This document (1) explains to users why the app requests each permission, and (2) provides the content needed to complete the Google Play Data Safety form and the Apple App Privacy labels.
1. Permissions the app requests
| Permission | Required? | Why it's needed | When requested |
|---|---|---|---|
| Notifications | Recommended | Due/overdue reminders, payment confirmations, messages | First launch / when enabled |
| Camera | Optional | Capture photos of IDs, assets, contract documents | When taking a photo |
| Photo Library | Optional | Attach photos to contracts/customers | When attaching photos |
| Microphone | Optional | Record voice messages in Conversations | When recording |
| Contacts | Optional | Look up / quickly fill customer contact info | When using contact features |
| Location | Optional | Show location-related information (if used) | When using location features |
You may deny or revoke permissions at any time in your OS settings; the corresponding features will be unavailable.
2. Information shown when requesting permissions
When the app requests permissions on your mobile device, you will see a clear notification explaining the corresponding purpose of use:
- Camera (Take photos): "Vinacash needs to use your camera to take photos of citizen identity cards, collateral assets, or payment receipts directly on the app."
- Photo Library (Select saved photos): "Vinacash needs to access your photo library so you can select and upload saved photos of documents or assets to the contract system."
- Microphone (Voice record): "Vinacash needs access to your microphone so you can record voice messages and chat with customers in the conversation tab."
- Contacts (Lookup info): "Vinacash needs access to your contacts so you can search and quickly fill in customer contact details when creating a contract."
- Location (Display info): "Vinacash uses your location information to support displaying accurate transaction details based on your region."
- Biometric Security (Face ID / Fingerprint): "Vinacash uses Face ID or fingerprint authentication on your device to help you sign in quickly and securely."
3. Data Safety form (Google Play)
How to fill: for each data type, mark Collected, Shared, purpose, and Required/Optional. "Shared" follows Google's definition (transfer to a third party).
| Data type | Collected | Shared | Purpose | Notes |
|---|---|---|---|---|
| Name | Yes | No | App functionality, account management | Users & borrowers |
| Yes | No | Account management, contact | ||
| Phone number | Yes | No | App functionality, contact, account | |
| Address | Yes | No | App functionality | Borrowers |
| Government ID (National/Citizen ID) | Yes | No | Lending operations | Sensitive — entered by Shop Owner |
| Financial info (contracts, interest, debt) | Yes | No | App functionality | |
| User-generated photos / files | Yes | No | App functionality | ID/asset/document photos |
| In-app messages | Yes | No | Conversations feature | Text/image/audio |
| Contacts | Yes | No | Customer contact lookup | Only with permission |
| Location (approximate/precise) | Optional | No | Location-related features | Only when used |
| Device identifiers / push token | Yes | Yes | Deliver notifications (Firebase) | Shared with Google/Firebase |
| Crash logs & diagnostics | Yes | Yes | Stability, debugging | May use analytics tools |
Security practices: encrypted in transit (HTTPS); users can request data deletion (Account Deletion). We do not sell data.
4. App Privacy labels (Apple App Privacy)
Declare in App Store Connect. Suggested categorisation:
- Data Linked to You: Contact info (name, email, phone, address), Identifiers, Financial/business info, User content (photos, messages), Contacts, Location (if used).
- Data Used to Track You: None.
- Data Not Linked to You: Diagnostics/crash data.
- Primary purpose: App Functionality; some Analytics for diagnostics.
Biometric login (Face ID/Touch ID) does not collect biometric data — authentication is handled by the OS and need not be declared as collected data.
5. Third-party services (SDKs) in use
| Service | Purpose | Related data |
|---|---|---|
| Google Firebase (Cloud Messaging) | Push notifications | Push token, identifiers |
| Firebase/analytics or crash tooling (if enabled) | Stability, debugging | Logs, device identifiers |
| SMS gateway | Send customer reminders | Phone number, message content |
| Apple App Store / Google Play | Distribution & in-app purchases | Purchase status |
| Server/hosting infrastructure | Store & sync data | All business data |
Keep this table up to date when adding/removing SDKs; it must match both store declarations and the Privacy Policy §4.