Welcome to Pesa Go – Your Reliable Digital Wallet Partner

At Pesa Go ("we," "us," or "our"), we understand the critical importance of protecting your personal data and privacy. This Pesa Go Privacy Policy ("Policy") details how we collect, use, store, and safeguard your information as we provide our seamless digital financial services.

Key Points to Note Before Continuing

• • Please Read Carefully: We strongly advise you to review this entire Policy before using Pesa Go, paying special attention to the emphasized sections.
• • Your Agreement Matters: By using our platform, you confirm your acceptance of these terms. We cannot provide loan service to users under 18.
• • Right to Decline: If you do not agree with any part of this Policy, please discontinue use of our services immediately.

Permission

SMS Permission (Financial Messages Only)

Information We Collect

With your explicit consent, our app can access only financial SMS messages received on your device within the past 140 days.
We collect the following data:

• • Message time – when the SMS was received
• • Sender’s phone number – the number that sent the SMS
• • Financial message content – only messages related to banking transactions, loan updates, or payment confirmations

We do not collect:

• • Personal or private chats
• • One-time passwords (OTP) or authentication codes
• • Promotional or marketing messages
• • Any other non-financial SMS

How We Use This Information

The SMS data is used only for:

• • Assessing your creditworthiness for loan services
• • Detecting and preventing fraud

Your SMS data will never be used for advertising or unrelated purposes.

Data Transmission

All collected SMS data is securely transmitted to our servers at: https://mob.pesago.africa/
The transfer is fully encrypted and protected against unauthorized access.

How We Identify Financial SMS

To confirm that a message is financial in nature, our system uses automated recognition of common financial terms (for example: “account”, “bal”, “loan”, “money”, “paid”).

Messages without financial relevance are automatically ignored and never collected.

Data Security

We apply strict security measures to protect your SMS data:

• • Encrypted transfer (TLS)
• • Encrypted storage (AES-256)
• • Access restricted to authorized systems only

Data Retention

• • SMS data is kept for a maximum of 90 days
• • After this period, the data is permanently deleted and cannot be recovered

Device Info

Scope of Data Collected:
To enhance security and refine your financial profile, we collect when necessary during loan application and verification the following metrics:

• • Hardware Specifications: Manufacturer (OEM), model, serial number, IMEI/MEID
• • Network & Localization Data: Wi-Fi SSID, IP geolocation, system language preferences
• • Software State: OS version, security patch status, installation details of the Pesa Go app only (including installation date, last update date, and current version). We do not access, read, or collect any information about other apps installed on your device.
• • In-app Usage Metrics Limited to in-app activity patterns relevant to credit risk modelling (no access to external app or communication data).

Purpose & Safeguards:

1. 1. Fraud Prevention: Detects device spoofing or unauthorized access attempts
2. 2. Risk Assessment: Pesa Go application metadata with declared financial status
3. 3. Compliance Alignment: Adheres to local data protection regulations

Transparency & Control:

• • Storage: Stored in secure servers https://mob.pesago.africa
• • Access: Strictly limited to fraud analysts via zero-trust architecture
• • Retention: Purged after 180 days unless retained for dispute resolution

Photo Access Protocol

• Permitted Use Cases
Our application requests photo access solely to:

• • Facilitate support ticket attachments
• • Enable visual documentation for technical issues
• • Enhance service resolution accuracy

• Privacy-Centric Design

• • Gallery Access: Transient processing of user-selected images exclusively for active support cases
• • Data Lifecycle: All uploaded media undergoes immediate erasure post-resolution

• Security Safeguards
Implementation ensures:
✓ End-to-end encryption for all image transmissions
✓ Zero persistent storage of accessed media
✓ Granular permission controls (single-image selection only)

Approximately Location

• Purpose of Collection
To enhance service quality and security, we utilize location data for:

• • Identity verification against registered addresses
• • Fraud prevention (detecting atypical application patterns)
• • Market analytics to optimize regional service offerings

• Data Management

• • All location data transmits via HTTPS to our secured servers https://mob.pesago.africa
• • Storage duration limited to 90 days unless required for active investigations

Emergency Contact

• Purpose of Collection
To ensure user safety and security, we collect emergency contact details for:

• • Immediate assistance in account security incidents
• • Identity verification procedures
• • Fraud detection and prevention measures

• Data Management

• • All emergency contact data transmits via HTTPS to our secured servers https://mob.pesago.africa
• • Information is transmitted via encrypted channels to secured servers

Usage of Gathered Data

Service Provision & Optimization
The information secured enables the seamless delivery of our financial services, ensuring personalized functionality and transactional efficiency tailored to your requirements.

