Forgot Again?
In developmentAuto-captures every baht and kyat — 100% on-device, never your bank login
The problem
In Thailand and Myanmar, personal-finance apps force a bad trade: cloud aggregators that auto-sync but want your bank credentials, or offline apps that are private but make you type every transaction. Forgot Again? refuses the trade — it captures transactions automatically, entirely on-device, and never asks for a bank login.
Privacy as architecture
The capture pipeline is the whole thesis, and it runs locally. On Android, a native
NotificationListenerService feeds bank and e-wallet push notifications to an
on-device parser; transfer-slip screenshots are read with on-device OCR + EMVCo QR
decoding. Raw notification text and bank data never leave the phone. No
credentials are ever collected — privacy isn’t a setting, it’s the design.
Engineering highlights
- Declarative, per-bank parser rules — each bank (KPLUS, TrueMoney, KBZPay…) is a JSON-serialisable object: amount regex, income/expense predicates, OTP/promo ignore-rules, payee/reference extraction, and a confidence score that routes uncertain parses to a review queue. Rules are designed to be remotely updatable without shipping a new app version.
- Trilingual capture — Thai, English, and Burmese, with Myanmar (KBZPay/MMK) support first-class, not an afterthought.
- Ownership-derived entitlement — Pro is re-derived from store ownership on every launch with local RSA-signature verification, rather than a spoofable flag.
- Sync-ready schema without over-building — every table carries UUID keys,
updatedAt, and soft-delete tombstones; a last-write-wins sync engine and AES-GCM client-side encryption exist but are intentionally left un-wired until needed.
Flutter (Android flagship + iOS), Drift over SQLite as the local source of truth, biometric lock, encrypted backups you own (Google Drive / CSV).