PesaSense requests permission to read SMS messages on your device. The App reads only SMS messages sent by Safaricom M-Pesa (identified by the sender ID "MPESA"). These messages contain:
You may assign categories to transactions and add personal notes. This data is stored locally on your device.
If you enable the biometric app lock feature, the App uses your device's biometric authentication system (fingerprint or face unlock). The App does not access, store, or transmit your biometric data. Authentication is handled entirely by your device's operating system.
The App does not collect analytics, crash reports, or usage telemetry by default. No IP addresses, device identifiers, or behavioral data are transmitted to us during normal use.
If you choose to enable Community Learning in Settings, the App may upload anonymised categorisation patterns — such as which merchant names are associated with which spending categories — to improve category suggestions for all users.
Before any upload:
You can disable Community Learning at any time in Settings → Community Learning. Disabling it stops all future uploads immediately.
The App periodically fetches updated categorisation rules from our servers to improve automatic transaction categorisation. This is a one-way download — no personal or transaction data is sent to the server. The request includes only a version identifier to check whether updated rules are available.
If you enable cloud backup, an encrypted copy of your transaction data is stored in your personal Google Drive account. This data is:
| Permission | Why It Is Needed |
|---|---|
| RECEIVE_SMS | Intercept M-Pesa SMS messages in real time as they arrive |
| READ_SMS | Import historical M-Pesa messages on request |
| USE_BIOMETRIC | Optional app lock via fingerprint or face unlock |
| INTERNET | Optional: fetch remote categorisation rules; optional community learning upload; optional cloud backup |
| READ_PHONE_STATE | Detect SIM slot for dual-SIM devices to attribute transactions to the correct M-Pesa account |
| POST_NOTIFICATIONS | Display transaction summaries and spending alerts (Android 13+) |
The App requests only the permissions it needs. You may deny optional permissions and core functionality will continue to work.
Transaction Data processed by PesaSense is used solely to:
All Transaction Data is stored in a local database on your device (Room/SQLite). The App additionally supports:
We recommend keeping your device's screen lock enabled and your Android OS up to date.
Your data remains on your device until you delete it. You can delete your data at any time:
If you uninstall the App, all locally stored data is removed by Android automatically. If you enabled cloud backup, delete the backup file separately from your Google Drive.
We comply with the Kenya Data Protection Act, 2019:
The App is not directed at children under 13. We do not knowingly collect data from children. M-Pesa accounts require a minimum age of 18 under Safaricom's terms of service.
We will update this policy when the App's data practices change. Changes will be announced via the What's New screen within the App. The "Last updated" date at the top of this policy reflects the most recent revision.
Questions about this Privacy Policy: