Privacy Policy

Koor — Personal Budget Tracker

Last updated: 02 May 2026

1. Introduction

Koor (published by Ganacsi Hub) is a mobile app that helps you track your daily expenses, income, and monthly budget. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your information.

Core promise: Your financial transaction data from SMS messages is NOT stored on our servers. It stays only on your device.

2. Data We Collect

2.1 Data You Provide

Name — when you register.
Phone number — for OTP verification (Firebase Phone Auth).
PIN — 4-digit code, stored as a bcrypt hash. We never see your actual PIN.

2.2 Data Collected Automatically

SMS messages from financial providers (EVC Plus from sender 192, eDahab, Zaad) — only used to calculate your transactions on-device.
Device info — phone model, Android version (used only for debugging).

2.3 Data We Do NOT Collect

We do not read personal SMS from your contacts.
We do not collect GPS or precise location.
We do not access your contacts, photos, or other files.

3. SMS Reading — Detailed Explanation

Koor requests RECEIVE_SMS and READ_SMS permissions to automatically read financial messages you receive (e.g., EVC Plus from sender 192).

How it works:

The app ONLY reads messages with a financial structure (income, expense, balance).
Personal messages from family/friends are NOT read, NOT stored, and NOT sent to any server.
Parsed transactions are stored ONLY on your device (Hive local DB).

You can revoke SMS permission at any time via Android Settings → Apps → Koor → Permissions.

4. How We Use Your Data

Your data is used only for:

Verifying your account (OTP and PIN).
Showing your money dashboard (balance, income, expenses).
Creating budgets and 80% / 100% category alerts.
Bill reminders and loud alarm notifications.
Generating monthly PDF reports (only on your device).
Updating the Android home widget.

We never sell your data and we do not share it with advertisers.

5. Storage and Security

5.1 Where Data Is Stored

On your device (most data): Transactions, budgets, bills, achievements — Hive encrypted local DB.
On our server (xisaabiye.ganacsihub.com): Name, phone number, PIN hash (bcrypt). The server is Laravel + MySQL over HTTPS/TLS.

5.2 Security Measures

PIN is hashed with bcrypt. Even our team cannot see your actual PIN.
All API connections use HTTPS (TLS 1.2+).
API authentication uses Laravel Sanctum bearer tokens.
Firebase Phone Auth is used for OTP — SMS messages do not pass through our servers.

6. Sharing With Third Parties

We do not share your data with anyone, except for these necessary services:

Firebase (Google): OTP/Phone Auth only — phone number.
Hosting service: The xisaabiye.ganacsihub.com server is on secure hosting.

Read Firebase's privacy policy: firebase.google.com/support/privacy

7. Your Rights

You have the right to:

Access the data we have about you — request via email.
Correct incorrect data — name/phone.
Delete your account entirely — Profile → Logout → "Delete account" or via email.
Revoke SMS permission at any time — Android Settings.
Export your data as a PDF report — Profile → Export.

When you delete your account, all your server data (name, phone, PIN hash) is removed within 30 days. Data on your device is destroyed as soon as you uninstall the app.

8. Children

Koor is not intended for users under 13 years of age. We do not knowingly collect data from children. If you are a parent and you become aware that your child uses the app, please contact us so we can delete their data.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make a major change, we will notify you within the app or via email. The last update date is shown at the top.

10. Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

Email: koorapp252@gmail.com
Website: xisaabiye.ganacsihub.com

Home | Delete Account | Support