A private expense tracker that doesn't ask to read your SMS

Most expense apps in India lean on broad permissions — SMS, notifications, sometimes bank-account linkage — to auto-log spending. Here's what changes when you flip that model.

Open in Telegram

Free tier · 20 messages and 2 questions per day

There's a quiet trade in most personal-finance apps: convenience for permissions. Let us read your SMS, and we'll auto-categorise everything. For many users that's a fair deal. For others — especially anyone who's noticed how many ad networks those permissions reach through — the trade has gotten worse over time.

Hisaab is a different shape. It only sees what you type. There are no SMS permissions, no notification access, no bank-account linkage, and no third-party trackers running on your bot data.

What "private" actually means here

No SMS permission. The bot doesn't read your messages app. Your bank alerts stay between you and your bank.
No bank linking. Hisaab never asks for account credentials. There is no aggregator integration.
No third-party trackers against your bot conversation. No Google Analytics, no Mixpanel, no Segment listening to what you log.
Per-household scoping. Every analytics query is hard-scoped to your household at the SQL-validator level. Even if the language model tried to cross-query, it would be blocked before the query ran.
One-command deletion. /delete wipes your account, expenses, learned categorisations, and usage counters in a single transaction.

The three places your data exists

Honest disclosure of every system that sees your messages:

Neon (Postgres database, AWS Singapore) — stores your expenses long-term. Encrypted at rest.
Vercel (US, where the webhook function runs) — handles request traffic. Function logs may briefly contain message text and Telegram user IDs while requests are processing; logs are deleted within 24 hours.
fal.ai → OpenRouter → Anthropic — your message text is sent through this chain to Claude Haiku for parsing. Your Telegram identity is never sent — only the message text. These providers may briefly retain prompts per their own policies.

What we don't do

No advertising. Hisaab has no ads, ever.
No selling, renting, or sharing your data with anyone for marketing.
No human reads your data, except briefly when debugging an error you've reported.
No retention games — when you /delete, your data is gone, not soft-deleted.

Want even more privacy?

Self-host it. Hisaab is open source under the MIT licence. You can clone the repo (github.com/NoobAIDeveloper/hisaab), run your own Postgres, register your own Telegram bot, and end-to-end the data flow on your own infrastructure. The only third party left is the LLM for parsing — and you can swap that for any model you want.

Frequently asked

Will Hisaab ever add ads or analytics on user data?

No — the project's design assumes no ads, ever. Future paid tiers (if they exist) would be subscription-based, not ad-supported.

How do I verify what Hisaab actually does?

Read the source. Every line of the bot's code is at github.com/NoobAIDeveloper/hisaab under MIT licence. The Postgres schema, the LLM prompt, the validator — all visible.

Is my data sent to OpenAI / ChatGPT?

No. Hisaab uses Anthropic's Claude Haiku model for parsing, accessed through fal.ai → OpenRouter. No data goes to OpenAI.

What does /delete actually do?

Single database transaction: deletes your usage counters, your taught category overrides, your expense rows, your user record, and (if you were the only member) your household. There is no soft-delete or 30-day grace period.

Try Hisaab — free, no install.

Open in Telegram