Usage Policy
Last updated: 10 April 2025
This Usage Policy explains what the App does with the Android permissions it requests, and what it will never do.
SMS permission (READ_SMS)
| We will | We will never |
|---|---|
Read messages from the MPESA sender only. | Read personal messages from friends, family, or other apps. |
| Parse transaction details (amount, balance, party, date). | Store raw SMS content on the device or anywhere else. |
| Store parsed fields locally in an SQLite database. | Upload any SMS content to a server. |
Contacts permission (READ_CONTACTS)
| We will | We will never |
|---|---|
| Read contact names and phone numbers to match transactions. | Access contact emails, photos, or addresses. |
| Store name + phone in the on-device database only. | Share contact data with any third party. |
Permissions you can revoke
Both permissions are optional. The App works without them, but with reduced functionality:
- Without READ_SMS: transaction history will not be imported automatically. You will need to tap "Sync" and grant the permission when prompted.
- Without READ_CONTACTS: transactions will show phone numbers instead of contact names.
To revoke a permission: Android Settings → Apps → M-Pesa Tracker → Permissions.
No internet access
The App does not request the INTERNET permission and cannot make network requests. There is no way for the App to transmit your data even if it wanted to.
No background services
The App does not run background services, scheduled jobs, or push notifications. It is active only when you open it.