This Privacy Policy describes how PesaTracker (“the App,” “we,” “us”) handles information when you use our Android application published on Google Play under the developer account fundevcrafts (package com.fundevcrafts.pesatracker).
Important: PesaTracker is designed as a local, on-device money journal. It does not operate a sign-in server or a cloud database controlled by us for your M-Pesa SMS content. Any transmission of your data off the device happens only through your device’s operating system, your chosen backup/export flows, or tools you separately use (for example email, cloud drives, or messaging apps).
Contact: fundevcrafts@gmail.com
| Topic | What we do |
|---|---|
| M-Pesa SMS | The App may read SMS messages from your device that match M-Pesa / MPESA sender patterns, only to build your transaction journal, balances, fees, and related insights on your device. |
| Our servers | We do not receive your SMS bodies or a copy of your inbox through the App’s own network APIs. The App’s manifest does not declare general Internet access for sending your journal to us. |
| Storage | Categories, notes, budgets, events, app preferences, and similar data are stored on your device (including encrypted storage where implemented). |
| Exports & backups | When you export CSV/JSON or save a backup file, you choose where it goes (e.g. Downloads, Drive, email). We do not control that destination. |
| App lock & biometrics | Optional PIN and device biometrics are used on-device to unlock the App; biometric templates are handled by Android, not sent to us. |
| Notifications | Optional local notifications (e.g. reminders) may use notification permission where the OS requires it. |
You are a user of PesaTracker on an Android device. This policy applies to the App only. It does not govern third-party services (Google Play, your device manufacturer, your mobile carrier, M-Pesa/Safaricom, or apps you use to share exported files).
Purpose: Core functionality is SMS-based money management / journaling: reading M-Pesa-related SMS from the device SMS inbox (via the system SMS content provider) to extract transaction details (such as amounts, fees, types, and timestamps) and to show summaries inside the App.
Scope: The App is intended to work with messages associated with M-Pesa senders (for example identifiers such as MPESA / M-PESA as implemented in the App). It is not intended to read your full personal SMS history for unrelated purposes.
When: SMS is read when you use features that depend on it (for example opening Home, History, Insights, or related screens) and when you have granted the SMS permission in Android settings.
If you deny SMS access: Features that depend on parsing M-Pesa SMS will be limited or unavailable. Other parts of the App may still work where they do not depend on SMS.
On supported Android versions, the App may request permission to show notifications (for example recurring reminders). Notification content is generated for you based on data already on the device.
If you enable biometric unlock for the App lock feature, Android’s biometric APIs verify you on the device. We do not receive your fingerprint or face data.
The App does not require you to create an account with us to use local features. Any “login” or onboarding flow inside the App is part of the on-device experience and does not, by itself, send your SMS to our servers.
The App may store, among other things:
SMS bodies are read from the system when needed for parsing; the App does not need to permanently store the entire raw SMS body for core journaling if derived fields are sufficient—see your installed version’s behavior in Settings and export samples.
We do not run a backend service shown in the App whose purpose is to upload your full SMS inbox to us.
You may explicitly:
In those cases, data is written to a location you choose or handled by another app you use. You are responsible for those destinations’ privacy and security.
The App may have Android backup / data extraction rules enabled or updated over time. Google, your device OEM, or your backup provider may participate in device backup or transfer according to their policies and your system settings. That is outside our direct control; review your device backup settings if this matters to you.
The App may request or use permissions including:
| Permission | Why |
|---|---|
| READ_SMS | Read M-Pesa-related SMS to build your on-device journal and analytics. |
| POST_NOTIFICATIONS | Show local notifications where required by the OS. |
Other capabilities (for example biometric unlock) may rely on system components and AndroidX libraries without additional sensitive permissions declared by us beyond what the OS merges from dependencies.
The App is distributed through Google Play and uses standard Android and Google/AndroidX libraries. Those providers process data under their policies (for example Play Console processing, crash reporting if you add it in a future version, etc.).
Analytics / advertising: The version this policy was written for is intended without embedded third-party advertising SDKs or cross-app tracking. If a future build adds analytics or crash reporting, we will update this policy and the Google Play Data safety section before release.
No method of storage or transport is 100% secure.
PesaTracker is not directed to children under 13 (or the minimum age required in your country). We do not knowingly collect personal information from children. If you believe a child has provided information through misuse of the App, contact fundevcrafts@gmail.com and we can help describe how to remove the App and local data from the device.
PesaTracker is built around Kenya M-Pesa SMS conventions. If you use the App outside Kenya or with non-standard carrier formats, parsing may be incomplete or inaccurate. Currency and formatting are shown for convenience and are not financial, tax, or legal advice.
We may update this policy when we change features, permissions, or legal requirements. The “Last updated” date at the top will change. For material changes, we will take reasonable steps to notify you inside the App or via the Play listing, as appropriate.
Continued use after the effective date means you accept the updated policy.
Google Play developer account: fundevcrafts
Email: fundevcrafts@gmail.com
Play Store listing (when published): https://play.google.com/store/apps/details?id=com.fundevcrafts.pesatracker
PesaTracker is a personal productivity tool. It is not a bank, not affiliated with Safaricom or M-Pesa, and does not guarantee accuracy of parsed amounts or eligibility for any regulatory regime. Use at your own risk alongside your official M-Pesa records.
Because PesaTracker is local-first, there is no account on our servers for us to erase on your behalf. You control data on your phone and any copies you saved elsewhere.
In the App: Open More → Delete your data for the same instructions summarized on your device.
If you emailed us a file and want us to discard it, or you need help with these steps, contact fundevcrafts@gmail.com.