Made by Lakshya & Harsh
now go pay
without the internet.
without the internet.
Plain-language version. Read this in full: it covers what we do and don't do with your data, and what you're agreeing to when you use OffPay.
OffPay does not collect, transmit, sell, share or back up any of your data to us or any third party. There is no OffPay account, no analytics, no advertising. Everything you do in OffPay stays on your device. After install, the app makes zero outbound network requests.
OffPay needs a few pieces of information to dial *99# on your behalf and answer the carrier's prompts. Your UPI ID, payment amount and optional note live in app memory during a session, and on success are saved to an encrypted on-device history. The carrier's reply text is shown to you and recorded for successful payments. Your active SIM's carrier name is read once on launch to detect Jio (which doesn't reliably support *99#). Your operation-mode preference and last balance are saved in a private on-device key-value store. Scanned or imported QR codes are decoded in memory only, they are never stored.
We do not read your name, email, phone number, contacts, location, IMEI, IMSI, advertising ID, or device ID. We do not have access to your bank account. The accessibility service is restricted by configuration to the system USSD dialog packages and ignores every other app and screen on your device.
Your UPI PIN lives only in volatile memory and is wiped within 500 milliseconds of any session ending (success, failure, timeout or cancel) and on app backgrounding. It is never written to storage, never logged, never sent over the network, and is masked as four bullets in any UI surface that might display it. The carrier-side handling of your PIN is the same path BHIM, GPay and your bank's own app use.
Successful payments are saved to a local SQLite database encrypted with SQLCipher. The raw file on disk is unreadable without the app's key. The database is capped at 200 most-recent records and you can clear it any time from the History screen. Uninstalling OffPay deletes everything.
Phone (CALL_PHONE): only ever used to dial *99# codes, never regular numbers. Camera: live QR scanning, processed on-device by ML Kit, frames are not stored or uploaded. Phone state (READ_PHONE_STATE): reads the carrier name to apply the Jio fail-fast rule. Accessibility service: reads the carrier USSD dialog and types replies for you, restricted to known carrier dialog packages. Display over other apps (SYSTEM_ALERT_WINDOW): paints the OffPay UI over the carrier dialog in Auto mode. Denying any optional permission still leaves Manual mode fully usable.
OffPay is intended for users old enough to operate a personal UPI account. We do not knowingly direct OffPay at children, and we do not collect any data that would let us identify a child or anyone else.
If we ever change how OffPay handles data, this screen will be updated, the effective date will be bumped and the change will be highlighted in the corresponding release notes. The repository's git history is the canonical record of every revision.
Questions or concerns about privacy? Open an issue on the project's repository on GitHub.