What admins can see
User counts, device fleet health, signup trends, billing status, and anonymised sync volumes.
Our commitment
Transo helps businesses track mobile money and payment SMS from shop phones across the Horn of Africa. That data is sensitive — it reveals who paid you, how much, and when. We treat it accordingly.
Plain language promise: We sell software, not your data. We do not share individual wallet rows with advertisers, data brokers, or other Transo customers.
What we collect
| Data | Why | Stored where |
|---|---|---|
| Account email & phone | Sign-in, verification, support | Platform database |
| Parsed payment rows | Dashboard, reports, exports | Your private user database |
| Device pairing tokens | Secure phone-to-server sync | Hashed on platform; sync state in your user DB |
| Audit & security logs | Fraud prevention, compliance | Platform (no payment content) |
We do not store your SMS inbox in raw form on the server. The Android app parses payment messages on the device and sends structured fields (amount, direction, reference, counterparty) over TLS.
Data isolation architecture
Every Transo account receives its own SQLite database file on disk
(data/users/u<id>.db). Payment transactions live there — not in a shared
table that admins can query across customers.
What admins cannot see
Individual payment amounts, SMS text, counterparty names, or searchable transaction history.
SMS & paired devices
- On your phone — Transo reads wallet SMS locally to extract payment fields. You grant SMS permission explicitly in Android.
- During sync — Structured payment rows are sent to your account over HTTPS. Device tokens are stored hashed; raw tokens are never logged.
- Revoking a device — Removes that device’s transactions from your user database. The phone must pair again to sync.
Sessions & logout behaviour
When your last active web session ends (logout or cookie expiry), synced transactions are wiped from the server. This protects shared computers — a deliberate privacy feature, not a bug.
- Paired phones remain registered; they re-upload transactions on next connect.
- Session cookies are httpOnly, SameSite=Lax, and secure on HTTPS.
- Optional TOTP two-factor authentication is available for account owners.
API & developer access
If you create an API key at Developers, it accesses only your account — never another customer’s data. Keys can be revoked at any time. API usage is metered per plan.
Webhooks receive signed POST payloads for events like transaction.synced.
Verify signatures using the secret shown once at creation.
Security measures
Authentication
bcrypt password hashing, rate-limited login, CSRF protection on session APIs, optional 2FA.
Transport
TLS on transo.cloud. Security headers including CSP, HSTS, and frame denial.
Audit trail
Security-relevant actions logged without sensitive payment content in log lines.
Least privilege
Admin tools enforce role checks server-side. Transaction browsers are disabled for staff.
Retention & deletion
- Active accounts — Data retained while your subscription is active, subject to plan history limits.
- Logout wipe — Synced transactions cleared when the last web session ends (devices re-sync later).
- Account deletion — Contact us to permanently delete your account and user database file.
- Backups — Encrypted platform backups exclude per-user transaction content where configured for isolation.
Your rights
Depending on your jurisdiction, you may have the right to:
- Access a copy of your account data (export via dashboard or API).
- Correct inaccurate account information in Settings.
- Delete your account and associated user database.
- Object to processing or request restriction — contact us to discuss.
To exercise these rights, email [email protected] from your registered address.
Contact us
Transo · privacy requests & data questions
[email protected]