Privacy Policy

When you use Realm Money, we collect the following types of information:

• Account Information: Your name, email address, and profile picture obtained from your Google account when you sign in with Google.
• Financial Data: Savings goal names, target amounts, balances, deposit and withdrawal transactions. This data is stored securely in our Firebase database.
• Device Information: Device type, operating system version, and app version for diagnostic and support purposes.
• SMS Data (Optional): If you grant SMS permission, the app reads incoming SMS messages to detect M-PESA transaction notifications. These messages are processed locally on your device and are not transmitted to our servers.
• Usage Analytics: Anonymized usage data via Firebase Analytics to help us improve the app experience.
• Crash Reports: Anonymized crash logs via Firebase Crashlytics to identify and fix bugs.

We use the information we collect to:

• Create and manage your Realm Money account
• Process deposits and withdrawals through SasaPay and M-PESA
• Display your savings goals, balances, and transaction history
• Send you important account notifications (goal milestones, transaction confirmations)
• Detect and prevent fraud or unauthorized access
• Improve app performance and fix bugs using crash and usage data
• Comply with legal obligations under Kenyan law

We do not use your data for advertising purposes, nor do we sell or rent your personal information to third parties.

Your data is stored in Google Firebase (Firestore), a cloud database service with enterprise-grade security. We implement the following security measures:

• PIN Encryption: Your 4-digit security PIN is hashed using SHA-256 and is never stored in plain text.
• Authentication: Access to your account is secured via Google OAuth 2.0.
• Firebase Security Rules: Database access rules ensure users can only access their own data.
• Encrypted Transit: All data transmitted between the app and our servers uses HTTPS/TLS encryption.
• Payment Security: Payment processing is handled by SasaPay, a licensed payment service provider in Kenya. We do not store your M-PESA PIN or payment credentials.

We share your information only in the following limited circumstances:

• Payment Processors: SasaPay and Safaricom (M-PESA) receive necessary transaction details to process your deposits and withdrawals.
• Google Services: Firebase (Google) stores your data and provides authentication, analytics, and crash reporting services.
• Group Goal Members: If you create or join a group savings goal, other members of that goal can see your display name and contribution amounts.
• Legal Requirements: We may disclose information if required to do so by law or a valid legal process in Kenya.

We do not share your personal data with advertisers, data brokers, or any other third parties.

Realm Money optionally requests permission to read SMS messages. This permission is used exclusively to:

• Detect incoming M-PESA payment notifications from Safaricom
• Prompt you to save a portion of funds you've just received

Important: SMS content is processed entirely on your device and is never uploaded to our servers or shared with any third party. Only M-PESA transaction messages trigger the save prompt — personal SMS messages are ignored entirely.

You can revoke SMS permission at any time in your Android device settings under Apps > Realm Money > Permissions. The app will continue to function normally without this permission.

We retain your personal data for as long as your account is active. If you delete your account:

• Your profile data is deleted within 30 days
• Transaction records may be retained for up to 7 years as required by Kenyan financial regulations
• Anonymized, non-identifiable analytics data may be retained indefinitely

To request deletion of your account and data, please contact us at privacy@realmoney.app.

Realm Money is not intended for use by persons under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately and we will delete such information.

You have the right to:

• Access: Request a copy of the personal data we hold about you
• Correction: Request that we correct inaccurate or incomplete data
• Deletion: Request deletion of your account and personal data
• Portability: Request your data in a portable format
• Objection: Object to certain types of data processing

To exercise any of these rights, contact us at privacy@realmoney.app.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app or by email at least 14 days before the changes take effect. Your continued use of Realm Money after that date constitutes acceptance of the updated policy.