1. Introduction

Welcome to JiPay (“we,” “our,” or “us”). JiPay is a micro-savings wallet built for informal workers in Africa, by Africans. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and services.

By using JiPay, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you register and use JiPay:

• Identity Information: Full name, date of birth, national ID number, and KRA PIN
• Contact Information: Phone number, email address, and physical address
• Financial Information: M-PESA phone number, transaction history, savings balances, and account statements
• Demographic Information: Gender

2.2 Transaction Data

We automatically collect information about your transactions, including:

• M-PESA transaction details (amount, date, time, merchant information)
• Savings contributions and withdrawals
• Insurance premium payments
• Investment returns and interest accrued

2.3 Device and Usage Information

We collect information about your device and how you use our app:

• Device type, model, and operating system
• IP address and mobile network information
• App usage patterns and preferences

2.4 Insurance and Health Information

For JiPay Afya subscribers, we collect:

• Beneficiary information (family members covered)
• Medical claims history
• Healthcare provider information

3. How We Use Your Information

We use your information for the following purposes:

3.1 Service Provision

• To create and manage your JiPay account
• To process automatic savings from your M-PESA transactions
• To facilitate deposits and withdrawals
• To manage your JiPay Now, JiPay Later, and JiPay Afya accounts
• To calculate and apply interest to your savings
• To process insurance claims and manage your micro-insurance coverage

3.2 Communication

• To send you transaction confirmations and account statements
• To notify you about savings milestones and goal progress
• To provide customer support and respond to inquiries
• To send important service updates and policy changes
• To share educational content about financial wellness

3.3 Compliance and Security

• To verify your identity and prevent fraud
• To comply with legal obligations and regulatory requirements
• To enforce our Terms and Conditions
• To protect against unauthorized access and security threats

3.4 Service Improvement

• To analyze usage patterns and improve our services
• To develop new features and products
• To personalize your experience
• To conduct research and analytics

4. M-PESA Integration

4.1 Save As You Spend

Our core feature integrates with M-PESA to automatically save a percentage of your transactions. By using this feature:

• You authorize us to access your M-PESA transaction data
• You consent to automatic deductions based on your chosen savings percentage (default 10%)
• We receive real-time notifications of your M-PESA transactions
• We process these transactions to calculate and execute your automatic savings

4.2 Third-Party Access

We integrate with Safaricom’s M-PESA API to enable our services. This integration is governed by both this Privacy Policy and Safaricom’s privacy policies.

5. Information Sharing and Disclosure

We may share your information with:

5.1 Service Providers

• Etica Capital: Our partner who manages the money market fund for JiPay Now savings
• Insurance Partners: For processing JiPay Afya insurance claims and coverage
• Payment Processors: To facilitate transactions and account operations
• Technology Providers: For app hosting, data storage, and security services

5.2 Legal and Regulatory Bodies

• Capital Markets Authority (CMA)
• Central Bank of Kenya
• Kenya Revenue Authority
• Law enforcement agencies when legally required
• Courts and regulatory authorities in response to valid legal requests

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

6. Data Security

We implement robust security measures to protect your information:

• End-to-end encryption for all financial transactions
• Data encryption in transit (TLS/SSL) and at rest (AES-256)
• Secure data storage with industry-standard encryption
• Multi-factor authentication options
• Regular security audits and penetration testing
• Restricted access to personal information on a need-to-know basis
• Secure API connections with M-PESA and partner services
• Compliance with Payment Card Industry Data Security Standard (PCI DSS) where applicable

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as:

• Your account is active
• Necessary to provide our services
• Required by law (minimum of 7 years for financial records)
• Needed to resolve disputes or enforce our agreements

When data is no longer needed, we securely delete or anonymize it.

8. Your Rights and Choices

Under the Kenya Data Protection Act, 2019, you have the following rights:

8.1 Access and Portability

• Request access to your personal information
• Receive a copy of your data in a structured, commonly used format
• Transfer your data to another service provider

8.2 Correction and Deletion

• Correct inaccurate or incomplete information
• Request deletion of your personal data (subject to legal retention requirements)

8.3 Objection and Restriction

• Object to processing of your personal information
• Request restriction of processing in certain circumstances

8.4 Withdrawal of Consent

• Withdraw consent for data processing at any time (may affect service availability)

To exercise these rights, contact us at privacy@jipay.io or call +254 709 200 600.

9. Cookies and Tracking Technologies

Our website and app may use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze app performance and usage
• Provide personalized content

You can control cookie preferences through your browser settings.

10. Children’s Privacy

JiPay is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete such information.

11. International Data Transfers

Your information is primarily stored and processed in Kenya. If we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with applicable laws.

12. Third-Party Links

Our app may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website and app
• Sending you an email notification
• Displaying an in-app notification

Continued use of JiPay after changes constitute acceptance of the updated policy.

14. Data Protection Officer

Our Data Protection Officer is responsible for overseeing compliance with this Privacy Policy. Contact them at:

Email: dpo@jipay.io
Phone: +254 709 200 600
Address: 5th Floor, All Africa Conference of Churches, Waiyaki Way, Nairobi, Kenya

15. Complaints and Concerns

If you have concerns about how we handle your personal information, you may:

1. Contact our Data Protection Officer (details above)
2. File a complaint with the Office of the Data Protection Commissioner of Kenya

Office of the Data Protection Commissioner
Email: complaints@odpc.go.ke
Website: www.odpc.go.ke

16. Contact Us

For questions, concerns, or requests regarding this Privacy Policy, please contact us:

JiPay
5th Floor, All Africa Conference of Churches
Waiyaki Way, Nairobi, Kenya

Email: feedback@jipay.io
Phone: +254 722 404 446
Website: https://jipay.io

Regulatory Information
JiPay is regulated by the Capital Markets Authority (CMA) of Kenya. Our money market fund partner, Etica Capital, is a licensed fund manager.

By using JiPay, you acknowledge that you have read, understood, and agree to this Privacy Policy.