permissions:

• Notifications (POST_NOTIFICATIONS): Required to deliver renewal alerts and free trial expiry warnings to your notification tray.
• Notification Access (NotificationListenerService) — Optional, Pro only: Used to detect subscription transactions from UPI and payment app notifications. Scoped strictly to financial app packages.
• Internet: Required for the AI email drafting feature (Pro) and for RevenueCat subscription verification.
• Receive Boot Completed: Required to reschedule renewal alerts after device restart.

7. In-App Purchases & RevenueCat

NinjaX uses RevenueCat to manage Pro subscriptions. When you make a purchase:

• Payment is processed entirely through Google Play Billing. NinjaX never sees or stores your payment information.
• RevenueCat verifies your purchase status using an anonymous Google Play purchase token — not your personal details.
• RevenueCat's data practices are governed by the RevenueCat Privacy Policy.

8. Firebase Services

NinjaX uses the following Firebase services from Google:

• Firebase Cloud Functions: Used to proxy AI email generation requests (service name only, no personal data).
• Firebase Authentication: Used anonymously for Cloud Function access control. No account creation or personal data is collected.
• Firebase Crashlytics (if enabled): Collects anonymized crash reports to help us fix bugs. No subscription data is included.

9. Advertising (Free Tier)

The free version of NinjaX displays advertisements served by Google AdMob. AdMob may collect device identifiers and usage data to serve relevant ads, governed by Google's Privacy Policy.

Pro users see no ads. Upgrading to Pro completely disables AdMob.

10. Children's Privacy

NinjaX is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you have concerns, please contact us and we will investigate promptly.

11. Data Security

We take the security of your financial data seriously:

• All on-device subscription data is encrypted using SQLCipher (AES-256)
• No financial data is transmitted to our servers
• AI email requests transmit only the service name — never your personal information

12. Your Rights

Since all your subscription data is stored locally on your device, you have complete control:

• Access: Your data is on your device — view it anytime in the app.
• Delete: Deleting the app removes all locally stored data. You can also delete individual subscriptions within the app at any time.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the date at the top of this page. Continued use of NinjaX after changes constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy, please reach out:

• Email: support@cryptonstudio.app