Privacy policy

1. What we collect

• Identity: full name, phone number, ID number, partner institution.
• Financial activity: savings balance, repayments, and mobile-money or bank transactions linked to your chosen payment channel (M-Pesa, Airtel Money, T-Kash, Equitel, PesaLink, bank push, or branch payment).
• Trust signals: on-time repayments, request history, derived trust score.
• Device: IP, user-agent, basic browser metadata for security and audit.

2. Lawful basis

We process your data under the Kenya Data Protection Act, 2019:

• Consent — to create your account, contact you, and run KYC.
• Contract — to provide cash, schedule repayments, and operate the platform.
• Legal obligation — for AML, fraud monitoring, and reporting to authorities.
• Legitimate interest — to improve the service and prevent abuse.

3. Who we share with

• Your chosen payment provider — Safaricom (M-Pesa), Airtel Money, Telkom (T-Kash), Equity Bank (Equitel), PesaLink or your bank — only to process the repayment you initiated.
• Twilio — to deliver SMS OTPs.
• Your partner institution — only staff at your SACCO / chama can see your records there.
• Authorities — where legally compelled (court order, ODPC, FRC, KRA).

We do not sell your data.

4. Retention

We retain financial records for the period required by AML and tax law (typically 7 years after account closure). KYC documents follow the retention rules of our partner institutions. Audit logs are append-only.

5. Your rights

Under the Kenya Data Protection Act you can:

• Access a copy of your data — see Account > My data.
• Request correction of inaccurate data.
• Request deletion / opt out — see Account > Opt out. Note: financial records subject to AML retention cannot be deleted before the legal retention period ends.
• Object to specific processing and withdraw consent.
• Lodge a complaint with the Office of the Data Protection Commissioner.

6. Security

Data is encrypted in transit (TLS) and at rest. Access to production data is role-scoped (admin / partner / member) and every financial state change is recorded in an append-only AML audit log.

7. Children

Jifaidi™️ is not for users under 18. We don't knowingly collect their data.

8. Changes

We'll notify you in-app of material changes to this policy.

9. Contact our Data Protection Officer

dpo@jifaidi.app