Privacy Policy
HawaltLik (حولت ليك)
Last updated: 2026-07-01
Note: This document is a template and does not constitute legal advice. It should be reviewed by a qualified legal professional familiar with applicable laws in Sudan, including any requirements of the Central Bank of Sudan and data-protection regulations, before being published or relied upon.
1. Introduction
This Privacy Policy explains how [INSERT COMPANY/OPERATOR NAME] ("we", "us", "our") collects, uses, stores, and protects information in connection with the HawaltLik mobile application and related services (the "Service"). It forms part of our Terms of Use. By using the Service, you agree to the practices described here.
2. Information We Collect
We collect the following categories of information:
2.1 Account and business information
- Your phone number (used to create and secure your account).
- Your name and business details (business name, type, and optionally address and email).
- Your registered receiving bank account number(s), which you provide so the Service can check whether payments were made to your account.
- Basic device information (such as device name/model) used to manage the devices linked to your account.
2.2 Receipt data – including third-party information
When you capture or upload a payment receipt, we collect the receipt image and the information extracted from it. This information can include personal data belonging to third parties – for example, the name and bank account number of the person who sent the payment, the amount, the date, and a transaction reference.
If you submit receipts that contain other people's information, you are responsible for having a lawful basis to do so. We process this information only to provide the Service to you (recording, verifying, and reporting on payments your business receives).
2.3 Usage information
- Transaction records you create, your reports, exports, bookmarks, and settings.
- Limited technical information needed to operate the Service (such as logs and timestamps). We do not log full bank account numbers in our diagnostic logs.
3. Biometric Unlock
You may choose to protect the app with fingerprint or face unlock. This relies on the security features built into your device. Your biometric data never leaves your device and is never collected, transmitted to, or stored by us. We only receive a confirmation from your device's operating system that you unlocked the app.
4. How We Use Information
We use the information we collect to:
- Create and secure your account and authenticate you.
- Read and record receipt details so you can store and organize your payments.
- Run automated checks (such as matching the receiving account and detecting duplicate references) to help you identify potentially invalid or fraudulent receipts.
- Generate your reports, summaries, and analytics.
- Provide features such as exports, reference tagging, and shift tracking.
- Operate, maintain, secure, and improve the Service.
- Communicate with you about your account, including notifications you have enabled.
- Comply with applicable legal obligations.
5. How Receipts Are Processed (Data Stays In-House)
The reading and verification of receipts is performed using our own systems on infrastructure we control. We do not send your receipt images or extracted data to third-party artificial-intelligence or OCR services for processing. This is a deliberate choice to keep the financial information in receipts within our own environment.
We use service providers only for core infrastructure such as data hosting and storage, and only to the extent necessary to operate the Service. Any such providers are required to protect the information and use it solely to provide services to us.
6. Sharing of Information
We do not sell your personal information, and we do not share it for advertising. We may share information only:
- With infrastructure providers (such as hosting) strictly as needed to run the Service, under appropriate confidentiality and security obligations.
- To comply with a valid legal obligation, court order, or lawful request from a competent authority.
- To protect our rights, safety, or property, or those of our users or the public, where permitted by law.
- In connection with a business transfer (such as a merger or acquisition), in which case we will take reasonable steps to ensure your information remains protected.
7. Data Retention
- Receipt images: On the free plan, receipt images are automatically deleted after approximately 7 days. On paid plans, receipt images are retained while your account remains active, or until you delete them.
- Transaction data: The extracted transaction records are retained while your account remains active so your history and reports remain available, unless you delete them.
- Deleted items: When you delete a transaction, it is moved to a recycle bin and retained for approximately 30 days before being permanently removed, allowing you to restore it.
- Account closure: When you delete your account, we delete or irreversibly anonymize your personal data, except where we are required to retain certain information to comply with the law.
8. Security
We take reasonable technical and organizational measures to protect your information, including:
- Encryption of data in transit, and protection of stored data.
- Access controls so your data is isolated from other users' data.
- Device-based access protection (PIN and optional biometric unlock).
- Minimizing the data we retain (for example, automatic deletion of free-tier receipt images).
No method of transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security.
9. Your Rights and Choices
- Access and correction: You can view and update your profile, business, and account information within the app.
- Deletion: You can delete individual transactions, and you can delete your entire account and associated data.
- Export: Depending on your plan, you can export your transaction data.
- Notifications: You can control the notifications you receive in your settings.
To exercise any right or make a request, contact us using the details in Section 13.
10. Children
The Service is intended for businesses and adults aged 18 or older. It is not directed to children, and we do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it.
11. International Processing
We aim to process and store your information using infrastructure we control. Where any hosting or storage occurs outside your country, we will take reasonable steps to ensure your information continues to receive an appropriate level of protection consistent with this Policy and applicable law.
12. Changes to this Policy
We may update this Privacy Policy from time to time. We will indicate the "Last updated" date above and, for material changes, provide reasonable notice within the app. Your continued use of the Service after the changes take effect constitutes acceptance of the updated Policy.
13. Contact
For questions or requests regarding this Privacy Policy or your data, contact us at:
- Email: [INSERT EMAIL]
- Phone / WhatsApp: [INSERT NUMBER]
- Operator: [INSERT COMPANY/OPERATOR NAME], [INSERT ADDRESS]