Privacy Policy

Effective Date: June 7, 2026

Mobile App Disclosures Version 1.0.0

Location Services

Specifically used for verification during registration, device syncing, and locating closest branch offices.

Biometric Security

Authenticates transactions locally using device hardware KeyStore. Raw biometric data is never sent to our servers.

Device Binding

Links account access strictly to your physical device metadata and identifiers to prevent unauthorized sessions.

Camera & Storage

Used to scan merchant QR codes, process transfers, and securely save generated digital receipts.

No sections match your search query. Try typing another term.

1. Introduction

Welcome to Bright Sahakari Mobile Banking, a mobile banking application built to provide secure, seamless financial services. This Privacy Policy details how we handle information collected, stored, and utilized when you interact with our mobile application.

By registering and using the application, you agree to the practices outlined in this policy. We are dedicated to ensuring your financial and personal disclosures are managed with high industry security standards.

2. Data We Collect

To enable standard mobile banking functionalities, verify member accounts, and comply with regulatory financial frameworks, we collect the following data points:

  • Personal & Membership Profile: Your registered mobile number, cooperative membership details, profile information, and account details.
  • Transaction Ledger: Information relating to transfer histories, utility payments, and dynamic statement requests.
  • Technical Identifiers: Native device hardware identifiers, specifically the Android ID (on Android devices) or the Vendor Identifier (identifierForVendor on iOS devices), used to link your physical device uniquely to your profile.
  • Metadata Headers: To optimize API performance and maintain system compatibility, request headers transmit basic model names (e.g. brand, device model) and OS versions (e.g. iOS 17 or Android 13).

3. App Permissions

During the setup and operation of the application, we request explicit user permissions to access core system features. These scopes are strictly limited to technical necessities:

Location Services (GPS)

Determines device coordinates during member registration processes, device synchronization checks, and branch/ATM mapping services to ensure proximity and security compliance.

Camera Access

Required to scan merchant QR codes for real-time payments, capture physical receipts, and verify profile documentation photos.

Photos & Storage Access

Allows downloading and saving statement PDFs or transaction receipts directly to your local file storage or downloads folder, and uploading custom QR code images from your gallery to scan.

Notifications

Utilizes push notification tokens to deliver real-time critical security alerts, statement notifications, and transaction updates.

4. Biometrics & Encryption

Bright Sahakari supports biometric authentication (Fingerprint, Touch ID, Face ID) as a secure shortcut to access your account dashboard.

Hardware-Backed Biometric Security

Raw biometric templates (fingerprint maps or facial scans) never leave your device. When you enable biometric login, the app requests the device's secure hardware environment (Android KeyStore or iOS Keychain) to generate an isolated RSA key pair linked specifically to your mobile alias. When authenticating, the operating system verifies your biometric identity locally. Upon success, the secure hardware signs a random cryptographic challenge, which is sent to our server to verify the session. Your actual biometrics are never stored, collected, or shared with us or any third party.

6. Usage & Retention

We process and retain personal data strictly for operations linked directly to our mobile banking system:

  • Processing fund transfers, utilities payments, and balance inquires.
  • Delivering real-time Push alerts and SMS statements.
  • Authenticating login sessions via local cryptographic challenges.
  • Maintaining regulatory compliance records under cooperative oversight guidelines.

Caching is enabled locally to load accounts rapidly. If you are in developer mode, cache clear buttons are available to purge locally stored preferences from device memory immediately.

7. Security Practices

Your financial security is our primary focus. We utilize multiple layers of safeguard protocols:

  • Transport Layer Security (HTTPS): All communications between the mobile application and backend API services are encrypted.
  • Cryptographic Request Signing: Transactions and sensitive API payloads are signed using local hardware keys verified by the server.
  • Biometric Lockouts: Failed biometric attempts trigger immediate fallback validation requiring manual MPIN or OTP challenges.

For inquiries regarding data requests, erasure, or reporting security concerns, please contact your cooperative's technical department directly.