Identity Verification & Risk Assessment

• • Confirms the authenticity of provided credentials through multi-layered validation protocols
• • Powers algorithmic credit scoring models to determine:
  • • Loan eligibility thresholds
  • • Risk-adjusted interest rates
  • • Customized repayment structures

Credit Ecosystem Participation

• • Facilitates mandated reporting to licensed credit bureaus (per Section 17 of the National Credit Act)
• • Supports responsible lending practices through shared performance data

Debt Resolution Processes

• • Informs ethical recovery strategies for delinquent accounts via:
  • • Payment reminder systems
  • • Restructured settlement frameworks
  • • Legal proceedings (where contractually warranted)

Data Collection Parameters

1. Personal Information Collection

Upon initiating service enrollment, we require:

• • Core Identifiers: Mobile account details, verified mobile number, full legal name
• • Biographic Data: Date of birth, photographic identification (where applicable)
• • Supplementary Contacts: Emergency contact verification data

Verification Protocol: Cross-referenced with national identity registries and financial intelligence units.

2. Device Intelligence Gathering

To enhance risk modeling, we collect:

• • Hardware Signatures: Manufacturer, model, IMEI/MEID, serialization
• • Software Profile: OS version, security patch level, installed certificate authorities
• • Behavioral Metadata:
  • • Limited to metadata generated within Pesa Go, not involving phone call logs or personal message content.
  • • Session-based approximate location while app is in use (via GNSS and network triangulation)
  • • Transaction confirmation records voluntarily provided by the user (such as uploaded screenshots)

3. Third-Party Data Integration

Performed only where required by applicable laws or with explicit user consent, such as mandatory credit bureau reporting.

This Privacy Policy includes the following matters:

Definition

1. 1. Personal Information which we collect
2. 2. The use of Personal Information which we collect
3. 3. Sharing of Personal Information which we collect
4. 4. Cross-border transfers of Personal Information
5. 5. Retention of Personal Information
6. 6. Access and correction of Personal Information
7. 7. Where we store your Personal Information
8. 8. Security of your Personal Information
9. 9. Changes to this Privacy Policy
10. 10. Language
11. 11. Acknowledgement and consent
12. 12. Marketing and promotional material
13. 13. Third party websites
14. 14. Minor Protection Addendum for Cash Loan Services
15. 15. LIMITATION OF LIABILITY
16. 16. How to contact us

DEFINITION

All capitalized terms not otherwise expressly defined in this Privacy Policy shall retain the meanings assigned to them in our prevailing Terms of Use agreement. In the event of any conflict between definitions, the interpretation most consistent with applicable data protection regulations shall prevail. Where context requires, industry-standard interpretations of technical terminology (including but not limited to "Personal Data," "Processing," and "Controller" as defined under the GDPR) shall supplement contractual definitions. This section shall be construed in harmony with, and not in contradiction to, other operative provisions governing the parties' relationship.

PERSONAL INFORMATION WHICH WE COLLECT

Collection of Personal Information

We process various categories of personal data that enable us to deliver our services effectively. This information may be obtained through:

Direct User-Provided Information

During account registration and service utilization, you furnish us with mandatory identification and financial details including:

• • Biographical Data: Full legal name, government-issued identification number, date of birth, gender
• • Contact Particulars: Physical address, verified email, active phone number (including SIM registration details)
• • Additional Profile Information: Marital status, occupation, and education level — provided voluntarily during the loan application process to complete your credit profile and meet applicable KYC/AML requirements.
• • Financial Credentials: Banking details, mobile money accounts, credit history, and verification numbers
• • Service Authentication: Unique account credentials for platform access

Operational interactions require supplementary disclosures, such as:

• • Payment Processing Data: Transaction amounts, payment method specifications, issuer details
• • Device Characteristics: Manufacturer specifications, operating system versions, unique hardware identifiers

These details are used solely for credit profile completion, responsible lending assessment, and compliance with KYC/AML requirements.

Automated Technical Data Acquisition

Our systems passively capture:

• • Digital Footprints: IP addresses, session duration metrics, browsing patterns
• • Device Telemetry: MAC addresses, IMEI numbers, network carrier information
• • Geospatial Data: Real-time GPS coordinates (foreground app usage) with optional opt-out capabilities

Cookie Policy: We employ persistent and session cookies to personalize user experience. While configurable through browser/device settings, disabling these may impair functionality.

