How Cool processes user data.

1. Who operates Cool

Cool is a mobile application for community finance coordination, partner services, ticketing, and credit visibility in the Rwanda market only. For privacy questions, contact info@ikanisa.com.

2. Data we collect

Depending on how you use the app, Cool may process:

• Phone and WhatsApp number for authentication and account recovery. Authentication may use any valid global WhatsApp number.
• Profile details such as full name and preferred payout route metadata.
• Mobile Money routing details you provide, such as MoMo number or MoMo code.
• Community group, contribution, referral, partner, and ticket activity.
• Approximate or precise location when you use nearby-service or location-aware discovery features.
• Camera data when you actively scan QR codes or use BioPay face enrollment and payee-matching flows.
• Biometric face templates, consent records, payout route metadata, and match or revocation audit records if you enroll in BioPay.
• NFC interaction data on supported devices when you initiate NFC flows.
• Push-notification tokens and notification delivery metadata.
• Analytics and feature-flag data through Firebase services.

3. Android-only SMS verification

If you explicitly enable SMS verification on Android, Cool processes incoming payment-confirmation SMS from approved Mobile Money sender IDs to reconcile transactions. The app does not use SMS access for general messaging, marketing, or unrelated inbox reading.

Cool currently narrows automatic verification to approved M-Money sender aliases used for MTN Rwanda payment confirmations. Messages from other senders are not parsed into reconciliation records.

3a. SMS data processing

Approved M-Money sender messages are transmitted to server-side AI services (Google Gemini and OpenAI) for structured transaction parsing. This is required to accurately extract transaction type, amount, currency, payer/payee details, and transaction ID from payment confirmation SMS. Only messages from approved Mobile Money sender IDs are transmitted. Raw SMS message bodies are retained for transaction audit and reconciliation purposes until they are redacted by the cleanup policy, which currently targets 14 days after the successful parse and reconciliation retention window, or sooner if you delete your records. You can request deletion of your SMS data at any time via the in-app account settings or by contacting info@ikanisa.com.

4. How we use data

• To authenticate users and secure accounts.
• To route Mobile Money payment handoffs and reconcile confirmations.
• To enroll and match BioPay users against their approved payout routes.
• To operate groups, partner services, tickets, and credit features.
• To provide product analytics, stability monitoring, and feature rollouts.
• To respond to support requests, disputes, and fraud or abuse concerns.

If you enroll in BioPay, Cool processes live camera frames in memory on your device to generate a biometric face template for payment matching. The BioPay flow is designed not to write those live camera frames to your photo gallery. Cool stores the resulting biometric template, your consent record, payout route metadata, and relevant match or revocation audit logs in Supabase so the feature can operate, be revoked, and be monitored for fraud or abuse.

5. Sharing

Cool may share relevant data with infrastructure and feature providers used to operate the service, including Supabase, Firebase, Meta WhatsApp messaging services, Google Gemini, OpenAI, and licensed or designated partners that provide group, financial, or ticketing services. We do not sell personal information.

6. Data retention

We retain account, transaction, audit, and operational records only as long as reasonably necessary for service delivery, fraud prevention, support, compliance, and legitimate business operations. If you enroll in BioPay, this may include your biometric template, consent history, payout route metadata, and related audit records.

7. Your choices

• You can choose whether to enable Android SMS verification.
• You can control some device permissions through Android settings.
• You can revoke an active BioPay enrollment from inside the app.
• You can request support or delete your account from inside the app.

8. Account deletion

Cool provides an in-app account deletion flow. See Account Deletion for current steps and support details.

9. Security

We use reasonable technical and organizational measures to protect account and transaction data, but no system can guarantee absolute security.

10. Changes

We may update this policy as the product or compliance requirements evolve. The latest version will remain published at this URL.