Legal & Policy

Permissions & Data Safety

Last updated: 2026-06-14

Legal Documents

This document (1) explains to users why the app requests each permission, and (2) provides the content needed to complete the Google Play Data Safety form and the Apple App Privacy labels.

1. Permissions the app requests

PermissionRequired?Why it's neededWhen requested
NotificationsRecommendedDue/overdue reminders, payment confirmations, messagesFirst launch / when enabled
CameraOptionalCapture photos of IDs, assets, contract documentsWhen taking a photo
Photo LibraryOptionalAttach photos to contracts/customersWhen attaching photos
MicrophoneOptionalRecord voice messages in ConversationsWhen recording
ContactsOptionalLook up / quickly fill customer contact infoWhen using contact features
LocationOptionalShow location-related information (if used)When using location features

You may deny or revoke permissions at any time in your OS settings; the corresponding features will be unavailable.

2. Information shown when requesting permissions

When the app requests permissions on your mobile device, you will see a clear notification explaining the corresponding purpose of use:

  • Camera (Take photos): "Vinacash needs to use your camera to take photos of citizen identity cards, collateral assets, or payment receipts directly on the app."
  • Photo Library (Select saved photos): "Vinacash needs to access your photo library so you can select and upload saved photos of documents or assets to the contract system."
  • Microphone (Voice record): "Vinacash needs access to your microphone so you can record voice messages and chat with customers in the conversation tab."
  • Contacts (Lookup info): "Vinacash needs access to your contacts so you can search and quickly fill in customer contact details when creating a contract."
  • Location (Display info): "Vinacash uses your location information to support displaying accurate transaction details based on your region."
  • Biometric Security (Face ID / Fingerprint): "Vinacash uses Face ID or fingerprint authentication on your device to help you sign in quickly and securely."

3. Data Safety form (Google Play)

How to fill: for each data type, mark Collected, Shared, purpose, and Required/Optional. "Shared" follows Google's definition (transfer to a third party).

Data typeCollectedSharedPurposeNotes
NameYesNoApp functionality, account managementUsers & borrowers
EmailYesNoAccount management, contact
Phone numberYesNoApp functionality, contact, account
AddressYesNoApp functionalityBorrowers
Government ID (National/Citizen ID)YesNoLending operationsSensitive — entered by Shop Owner
Financial info (contracts, interest, debt)YesNoApp functionality
User-generated photos / filesYesNoApp functionalityID/asset/document photos
In-app messagesYesNoConversations featureText/image/audio
ContactsYesNoCustomer contact lookupOnly with permission
Location (approximate/precise)OptionalNoLocation-related featuresOnly when used
Device identifiers / push tokenYesYesDeliver notifications (Firebase)Shared with Google/Firebase
Crash logs & diagnosticsYesYesStability, debuggingMay use analytics tools

Security practices: encrypted in transit (HTTPS); users can request data deletion (Account Deletion). We do not sell data.

4. App Privacy labels (Apple App Privacy)

Declare in App Store Connect. Suggested categorisation:

  • Data Linked to You: Contact info (name, email, phone, address), Identifiers, Financial/business info, User content (photos, messages), Contacts, Location (if used).
  • Data Used to Track You: None.
  • Data Not Linked to You: Diagnostics/crash data.
  • Primary purpose: App Functionality; some Analytics for diagnostics.

Biometric login (Face ID/Touch ID) does not collect biometric data — authentication is handled by the OS and need not be declared as collected data.

5. Third-party services (SDKs) in use

ServicePurposeRelated data
Google Firebase (Cloud Messaging)Push notificationsPush token, identifiers
Firebase/analytics or crash tooling (if enabled)Stability, debuggingLogs, device identifiers
SMS gatewaySend customer remindersPhone number, message content
Apple App Store / Google PlayDistribution & in-app purchasesPurchase status
Server/hosting infrastructureStore & sync dataAll business data

Keep this table up to date when adding/removing SDKs; it must match both store declarations and the Privacy Policy §4.