Privacy Policy for M-Ficha

Last updated: 3rd March 2026

Disclosure

M-Ficha requires access to your SMS messages (READ_SMS, RECEIVE_SMS, SEND_SMS, WRITE_SMS, RECEIVE_MMS) to function as your default messaging application. This access is used exclusively to display your messages, facilitate communication, perform local-only masking of financial balances for your privacy and automate contribution tracking for Mchango feature. We do not collect, transmit, or share your SMS data with any external servers.

Overview
Brimukon Labs (“Brimukon”, “we”, “our”, or “us”) is committed to protecting your privacy. This policy covers M-Ficha, a mobile messaging application designed for privacy-conscious users in Kenya. M-Ficha is an offline-first application.

1. Compliance with Kenyan Law

We comply with the Kenya Data Protection Act, 2019. As M-Ficha processes data locally on your device, we ensure the highest standard of data minimization and purpose limitation.

2. Information We Access & Use

a. Sensitive Permissions
M-Ficha requests Default SMS Handler status. This allows the app to:

Read and Display SMS: To show your inbox and conversation history.
Receive/Send SMS: To manage your daily communication.
Local Financial features: Our "Privacy Shield" and "Mchango" feature identifie M-Pesa or other financial transactions and processes them locally to provide privacy and contribution tracking.
Contacts and Phone State: M-Ficha accesses your contacts to map phone numbers to names and your Phone State to manage Dual-SIM messaging. This data stays on your device.

b. Push Notifications
We use push notifications to show new messages that you receive

c. Purchase Information
For "Ad-Free" premium upgrades, we use Google Play Billing. When you make a purchase, we collect information regarding the transaction status (e.g., success/failure) provided by Google. We do not have access to your full payment card details or M-Pesa credentials; these are processed securely by Google Play.

d. Children's Privacy
This app is not meant for children under the age of 16. We do not knowingly collect information about children

3. Advertising

M-Ficha uses Google AdMob for ad serving to keep the core service free. Google may use device identifiers to serve personalized ads based on your interests. Note that Google Ads does not have access to your SMS content or your masked financial data. You can opt out of personalized advertising in your Android Device Settings or upgrade to the Premium version of M-Ficha for an ad-free experience.

4. Data Retention & Deletion

Since M-Ficha stores your messages and other data in the system's local database, your data is deleted if you delete the message or the system-level SMS storage is cleared. We do not maintain any cloud backups of your messages.

Right to Withdraw Consent: "Users can revoke SMS permissions at any time through their device settings, which will immediately cease the SMS managements and automated contribution tracking feature."

We have no way to recover your data once it is deleted from your device.

5. Google Play Compliance

M-Ficha adheres to the Google Play User Data Policy regarding:

No Sale of Data: We never sell personal or sensitive information.
Data Safety: Our Data Safety section correctly reflects that no user data is collected or shared.
Limited Use: Permission usage is limited strictly to the messaging features you see in the app.

6. Third-Party Services

We use Google Play Billing for transactions. Their usage of your data is governed by theGoogle Payments Privacy Notice.

7. Contact Us

For any privacy inquiries regarding M-Ficha, contact our Data Protection Officer at:

[email protected]