← Work

Forgot Again?

In development

Auto-captures every baht and kyat — 100% on-device, never your bank login

The problem

In Thailand and Myanmar, personal-finance apps force a bad trade: cloud aggregators that auto-sync but want your bank credentials, or offline apps that are private but make you type every transaction. Forgot Again? refuses the trade — it captures transactions automatically, entirely on-device, and never asks for a bank login.

Privacy as architecture

The capture pipeline is the whole thesis, and it runs locally. On Android, a native NotificationListenerService feeds bank and e-wallet push notifications to an on-device parser; transfer-slip screenshots are read with on-device OCR + EMVCo QR decoding. Raw notification text and bank data never leave the phone. No credentials are ever collected — privacy isn’t a setting, it’s the design.

Engineering highlights

  • Declarative, per-bank parser rules — each bank (KPLUS, TrueMoney, KBZPay…) is a JSON-serialisable object: amount regex, income/expense predicates, OTP/promo ignore-rules, payee/reference extraction, and a confidence score that routes uncertain parses to a review queue. Rules are designed to be remotely updatable without shipping a new app version.
  • Trilingual capture — Thai, English, and Burmese, with Myanmar (KBZPay/MMK) support first-class, not an afterthought.
  • Ownership-derived entitlement — Pro is re-derived from store ownership on every launch with local RSA-signature verification, rather than a spoofable flag.
  • Sync-ready schema without over-building — every table carries UUID keys, updatedAt, and soft-delete tombstones; a last-write-wins sync engine and AES-GCM client-side encryption exist but are intentionally left un-wired until needed.

Flutter (Android flagship + iOS), Drift over SQLite as the local source of truth, biometric lock, encrypted backups you own (Google Drive / CSV).