Skip to main content
MoMo Assistant
Legal

Security Statement

A formal statement of our security model — see also the Security page for a product overview.

Last updated: 2026-07-13

Guiding principle

MoMo Assistant is built around one rule: Mobile Money transaction PINs never leave the device. Every security decision follows from that rule.

Credential security

Mobile Money PINs are sealed in the device's Android KeyStore, hardware-backed where the device supports it. They're never transmitted off the device, never included in cloud sync, backups, or transaction metadata.

Device and SIM trust

A device has to be verified and trusted before it can run automated transactions for a station. SIMs are bound and verified per device, preventing an unauthorized SIM swap from silently taking over a line.

Runtime control

Organizations define runtime policies; the runtime enforces them, not the individual agent. Every automated step still surfaces to the agent for confirmation before it commits.

Logging and audit

Every security-relevant event — a device enrollment, a SIM verification, a policy change — is recorded to the organization's audit log as it happens.

Reporting an issue

If you believe you've found a security issue, contact us directly at hello@momoassistant.app rather than disclosing it publicly — we'll respond as soon as we can.