iOSAndroid
Product Updates

How Kiwi Money handles your SMS data

And why we'll never touch your sensitive messages

Kavishma J.
4 min read
Teal-toned cityscape with privacy icon representing how Kiwi Money protects SMS transaction data

We've been fielding a lot of questions lately about how we handle SMS data, particularly around OTPs and privacy. These are fair questions, and you deserve straight answers. So here's exactly how it works, no hand-waving.

The Short Version

We read your bank transaction SMSes to track your expenses automatically. We filter out everything else, including OTPs, right on your device. If you enable our optional Promos feature, we also process promotional SMS from your banks to show you card offers in one place. We don't touch your bank account. We don't sell your data. Subscriptions keep the lights on.

Now, the longer version.

Why SMS in the First Place?

Sri Lanka doesn't have open banking infrastructure. There's no standardized API that lets apps talk to your bank securely on your behalf, the way you might see in the UK or parts of Europe. SMS is the only reliable channel we have for automating expense tracking here.

We're not pretending this is the ideal solution. But it's the only one that actually works for the problem we're solving, and we've built tight guardrails around it.

You Never Share Your Bank Credentials

This is worth saying clearly: Kiwi Money never asks for your bank login, your password, or any banking credentials. We have zero access to your bank app. The only thing we work with is the transaction SMS your bank sends to your phone.

Can You Read My Personal Messages

No. Our app only looks for bank transaction SMS based on known sender IDs and message formats from Sri Lankan banks.

If a message doesn't match, it's never read, never processed, and never leaves your phone. We have zero interest in your personal conversations.

What Happens to Your SMS on Your Device

When an SMS arrives, our app runs a filter locally, on your device, before anything leaves your phone.

OTPs? Discarded. Personal messages? Ignored. Messages from non-bank senders? Ignored.

By default, only transaction-related SMS from your banks gets processed. If you enable our optional Promos feature, promotional SMS from your banks also gets processed so we can display card offers in the app.

Everything else stays filtered out. This isn't an afterthought. We built it this way deliberately, both for your privacy and to comply with data protection regulations.

What We Actually Store

From your transaction SMS, we extract only what's needed to show you where your money is going:

  • Amount and currency
  • Merchant name or reference
  • Transaction date and time
  • Account balance
  • Account/Card number
  • Whether it's a debit or credit

If you enable Promos, we additionally extract from promotional SMS:

  • Merchant name
  • Discount or offer details
  • Card type and bank
  • Validity dates
  • The original message for reference

How We Protect That Data

Your transaction data is stored in a way that can't be traced back to you as an individual. We don't store personal identifiers alongside your financial data. Data we don't need gets deleted. And if you ever want to wipe everything, you have that option, full stop.

"But What About My OTPs?"

This is the concern we hear most, so let's address it head-on.

First: we don't store OTPs. They're filtered and discarded on your device before they ever reach us.

But even in a hypothetical scenario where someone had access to an OTP, it's effectively useless on its own. An OTP without the associated login credentials and an active session is like having a house key with no address. Nobody's getting in with just that.

We never have access to your login credentials or active banking sessions. Period.

Why We Charge Subscriptions

There's a common business model in fintech where the app is free and your personal data is the product. We went the other direction.

Subscriptions are how we pay the bills. Your personal information is never sold to or shared with third parties. We believe your identity, your accounts, and your individual financial details should remain private, and the subscription model is what makes that possible.

Still Have Questions?

We mean it when we say transparency matters to us. If something here doesn't make sense or you want to dig deeper, reach out. We'll answer everything we can.

Stop guessing where your money goes

Say goodbye to manual spreadsheets. Get the best automated money manager designed for Sri Lanka.

Download the app
Download on the App StoreGet it on Google Play

Related posts

Credit card icon over a green countryside landscape representing how expense tracking should feel effortless in 2025

Is your expense tracker helping you... or giving you homework?

Dec 15, 2025
Dollar sign and plus icons over a dense Sri Lankan apartment building representing where your salary goes each month

Why most Sri Lankans don't know where their salary goes

Feb 5, 2026