BigOTP — Privacy Policy

    The short version: BigOTP reads your OTP notifications on your device only.
    Nothing is ever sent to us or any third party. We collect zero personal data.
  

Who we are

BigOTP is a free Android accessibility app. It is developed and maintained independently. You can reach us at sriram.vish@gmail.com.

What data BigOTP accesses

BigOTP uses Android's Notification Listener service to read notifications delivered to your device. Specifically, it looks for OTP (one-time password) codes inside SMS notifications.

Notification content — read on your device to extract the OTP code and display it. The raw notification text is briefly stored in device memory and in a local history (on-device only).
Nothing else — BigOTP does not access your contacts, call logs, location, camera, microphone, or any other sensitive data.

What data BigOTP does NOT collect

No OTP codes are ever transmitted off your device.
No notification content is ever sent to any server.
No personal identifiers (name, phone number, email, device ID) are collected.
No usage analytics or crash reports are sent anywhere.
No advertising SDKs are included. No ads are shown.
No account is required. No sign-in exists.

Local storage

BigOTP stores a short history of recent OTP codes in your device's local storage using Android DataStore. This data:

Never leaves your device.
Is automatically deleted when each code expires.
Is deleted when you uninstall the app.
Can be cleared at any time via Android Settings → Apps → BigOTP → Clear data.

Network usage

BigOTP periodically fetches an OTP pattern configuration file from a content delivery network (CDN). This fetch:

Contains no user data — it is a plain HTTP GET with no cookies, tokens, or identifiers.
Is used only to keep BigOTP up-to-date with new bank and app OTP formats.
Falls back to a bundled copy if your device is offline — BigOTP works fully without internet access.

Permissions explained

Notification access — Required to read OTP notifications from your SMS app. BigOTP does not request the READ_SMS permission and cannot access your message history.
Display over other apps (SYSTEM_ALERT_WINDOW) — Used to show a floating code bubble while you are typing in another app. This permission is optional; you can decline it and still use the full-screen display.
Internet access — Used only for the CDN pattern fetch described above. No user data is transmitted.
Receive boot completed — Allows BigOTP to restart its background monitor after your device reboots, so you never miss an OTP.

Text-to-Speech

BigOTP uses Android's built-in Text-to-Speech engine to read OTP digits aloud. This processing happens entirely on your device. No audio is recorded or transmitted.

Children's privacy

BigOTP is not directed at children under the age of 13. We do not knowingly collect any information from children.

Changes to this policy

If we make material changes to this privacy policy, we will update the "Last updated" date above. Continued use of BigOTP after any changes constitutes acceptance of the updated policy.

Contact

Questions or concerns about this privacy policy?
Email: sriram.vish@gmail.com