🔒 PesaTrack Privacy Policy

Last updated: April 23, 2026

            Key point: PesaTrack stores all your data locally on your device.
            No data is transmitted to any server, cloud service, or third party. Ever.
        

1. What PesaTrack Does

PesaTrack is a passive expense tracker for Android. It reads incoming M-PESA and bank SMS messages, parses transaction details (amount, recipient, date, transaction code), and saves them locally on your device for categorization, budgeting, and review.

2. SMS Data We Access

PesaTrack requests the following Android permissions:

RECEIVE_SMS — To detect incoming M-PESA and supported bank SMS messages in real time
READ_SMS — To import historical transaction SMS from your message inbox (user-initiated only)

PesaTrack only reads SMS from specific senders:

M-PESA (sender: "MPESA")
NCBA Bank (sender: "NCBA")

Personal SMS messages from contacts, promotional messages, and SMS from unsupported senders are never read, accessed, or stored.

3. What Data Is Stored

From each qualifying transaction SMS, PesaTrack extracts and stores:

Transaction amount (KES)
Recipient name and number/till/paybill
Transaction date and time
M-PESA transaction code (e.g., "ABC123XYZ")
Transaction cost (if present in the SMS)
Payment type (Send Money, Buy Goods, Pay Bill, etc.)

Additionally, you may manually enter expenses or import from Excel spreadsheets. Category assignments, budgets, and settings are also stored locally.

4. Where Data Is Stored

            100% on-device. All data is stored in a local Room database and
            DataStore preferences on your Android device. PesaTrack has no backend server,
            no cloud sync, and no internet permission.
        

PesaTrack tracks anonymous usage counters locally on your device (e.g., number of app opens, features used) to help us improve the product. These counters are stored alongside your other app data in DataStore preferences.

The app does not contain the INTERNET permission and is physically incapable of transmitting any data off your device.

5. Data Sharing

PesaTrack does not share your data with anyone.

No data is sent to any server or cloud service
No data is shared with third-party SDKs, analytics, or advertising networks
No data is sold, rented, or licensed to any party

5.5 User-Initiated Sharing

Certain features allow you to voluntarily share information outside the app:

Feedback emails: When you tap "Contact & Feedback," a draft email is prepared. Usage context (e.g., app version, usage milestones) may be included to help us assist you. You can review and remove any information before sending.
Backup files: Database backups that you create and export may contain your expense data and settings. These files stay on your device unless you choose to share them.

In all cases, you initiate the sharing action and can review exactly what is being sent before it leaves your device.

5.6 Third-Party Services (Future)

In future versions, PesaTrack may integrate the following Google services:

Google Play In-App Review API: May prompt you to rate the app within the Google Play review flow. No personal data is shared with PesaTrack through this process.
Google Play Billing: If premium features are introduced, purchases will be handled through Google Play's billing system. Transaction details are managed by Google Play, not by PesaTrack.

These integrations will require the INTERNET permission. If and when this permission is added, this privacy policy will be updated accordingly, and the change will be communicated through an app update.

6. Data Security

PesaTrack offers an optional PIN lock with biometric unlock (fingerprint/face) to prevent unauthorized access to the app. The PIN is stored as a salted SHA-256 hash — the raw PIN is never stored.

Your data inherits the security of your Android device (device encryption, screen lock). PesaTrack does not implement additional database encryption, as the app's threat model is casual-access prevention, not forensic-level protection.

7. Your Rights & Data Deletion

You have full control over your data:

View: All your expense data is visible in the app at all times
Edit: You can re-categorize, exclude, or modify any expense
Delete: Clear all app data via Android Settings → Apps → PesaTrack → Clear Data
Uninstall: Removing the app deletes all stored data permanently

Since no data leaves your device, there is no server-side data to request deletion of.

8. Children's Privacy

PesaTrack is not directed at children under 13. The app requires access to financial SMS messages, which is inherently an adult use case.

9. Changes to This Policy

If we update this privacy policy, the updated version will be posted at this URL and the "Last updated" date will be revised. Material changes affecting data handling will be communicated through an app update.

10. Contact

If you have questions about this privacy policy or PesaTrack's data practices:

📧 Email: joelmumo.jm@gmail.com

🐙 GitHub: github.com/J-Mumo/PesaTrack