← nebulixlabz.com|All privacy policies
Avixo logo

Avixo

Privacy Policy · Last updated: 28 May 2026

About Avixo

Avixo is a group expense tracker built for India, developed by Cyberpeak Apps and published under Nebulixlabz. Avixo helps friends, flatmates, and families record shared expenses and track who owes what. When you want to repay someone, Avixo can generate an optional UPI deep-link that opens your existing UPI app (GPay, PhonePe, Paytm, BHIM, etc.) — the payment itself happens inside that app, through your bank. Avixo is not a wallet, payment processor, or financial service. We never hold, route, or touch your money.

The short version

If you read nothing else, read this:

  • Avixo is a productivity / expense tracking app. It does not provide any financial features and does not process payments.
  • We collect what's needed to run the app: your account identity, profile, expense data, and diagnostics.
  • We don't collect SMS, location, contacts, microphone, or browsing history.
  • We share data only with Google Firebase, which runs our backend. No advertisers, no analytics resellers, no data brokers.
  • Your data is stored in Firebase's asia-south1 region (India).
  • You can delete your account any time — in-app or by emailing nebulix.labz@gmail.com. See our delete-account page for the full process.

What we collect and why

Avixo collects only what's needed to make the app work for you and the people you log expenses with.

  • Account identity — your email address and (if you sign in with Google) your linked Google account, used to sign you in and identify your data.
  • Profile — display name and profile photo URL, used to show who created an expense or owes a balance.
  • Optional contact — phone number and UPI ID / VPA, if you choose to add them, so friends can find you and you can be the recipient of an optional UPI repayment deep-link.
  • Expense data — group expenses, splits, repayment records, and personal expenses you record, which power the entire balance and ledger feature.
  • Push notification tokens (FCM) — used only to send you balance updates and reminders.
  • Crashlytics diagnostics — crash stack traces and device model / OS version when the app crashes, used to fix bugs.

How UPI repayment deep-links work

When you tap "Repay" in Avixo on a balance you owe a friend, we don't process a payment. Avixo constructs a standard UPI deep-link (a `upi://pay?…` URL) with the recipient's UPI ID and the amount, and hands that link to your phone. Your existing UPI app opens, you confirm the payment there, enter your PIN inside that UPI app (Avixo never sees it), and the actual money moves through your bank and the UPI network — not through Avixo. After the payment goes through, you mark the balance as repaid inside Avixo so the ledger stays accurate. Avixo is not a Payment Aggregator, Payment Service Provider, Prepaid Payment Instrument issuer, or Third-Party Application Provider under NPCI's UPI ecosystem. It does not access the UPI network directly, doesn't create VPAs, and doesn't initiate or settle transactions.

Who we share data with

We share data with exactly one third party: Google, as the operator of the Firebase backend infrastructure that powers Avixo. Specifically:

  • Firebase Authentication — verifies your identity when you sign in.
  • Cloud Firestore — stores your profile, expenses, groups, repayment records.
  • Cloud Storage — stores any optional receipt photos you upload.
  • Cloud Messaging (FCM) — delivers push notifications.
  • Crashlytics — collects crash diagnostics so we can fix bugs.

What we don't share

No advertising networks. No analytics resellers. No data brokers. We don't sell, rent, or trade your data to anyone, ever.

Where data is stored

Avixo's Firebase project is hosted in the asia-south1 region — Mumbai, India. Your data is stored in India.

How long we keep it

We keep your data for as long as your account is active. When you request account deletion (in-app or by email — see our delete-account page), your profile, expense records, group memberships, repayment logs, and notification tokens are permanently deleted within 7 days. Backup copies are purged within 90 days. After that, nothing personal that ties back to you remains in our systems.

A note on shared expense records

Because shared expenses involve multiple people, we cannot fully erase expense entries that other group members still rely on for their own balances. When you delete your account, your name is anonymised on those records so the remaining members' ledgers stay consistent. Your phone number, UPI ID, profile photo, and personal expenses are deleted entirely.

Your rights (DPDP Act 2023)

Under India's Digital Personal Data Protection Act 2023, Nebulixlabz is the Data Fiduciary for Avixo. The lawful basis for processing is consent (for notifications) and contract performance (for the core app functionality you signed up to use). You have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Request erasure of your account and personal data.
  • File a grievance with our grievance officer.

Grievance redressal & breach notification

Our grievance officer for v1 is reachable at nebulix.labz@gmail.com. This address also serves as the DPDP grievance contact. In the event of a personal data breach affecting you, we will notify affected users and the Data Protection Board of India within 72 hours where required by law.

Security

All communication between the Avixo app and Firebase is encrypted in transit using TLS (this is the default for the Firestore SDK). Firebase Authentication handles identity verification. Firestore Security Rules restrict every read and write to authenticated users accessing their own data — we don't grant blanket access even to ourselves through the app.

Permissions Avixo requests on Android

Avixo asks for the minimum permissions needed to function:

  • Internet — required, for all backend communication with Firebase.
  • Vibrate — optional, used for in-app haptic feedback.
  • Post Notifications — optional, used to send balance updates and reminders.

What we don't ask for

To be explicit, Avixo does NOT request:

  • Location access
  • Contacts access
  • SMS read access
  • Microphone access
  • Advertising ID access

Children

Avixo is intended for users aged 18 and over. It is not directed at children. We do not knowingly collect personal data from anyone under 18. If we learn that an account belongs to a minor, we delete the account and its data.

Changes to this policy

If we make material changes to this policy, we'll show an in-app notice and email you at your registered address before the changes take effect. Non-material changes (clarifications, formatting) are reflected by bumping the "Last updated" date at the top of this page.

Contact

Questions, requests, or grievances? Email nebulix.labz@gmail.com. Website: https://nebulixlabz.com. Package name: com.cyberpeak.avixo. Last updated: 28 May 2026.

Want to delete your Avixo account? See the account-deletion page for the request process and what gets deleted.

Questions? Contact us at nebulix.labz@gmail.com