Privacy Policy
This Privacy Policy explains how MomoSense collects, uses, stores, shares, and protects personal data in connection with the MomoSense dashboard, companion Android application, billing workflows, and related support services for Ghana-based businesses.
1. Identity of the Data Controller
For the purposes of the Ghana Data Protection Act, 2012 (Act 843), the data controller for MomoSense is DzoTech Solutions, a company registered in Ghana, reachable at dzotechsolution@gmail.com and operating the service at dzotechmomosense.vercel.app.
Data Protection Commission registration reference: [INSERT DPC REGISTRATION NUMBER WHEN AVAILABLE].
2. Personal Data We Collect
We collect the following categories of personal and business data:
- identity and account data, including full name, email address, password hash managed by Supabase, and login activity;
- business profile data, including business name, industry, country, currency, timezone, phone number, and website;
- transaction-related data, including amounts, dates, networks, reference numbers, counterpart phone numbers, and parsed transaction labels;
- raw MoMo SMS message bodies from supported Ghanaian network senders, retained only for limited processing and troubleshooting purposes;
- device and companion app data, including Android device name, API key activity, and sync timestamps;
- billing data required to manage subscriptions and top-ups, with payment card details handled by Paystack rather than stored by MomoSense.
3. Why We Process Data and Our Lawful Basis
| Category | Data Used | Lawful Basis Under Act 843 |
|---|---|---|
| Service delivery | Account details, device keys, transaction data, raw SMS bodies | Necessary to perform our contract with you and provide the service you requested |
| Security and fraud prevention | Login data, device activity, audit events, account metadata | Legitimate interests in securing the platform and preventing misuse |
| Billing and renewals | Subscription tier, payment status, Paystack references | Necessary for contract performance and compliance with financial record obligations |
| Support and troubleshooting | Support messages, error logs, limited recent raw SMS records | Legitimate interests in support, continuity, and service improvement |
| Compliance and legal response | Relevant account, billing, and audit records | Compliance with legal obligations under applicable Ghanaian law |
4. How We Use Personal Data
- to create and manage user accounts and business workspaces;
- to receive, parse, classify, and display Mobile Money transaction activity;
- to power dashboards, reporting views, transaction history, and business analytics;
- to authenticate users, maintain session security, and enforce per-business access controls;
- to process subscriptions, renewals, plan changes, and transaction credit purchases;
- to communicate account notices, service updates, payment status messages, and support responses;
- to investigate abuse, enforce terms, and comply with legal obligations.
5. Third-Party Service Providers and Data Sharing
We share data only as needed to operate MomoSense:
- Supabase receives account, business, transaction, and authentication data to provide hosted database and authentication infrastructure. Data may be stored in the EU or US.
- Anthropic receives relevant SMS text content and limited parsing context so Claude Haiku can extract transaction details from supported MoMo messages.
- Paystack receives payer identity, billing references, plan information, and payment metadata necessary to process subscription charges and top-ups in Ghana cedis.
- Vercel receives application hosting, request, and deployment telemetry required to serve the dashboard and maintain uptime.
We do not sell personal data. We may also disclose data where required by law, court order, lawful regulatory demand, or to protect rights, safety, or platform integrity.
6. International Processing and Storage
Because MomoSense uses global cloud infrastructure, your information may be processed or stored outside Ghana, including in the European Union and the United States. Where transfers occur, we take reasonable contractual and technical steps to ensure appropriate protection consistent with Act 843.
7. Retention Periods
- Transaction records and parsed analytics are retained for up to 24 months after creation unless longer retention is required by law or a shorter period is requested and legally permissible.
- Raw SMS message bodies are retained for up to 7 days after processing for error review, replay protection, and support diagnostics, after which they are deleted or irreversibly purged.
- Account, billing, and audit records may be retained for as long as the account remains active and for a reasonable post-closure period needed for legal, tax, fraud, or dispute purposes.
- Where data is no longer required, we delete or anonymise it using reasonable technical processes.
8. Security Measures
- HTTPS is used to protect data in transit between devices, browsers, and backend services.
- Hosted infrastructure uses encryption at rest where supported by our cloud providers.
- Row-level security and per-business access scoping are used to prevent cross-tenant access.
- Authentication and password hashing are managed through Supabase.
- Access to production systems is restricted to authorised personnel with operational need.
No internet-based system is completely risk-free, and we cannot guarantee absolute security. Users also remain responsible for device hygiene, password secrecy, and control of connected Android phones.
9. Your Rights Under Act 843
Subject to applicable law and identity verification, you may request:
- access to the personal data we hold about you;
- correction of inaccurate or incomplete data;
- deletion of data where retention is no longer necessary or required by law;
- portability of data you provided to us in a structured format where reasonably available;
- withdrawal of consent where our processing relies on consent.
To exercise these rights, email dzotechsolution@gmail.com. We may ask for reasonable proof of identity before acting on a request.
10. Cookies and Similar Technologies
MomoSense uses only essential session and security-related browser storage or cookies needed to authenticate users, maintain sessions, and deliver the dashboard. We do not use advertising cookies or third-party behavioural tracking cookies for cross-site profiling.
11. Children's Data
MomoSense is not intended for persons under 18 years of age. We do not knowingly collect or process children's personal data for ordinary use of the service. If you believe a minor has provided data to us, contact dzotechsolution@gmail.com so we can investigate and take appropriate action.
12. Complaints and Regulatory Contact
If you have a privacy concern, please contact us first at dzotechsolution@gmail.com so we can try to resolve it. You may also lodge a complaint with the Data Protection Commission of Ghana.
13. Updates to This Policy
We may revise this Privacy Policy from time to time to reflect legal, technical, or business changes. The latest version will be posted on our website with an updated effective date.