Privacy Policy

Last updated: 10 April 2025

1. Overview

M-Pesa Tracker ("the App") is an Android application offered in both free and premium (feature-enriched) versions. It reads M-Pesa SMS messages on your device, classifies them as sent or received transactions, and displays spending analytics. The App is operated by an independent developer and is not affiliated with Safaricom PLC.

The App does not collect, transmit, or store any personal data on external servers. All processing occurs locally on your device.

2. Data we access

SMS messages (READ_SMS permission)

The App requests permission to read your SMS inbox solely to identify messages sent from the M-Pesa shortcode (MPESA) and extract transaction details (amount, balance, party name/phone, timestamp). Raw SMS content is never stored persistently; only the extracted transaction fields are saved to the on-device database.

Phone contacts (READ_CONTACTS permission)

The App requests permission to read your phone contacts to match transaction phone numbers to contact names, making your transaction history easier to read. Contact data is stored only in the on-device SQLite database and is never uploaded.

3. Data storage

All data — transactions, summaries, and contacts — is stored in an SQLite database located in the App's private storage directory on your Android device. This storage is accessible only to the App and to you (with root access or via Android backup). No data is synchronised to any cloud service.

4. Data sharing

We do not share your data with any third party, advertiser, or analytics service. The App contains no advertising SDKs and no analytics frameworks.

5. Data retention and deletion

Data is retained on your device for as long as the App is installed. You can delete all data at any time by uninstalling the App, which removes the private storage directory and all associated files. See our Data Deletion page for in-app deletion instructions.

6. Children's privacy

The App is not directed at children under the age of 13. We do not knowingly collect data from children.

7. Security

The App provides an optional 4-digit PIN that is hashed with SHA-256 before being stored in Android SharedPreferences. We recommend enabling the PIN to protect your financial data if your device is shared.

8. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will reflect any changes. Continued use of the App after changes constitutes acceptance of the updated policy.

9. Contact us

If you have questions about this Privacy Policy, please contact us.