Third-Party Data Partnerships

We validate information through authorized entities including:

• • Financial Institutions: Credit bureaus, banking partners
• • Telecommunications Providers: Mobile network operators
• • Service Facilitators: Collection agencies, technical vendors

Third parties are contractually prohibited from using Personal Information for unrelated purposes.

User-Submitted Third-Party Data

Do not provide any third-party personal information unless you have their explicit permission.

When providing emergency contacts or references, you:

• • Warrant that you have obtained prior consent from such individuals before providing their information to us, and that they have been informed of the intended use as described in this Policy
• • Assume responsibility for data accuracy

Important Limitations

• • Contact Access: Facilitates referral processes without permanent retention
• • Location Services: Location Services: Collected only while the app is in use, with explicit user consent, and may be disabled at any time via device settings.

All processing activities comply with prevailing data protection regulations. For consent management procedures, refer to Section 12 of this policy.

THE USE OF PERSONAL INFORMATION WHICH WE HAVE COLLECTED

Use of Personal Information

The personal data collected may be processed for the following lawful purposes in accordance with applicable regulations:

Primary Processing Objectives

1. 1. User Onboarding & Account Management
   • • Identity verification and user registration
   • • Creditworthiness assessment and risk modeling
   • • KYC/AML regulatory compliance
   • • Account administration and service customization
2. 2. Financial Service Execution
   • • Loan origination and repayment processing
   • • Dynamic credit scoring model development
   • • Transaction monitoring and fraud prevention
3. 3. Service Communication
   • • Platform updates and policy change notifications
   • • User support inquiry resolution
   • • Marketing communications (opt-out available)
4. 4. Platform Optimization
   • • Usage analytics and demographic trend analysis
   • • Technical troubleshooting and performance enhancement
   • • Product development through anonymized data analytics

Secondary Processing Activities

1. 1. Business Operations
   • • Internal process improvements
   • • Technical infrastructure maintenance
2. 2. Regulatory & Legal Compliance
   • • Fraud detection and prohibited activity investigations
   • • Statutory audit requirements fulfillment
   • • Regulatory inquiries response
3. 3. Corporate Transactions
   • • Merger/acquisition due diligence
   • • Business asset transfer evaluations

All processing activities adhere to:

• • Proportionality Principle: Minimal necessary data usage
• • Legal Basis: Contractual necessity, regulatory requirements, or legitimate business interests
• • Marketing Communications: Subject to prior opt-in where mandated

SHARING OF PERSONAL INFORMATION WHICH WE COLLECT

We may disclose or share your Personal Information with Affiliates and third parties for the following purposes, always acting reasonably and limiting disclosure to what is necessary for each purpose:

Permitted Disclosures
We may share your Personal Information under the following circumstances:

1. 1. Legal and Regulatory Compliance
   • • When required or authorized by applicable laws, including responding to regulatory inquiries, investigations, directives, or filing requirements.
   • • To comply with statutory obligations, including KYC (Know Your Customer) and AML (Anti-Money Laundering) regulations.
2. 2. Legal Proceedings
   • • In connection with any legal disputes involving you and us, or between you and another party, relating to the Service.
3. 3. Business Transactions
   • • During negotiations for mergers, acquisitions, asset sales, financing, or restructuring of our business, even if the transaction is not finalized.
4. 4. Third-Party Collaborations
   • • With Credit Reference Bureaus, financial institutions, mobile network providers, collection agencies, vendors, suppliers, contractors, and other service providers who assist in delivering the Service or performing business functions on our behalf.
   • • For marketing, research, analysis, or product development purposes, including allowing third parties to offer relevant products or services to you.
5. 5. Affiliate Sharing
   • • With our Affiliates to facilitate business operations, such as data processing, storage, or direct marketing (where you have subscribed). Affiliates are bound by this Privacy Policy and applicable laws.
6. 6. Aggregated/Anonymized Data
   • • When publishing usage statistics, we ensure all data is aggregated and anonymized, preventing individual identification.
7. 7. Protection of Rights & Compliance

Where we believe disclosure is necessary to prevent harm, enforce Terms of Use, report illegal activity, or comply with legal obligations.

Minimizing Identifiability
Where possible, we will take reasonable steps to de-identify Personal Information before sharing to prevent association with you.

Additional Disclosures with Consent
If not covered above, we will seek your explicit consent before sharing your Personal Information.

