Privacy Policy

Welcome to Finjira!

At Finjira, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile expense tracking application.

1. INFORMATION WE COLLECT

1.1 Account Information

When you create an account with Finjira, we collect:

• Email Address: Used for account creation, login, and important notifications
• Password: Securely encrypted and stored; we never see or store your plain-text password
• Profile Information: Optional display name and profile settings

1.2 MPESA Transaction Data

With your explicit permission, Finjira reads SMS messages sent by MPESA to extract:

• Transaction Type: Send Money, Receive Money, Till Payment, PayBill, Pochi la Biashara, Airtime Purchase
• Transaction Amount: How much money was sent or received
• Transaction Party: Name of the person or business you transacted with
• Transaction Code: Unique MPESA transaction reference number
• Date and Time: When the transaction occurred
• Account Balance: Your MPESA balance after the transaction (if included in the SMS)

1.3 Usage Information

We collect information about how you use the App:

• Categories Created: How you organize your expenses (e.g., "Transport", "Food", "Rent")
• Transaction Categorization: Which transactions you assign to which categories and GPS Location (if enabled)
• App Interactions: Which features you use most frequently
• Device Information: Device model, operating system version, app version

1.4 What We DON'T Collect

To be clear, Finjira does NOT collect:

• Your MPESA PIN or password
• SMS messages from senders other than "MPESA"
• Your contacts or phone numbers from your address book
• Information about other apps on your device

2. HOW WE USE YOUR INFORMATION

2.1 Primary Purpose: Expense Tracking

We use your information to:

• Parse MPESA SMS messages and extract transaction details
• Display your transactions in an organized, easy-to-understand format
• Allow you to categorize and track your spending patterns
• Generate spending reports and visualizations (charts, summaries)
• Provide notifications about new MPESA transactions
• Synchronize your data across your devices (if you use multiple devices)

2.2 Account Management

We use your email address to:

• Verify your identity when you log in
• Send password reset emails if you forget your password
• Notify you of important account changes or security alerts
• Communicate service updates or new features (you can opt-out of promotional emails)

2.3 App Improvement

We use aggregated, anonymized usage data to:

• Understand which features are most useful to users
• Identify and fix bugs or technical issues
• Improve the accuracy of MPESA transaction parsing
• Develop new features that users will find valuable

2.4 Security and Fraud Prevention

We monitor for unusual activity to:

• Detect and prevent unauthorized access to accounts
• Protect against fraudulent use of the App
• Ensure compliance with our Terms of Service

3. HOW WE SHARE YOUR INFORMATION

3.1 With Service Providers

We share limited information with trusted third-party service providers who help us operate the App:

• Cloud Hosting: Supabase for secure data storage and user authentication
• Analytics: Anonymized usage data to understand app performance (no personally identifiable information)

All service providers are contractually obligated to protect your data and use it only for the specific services they provide to us.

3.2 Legal Requirements

We may disclose your information if required by law or in response to:

• Valid legal process (court order, subpoena, warrant)
• Requests from government authorities or law enforcement
• Protection of our legal rights or the safety of users
• Compliance with Kenyan data protection and privacy laws

3.3 Business Transfers

If Finjira is involved in a merger, acquisition, or sale of assets, your information may be transferred to the new owner, subject to the same privacy commitments outlined in this policy.

3.4 With Your Consent

We will share your information with other parties only if you explicitly consent to such sharing.

4. DATA STORAGE AND LOCATION

4.1 Where Your Data is Stored

Your data is stored securely using Supabase's cloud infrastructure. While we strive to use data centers closest to Kenya for faster performance, your data may be stored on servers located outside Kenya.

4.2 Local Device Storage

Some data is also stored locally on your device to enable offline functionality:

• Recent transaction history
• Category information
• App preferences and settings

This local data is encrypted and accessible only by the Finjira app.

