Skip to main content
Legal

Privacy Policy

How we collect, use, and protect your information

📅 Last updated: March 16, 2026 📦 App: Pesa Notes v1.0.3 🌍 Applies globally
🔒
Your data stays yours

All your business records are stored locally on your device. Cloud backup is optional and fully encrypted. We do not sell or share your personal information with third parties for marketing.

1

Our Commitment to Your Privacy

Pesa Notes is a cash-first business ledger for small businesses worldwide. This Privacy Policy explains what we collect, why we collect it, and the choices you have.

If you have questions not answered here, contact us anytime.

Core principle: We collect only what is necessary to provide the service. Your financial records, transactions, and customer data remain on your device by default.

2

Information We Collect

Information You Provide

  • Account details: Name, email address, phone number, and business name when you register
  • Business data: Cash flow records, sales, expenses, credit transactions, customer names, and branch information — all entered by you
  • Profile information: Optional profile photo for your account
  • Authentication: Your PIN code, stored as an encrypted hash on your device only — we never see it

Automatically Collected

  • Device information: Device model, OS version, and identifiers used by Firebase or Play services for sign-in and diagnostics — not your transaction amounts or customer names
  • Crash reports: Anonymous error logs (e.g. via Crashlytics) to help us fix bugs — these do not include your ledger data

What We Do NOT Collect

  • Your location or GPS data
  • Your contacts or call history
  • Browsing history or data from other apps
  • Biometric data (processed on-device by the OS only)
3

How We Use Your Information

  • To create and manage your account and business profile
  • To authenticate your identity and secure your account across devices
  • To upload or restore encrypted backups when you use Google Drive backup (Pro)
  • To process your subscription through Google Play Billing
  • To send critical service notifications (e.g., security alerts, subscription status)
  • To troubleshoot issues and improve app performance using anonymous crash data
  • To provide customer support when you contact us

We never use your data for advertising, profiling, or selling to third parties.

4

Third-Party Services

Pesa Notes may use these third-party services. Each is listed with why it is used:

🔐

Firebase Authentication

Secure sign-in and account management. Stores hashed credentials only. No business data is shared.

🔑

Google Sign-In

Optional quick login with your Google account. We only receive your name and email from Google.

☁️

Google Drive API

Optional Pro feature: encrypted backup files to your own Google Drive. Restore on a new device from your backup — we cannot read your Drive files.

💳

Google Play Billing

Processes Pro subscription purchases. We never store your payment card details — all handled by Google.

📱

SQLite (On-Device)

Business data is stored locally in a database on your device. Day-to-day use does not require our servers to hold your ledger.

📊

Firebase Crashlytics & Analytics

Optional diagnostics and product analytics to improve stability. Configure collection according to your device and Play settings.

These services operate under their own privacy policies:

5

App Permissions

Pesa Notes requests only the permissions necessary to deliver its features. Here's exactly why each permission is needed:

CAMERA Optional

Used when you choose to take a profile or business logo photo. Camera is only used when you pick the camera option. Core features work without it.

INTERNET

Required for sign-in, optional Google Drive backup, Play Billing, and crash/analytics when enabled. Core recording works offline.

PHOTOS / STORAGE Optional

Used to pick gallery images for profile or logo, and when saving exports the app requests. Only when you start those actions.

BIOMETRIC Optional

Enables fingerprint or face unlock for the app. Biometric data is processed entirely by your device — Pesa Notes never stores it.

NETWORK_STATE

Lets the app know if you are online (e.g. before backup or sign-in), without accessing your business records.

6

Data Storage & Security

On Your Device

  • All business data is stored in an encrypted SQLite database
  • PIN codes are hashed using bcrypt — never stored in plain text
  • The app supports Android's device-level encryption
  • Automatic session timeout locks the app after inactivity

Cloud Backup (Optional)

  • Data is encrypted client-side before leaving your device
  • Backup files are stored in your own Google Drive account
  • We cannot read, access, or modify your backup files
  • You can delete your backups from Google Drive at any time

Data In Transit

  • All network communication uses HTTPS with TLS 1.2+
  • Google services (e.g. Firebase and Google Drive) use encrypted connections when you sign in or use backup
7

Data Sharing & Disclosure

We do not sell, rent, or share your personal data with any third party for commercial purposes — ever.

We may disclose your information only in these limited circumstances:

  • With your explicit consent: When you share data (e.g., exporting a report)
  • Service providers: Firebase and Google, only as needed to operate the app, under strict data processing agreements
  • Legal requirements: If compelled by a valid court order or law enforcement request under applicable law
  • Business continuity: In an acquisition or merger, with prior notification to you
8

Your Rights & Controls

Access & Portability

  • View all your data within the app at any time
  • Export your full transaction history as PDF or share reports
  • Download your cloud backup from Google Drive

Correction & Deletion

  • Edit or correct any business record, transaction, or account detail
  • Delete individual transactions, customers, or records
  • Delete your entire account and all data via Settings → Account → Delete Account

Opt-Out Controls

  • Disable cloud backup at any time in Settings → Cloud Backup
  • Revoke camera, storage, or biometric permissions via Android Settings
  • Cancel your subscription anytime through Google Play
  • Stay on the Free plan or disable cloud backup to keep data only on-device (aside from account sign-in you choose)
9

Data Retention

  • Active accounts: Data is kept while your account is active
  • Deleted accounts: Server-side data is permanently purged within 30 days
  • Local device data: Removed immediately when you uninstall the app or delete your account
  • Cloud backups: Remain in your Google Drive until you manually delete them
  • Crash logs: Anonymous logs are retained for 90 days then automatically deleted
10

Children's Privacy

Pesa Notes is a business management tool intended for adults aged 18 and over. We do not knowingly collect data from anyone under 13 years of age. If you believe a child has created an account, please contact us immediately and we will delete the account and all associated data.

11

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, new features, or legal requirements. When we make significant changes, we will:

  • Display a notice in the app prompting you to review the update
  • Update the "Last Updated" date at the top of this page
  • Send an email notification for material changes affecting your rights

Continued use of Pesa Notes after a policy update constitutes acceptance of the revised policy.

Questions or Concerns?

We're committed to answering any privacy questions within 48 hours. Reach us directly:

✉ support@pesanotes.com