This disclosure framework ensures legal compliance while safeguarding your data privacy. All third-party sharing complies with applicable data protection laws.

CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION

We may transfer, store, process and use your Personal Information in jurisdictions outside of:

• • Your country of residence ("Home Country"); or
• • The location where you access our Services ("Alternate Jurisdiction")

Such transfers may be made to:

1. 1. Affiliated entities within the PesaGo corporate group operating internationally;
2. 2. Our designated service providers, technology partners, or infrastructure facilities (including data centers and cloud service providers) located in foreign jurisdictions.

Data Protection Commitments:

We maintain strict safeguards to ensure all cross-border data transfers provide:

• • An equivalent level of protection as mandated by Uganda's data protection legislation;
• • Comprehensive security measures consistent with our Privacy Policy obligations.

By using our Services, you expressly acknowledge and consent to such international data transfers as outlined above. We implement appropriate contractual, technical and organizational measures (including standard contractual clauses where applicable) to protect your Personal Information in accordance with applicable data protection requirements.

RETENTION OF PERSONAL INFORMATION

We retain your Personal Information only for as long as necessary to:

• • Fulfil the purposes for which it was collected; or
• • Comply with applicable legal, regulatory, or business obligations.

Once these purposes are met, we will either:

1. 1. Securely delete the data; or
2. 2. Anonymize it to remove any link to your identity.

Retention will end when:

• • The original purpose for storage no longer applies; and
• • No legal or legitimate business reason remains.

You may request early deletion of your personal data at any time via in-app settings or by contacting our support team. Upon confirmation, the requested data will be permanently and irreversibly removed from our active systems, and backup archives, unless retention is required by applicable law.

We maintain strict data governance protocols to ensure compliant, secure, and responsible data lifecycle management.

ACCESS AND UPDATE/CORRECTION OF PERSONAL INFORMATION

a. Exercising Your Rights
You may submit requests to:

• • Access your Personal Information in our records; or
• • Rectify any inaccuracies in such data

Please contact us using the provided details below. Please note that applicable laws may permit us to charge a reasonable administrative fee for processing these requests.

b. Request Refusal Rights
We may legally decline such requests when:

• • Disclosure would compromise third-party privacy rights;
• • Applicable laws restrict such disclosure; or
• • We deem requests to be manifestly unfounded, excessive, or made in bad faith

We will always provide written justification for any refusal in accordance with legal requirements. Any denied correction requests will be supplemented with your right to provide a statement of disagreement for our records.

WHERE WE STORE YOUR PERSONAL INFORMATION

a. Data Handling by Service Providers
We may engage third-party vendors for the storage, transfer, or processing of your Personal Information. We rigorously evaluate these providers to ensure their data protection standards meet or exceed our privacy commitments as outlined in this Policy.

b. Cross-Border Processing
Your Personal Information may be accessed, stored, or processed in foreign jurisdictions by:

• • Our international personnel
• • Approved third-party vendors, suppliers, or affiliated entities

All such transfers strictly comply with applicable data protection laws. We implement robust safeguards—including contractual obligations, technical controls, and compliance audits—to maintain protection standards equivalent to those required in your country of residence, and never below the protections guaranteed in this Privacy Policy.

SECURITY OF YOUR PERSONAL INFORMATION

We treat the protection of your Personal Information with the highest priority. We employ comprehensive administrative, technical, and physical safeguards designed to:

• • Prevent unauthorized access, disclosure, or misuse
• • Secure against unlawful processing or accidental destruction
• • Mitigate risks of data breaches or compromise

Internet Transmission Disclaimer
While we implement industry-standard security measures, please note that no electronic transmission method is entirely risk-free. We cannot:

• • Guarantee absolute protection of data transmitted online
• • Warrant against potential interception or alteration by malicious third parties
• • Assume responsibility for vulnerabilities inherent to internet infrastructure beyond our control

Your Security Responsibilities
You must maintain vigilance by:

• • Safeguarding all account credentials with utmost care
• • Never disclosing passwords to any third party
• • Ensuring the physical and digital security of your registered mobile devices

Security is a shared responsibility between our organization and users. We encourage you to exercise prudent judgment when handling sensitive information.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to periodically modify this Privacy Policy at our discretion to reflect:

• • Evolving business needs and technological developments
• • Changes in applicable laws or regulatory requirements

Notification of Changes
Material updates will be communicated through:

• • Prominent notices published on our App and/or Website
• • Direct notifications to your registered email address