5. DATA SECURITY

5.1 How We Protect Your Information

We implement industry-standard security measures:

Technical Safeguards:

• End-to-end encryption for data transmission
• Encrypted storage of sensitive data
• Secure password hashing (bcrypt with salt)
• HTTPS/SSL for all communications
• Regular security audits and vulnerability assessments
• Firewalls and intrusion detection systems
• Secure API authentication tokens

Organizational Safeguards:

• Limited employee access to personal data (need-to-know basis)
• Regular security training for staff
• Incident response procedures
• Data protection impact assessments

5.2 Your Role in Security

5.3 Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of becoming aware of the breach
• Report the breach to the Office of the Data Protection Commissioner
• Provide details about the nature of the breach
• Advise on steps you can take to protect yourself
• Take immediate action to contain and remediate the breach

6. YOUR RIGHTS UNDER KENYAN LAW

Under the Kenya Data Protection Act, 2019, you have the following rights:

6.1 Right to Access

You have the right to know what personal data we hold about you and obtain a copy.

How to Exercise: Contact privacy@finjira.com or use the "Download My Data" feature in the App.

6.2 Right to Rectification

You have the right to correct inaccurate personal data and update incomplete information.

How to Exercise: Update your information directly in the App settings or contact support@finjira.com.

6.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw consent
• You object to processing and there are no overriding legitimate grounds
• The data was unlawfully processed

How to Exercise: Use the "Delete Account" feature in the App or contact privacy@finjira.com.

6.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another service provider.

How to Exercise: Use the "Export Data" feature in the App or contact privacy@finjira.com.

6.5 Right to Object

You have the right to object to processing based on legitimate interests or for direct marketing purposes.

How to Exercise: Contact privacy@finjira.com.

6.6 Right to Withdraw Consent

Where processing is based on consent (e.g., reading SMS messages), you have the right to withdraw consent at any time.

How to Exercise: Revoke SMS reading permissions through device settings or in the App.

6.7 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you can lodge a complaint with:

Office of the Data Protection Commissioner
Nairobi, Kenya
Website: www.odpc.go.ke
Email: info@odpc.go.ke
Phone: +254 (0) 20 2024743

7. DATA RETENTION

7.1 How Long We Keep Your Information

Active Account Data: We retain your data for as long as your account remains active.

Deleted Account Data: When you delete your account, we will delete or anonymize your personal information within 30 days.

Backup Data: Deleted data may persist in backup systems for up to 90 days before being permanently removed.

Legal Retention: We may retain certain information longer if required by Kenyan law.

8. CHILDREN'S PRIVACY

8.1 Age Restriction

Finjira is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

8.2 Parental Consent

If you are under 18, you may only use the App with the involvement and consent of a parent or legal guardian.

8.3 If We Learn We Have Collected Children's Data

If we become aware that we have collected personal information from a child under 18 without parental consent, we will delete the information as soon as reasonably possible.

9. INTERNATIONAL DATA TRANSFERS

9.1 Data Storage Location

Your information may be transferred to, stored, and processed in servers located outside Kenya, including cloud infrastructure providers' data centers.

9.2 Safeguards for International Transfers

When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard contractual clauses approved by data protection authorities
• Service providers with adequate data protection certifications
• Encryption of data in transit and at rest
• Compliance with both Kenyan and destination country laws

10. UPDATES TO THIS PRIVACY POLICY

10.1 Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, new features, or legal requirements.

10.2 Notification

When we make material changes, we will:

• Update the "Last Updated" date
• Notify you through the App
• Send an email to your registered email address
• Request your consent if required by law

11. CONTACT US

11.1 Questions and Concerns

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

General Inquiries:
Email: hello@finjira.com
Support: support@finjira.com

Data Protection Officer:
Email: privacy@finjira.com

Mailing Address:
Finjira
Nairobi, Kenya

11.2 Response Time

We will acknowledge receipt of your inquiry within 48 hours and provide a substantive response within 30 days.

12. COMPLIANCE WITH KENYA DATA PROTECTION ACT, 2019

13. SUMMARY OF KEY POINTS

14. ACKNOWLEDGMENT AND CONSENT

Version 1.0
Effective Date: February 2, 2026
© 2026 Finjira. All rights reserved.