Your Ongoing Responsibility
By continuing to use our services, you explicitly acknowledge and agree that:

• • Regular review of this Policy constitutes your responsibility
• • Post-amendment usage of our platforms/services signifies:
  (i) Your acknowledgment of modifications
  (ii) Your binding acceptance of the revised terms

LANGUAGE

In the event of any discrepancies or conflicts between:

• • The English-language version of this Privacy Policy
• • Translations into other languages

ACKNOWLEDGEMENT AND CONSENT

Acceptance & Consent
a. By accepting this Privacy Policy, you expressly confirm that:

• • You have thoroughly reviewed and comprehended all provisions herein.
• • You unconditionally agree to all terms, including our authority to collect, process, transfer, store, and utilize your Personal Information as outlined.

Third-Party Data Provision
b. Should you supply Personal Information regarding other individuals (including but not limited to family members, emergency contacts, or associates), you hereby:

• • Confirm that you have obtained prior informed consent from such individuals before providing their information to us.
• • Warrant that they have been informed of the intended use and processing of their information as described in this Policy.
• • Grant consent on their behalf for identical processing activities by our organization.

Verification Authorization
c. You expressly permit us to initiate contact:

• • With yourself through all available channels.
• • With designated emergency contacts only when:
  • • Primary verification attempts are unsuccessful; or
  • • Payment obligations remain unfulfilled.

Consent Withdrawal Provisions
d. While you retain the right to revoke consent at any time through:

• • Written notice to our designated contacts;
• • In-app settings or account preferences; or
• • Unsubscribe mechanisms in electronic communications,
  you acknowledge that such withdrawal may:
• • Limit or restrict access to certain services or features;
• • Not affect the lawfulness of processing based on consent before its withdrawal.

Prior to processing any withdrawal request, we will provide:

• • A comprehensive explanation of the impact on your access to services; and
• • Clear information on any alternative legal bases for continued retention where applicable (e.g., legal obligations).

MARKETING AND PROMOTIONAL MATERIAL

a. Marketing Content
We may deliver promotional materials through various channels—including postal mail, email, in-app messaging, or push notifications, …only if legally permitted in your jurisdiction and with your prior opt-in consent:

• • Exclusive benefits, offers, or events by us or our affiliated partners, sponsors, or advertisers
• • New developments regarding our App and/or related products and services

b. Opting Out
You may unsubscribe from marketing communications at any time by either:

• • Clicking the "unsubscribe" link in any promotional message, or
• • Contacting us directly using the provided details

Minor Protection Addendum for Cash Loan Services

1. 1. Age Verification & Eligibility
   We strictly prohibit cash loan services to individuals below the legal majority age (18 years or older as per applicable law). Our systems incorporate:

• • Mandatory ID authentication
• • Age verification protocols
• • Continuous monitoring mechanisms

1. 1. Parental Notification Protocol
   Should we inadvertently process an application from a minor:
   a. Immediate termination of all loan processes
   b. Notification sent to registered guardian/parent within 24 hours
   c. Permanent blacklisting of associated identification documents
2. 2. Educational Safeguards
   We actively implement:

• • Warning pop-ups about financial risks for minors
• • Financial literacy resources in age-restricted platforms
• • Collaboration with educational institutions on debt awareness

THIRD PARTY WEBSITES

a. External Website Disclaimer
Our App and Website may include connections to external third-party platforms. We expressly disclaim:

• • Control over these independent websites
• • Liability for their data handling practices (including collection, processing, or sharing of information)

We strongly advise reviewing:

✓The privacy policies of all third-party sites

b. Advertising Partner Protocols
Advertisements displayed within our digital properties:

• • Function as direct gateways to advertisers' platforms
• • Enable data collection by sponsoring entities upon user engagement

LIMITATION OF LIABILITY

We expressly disclaim responsibility for any:

• • Indirect
• • Incidental
• • Consequential
• • Special
• • Exemplary
• • Punitive

damages resulting from:

a. Your use of, reliance upon, or inability to access the App;

b. Any interactions or agreements between you and third parties.

This exclusion applies regardless of whether we were previously notified of the potential for such damages.

Furthermore, we shall not be held liable for any delays or failures in performance due to circumstances beyond our reasonable control.

This limitation of liability stands even in cases where any remedy provided fails of its essential purpose.

HOW TO CONTACT US

If you have any questions regarding this Privacy Policy or you would like to obtain access and/or make corrections to your Personal Information, please contact us at service@pesago.africa or 256 771939094