Welcome to KKPesa (“KKPesa”, “the App”, “we”, “us”, or “our”). We provide digital financial services to users in Kenya and Tanzania. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our iOS application and related services.
We aim to comply with applicable data protection laws, including the Kenya Data Protection Act (2019) and the Tanzania Personal Data Protection Act (2022), as well as Apple App Store privacy requirements.
By installing or using KKPesa, you acknowledge that you have read and understood this Privacy Policy.
Company / Data Controller - Entity: KKPesa is operated by PAYABLU CREDIT LIMITED (“Company”). - Registered Address: 1st Floor, NBK Building, Harambee Avenue, Nairobi, Kenya. - Contact/DPO: If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact: dev@payablultd.com.
A. Personal Information You Provide :
We collect personal data to provide services, evaluate credit risk, prevent fraud, and meet legal and regulatory obligations. Data categories may include:
2.1 Identity and Profile Information - Full name, date of birth, gender - Government-issued ID information (e.g., National ID or Voter ID), and identity verification data - Selfies or identity photos where required for verification
2.2 Contact and Residence Information - Phone number, email address - Residential address and related location details you provide
2.3 Financial and Professional Information - Employment status, income ranges or similar indicators - Bank account or mobile wallet details for disbursement and repayment
2.4 Contacts Information (Address Book) With your permission, we may collect and upload your contacts list (such as names, phone numbers, and related metadata stored in your address book). We use this information to help verify identity, assess risk, prevent financial fraud, and support compliance obligations. - Note: We do not use your contacts data for advertising, and we do not sell your personal data.
2.5 Device, App, and Network Information - Device information (e.g., device model, OS version, language settings) - Network information (e.g., IP address, network type, Wi‑Fi/cellular status) - App activity logs and diagnostic data for security, fraud prevention, and service reliability
2.6 Notifications and Communications - If you enable push notifications, we may send loan status updates and repayment reminders. - We may send service communications related to your account and transactions.
We collect data through: - Information you provide directly in the App (forms, uploads, customer support interactions). - Permissions you grant on iOS (e.g., Contacts, Camera, Photos, Location). - Automated collection from your device/app environment for security and reliability (as described above). - Third parties where permitted and necessary (e.g., credit reference bureaus, identity verification providers), as described in Section 6.
We use personal data for: - Credit scoring and eligibility assessment. - Identity verification and authentication. - Fraud prevention, risk assessment, and security monitoring. - Loan servicing (disbursement, repayment processing, customer support). - Regulatory compliance (e.g., AML/KYC and other applicable requirements). - Service communications (transactional updates, repayment reminders). - Marketing attribution and campaign measurement (see Section 5.4) when permitted.
5.1 Contacts (Address Book) If you allow Contacts access, we may collect and upload your contacts list for identity verification, risk assessment, and fraud prevention, as described in Section 2.4. You can manage this permission in iOS Settings. 5.2 Camera and Photos If you allow Camera and/or Photo Library access, you can capture or select documents and images (e.g., ID documents, supporting information) for verification and compliance. You can manage these permissions in iOS Settings. 5.3 Location Services If you allow Location access, we may use it to enhance security, prevent fraud, and support service eligibility checks (e.g., ensuring service availability in supported regions). You can manage this permission in iOS Settings. 5.4 Advertising Identifier (IDFA) and App Tracking Transparency (ATT) If you provide consent through Apple’s App Tracking Transparency prompt, we may access the Identifier for Advertisers (IDFA) for marketing attribution and campaign measurement (for example, to understand which ads led to an installation). If you do not grant permission, we will not access IDFA and will use privacy-preserving measurement methods where available. We use AppsFlyer (or similar attribution technology) for attribution/measurement. We do not use IDFA for credit decisions.
We do not sell your personal data. We may share data with: - Licensed Credit Reference Bureaus (CRBs) where applicable. - Identity verification and fraud prevention service providers. - Payment, banking, or mobile money partners to process disbursements/repayments. - Cloud hosting and infrastructure providers that process data on our behalf under contractual safeguards. - Legal authorities when required by applicable law, court order, or regulatory request in Kenya or Tanzania. We may also share aggregated or de-identified data that cannot reasonably be used to identify you.
We retain personal data only as long as necessary to: - Provide the services. - Prevent fraud and manage disputes. - Comply with legal, regulatory, tax, audit, AML/KYC, and debt collection obligations. Retention periods may vary depending on the data type and applicable legal requirements. When data is no longer needed, we delete or anonymize it in accordance with our retention policies, unless continued retention is required by law.
We implement administrative, technical, and organizational measures designed to protect personal data, including: - TLS encryption in transit. - Encryption and access controls for data storage. - Least-privilege access policies and internal auditing/logging. - Security monitoring and incident response procedures. No method of transmission or storage is 100% secure, but we strive to use industry-standard safeguards.
Your data may be processed on servers located in Kenya, Tanzania, or other countries where our service providers operate. Where cross-border transfers occur, we use appropriate safeguards consistent with applicable law.
Subject to applicable law, you may have the right to: - Access your personal data. - Correct inaccurate or incomplete data. - Request deletion of your data (subject to legal/compliance retention requirements). - Object to or restrict certain processing. - Withdraw consent where processing is based on consent (e.g., certain permissions/marketing). - Opt out of marketing communications where applicable. To exercise your rights, contact us using the details in Section 12.
KKPesa is not intended for children. We do not knowingly collect personal data from individuals under the age of 18. If you believe a child has provided personal data, please contact us and we will take appropriate steps.
- Data Controller: PAYABLU CREDIT LIMITED - Registered Address: 1st Floor, NBK Building, Harambee Avenue, Nairobi, Kenya - Email: dev@payablultd.com - Service Regions: Kenya & Tanzania
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. If we make material changes, we will provide notice in the App or through other appropriate means. Continued use of the App after an update constitutes acceptance of the revised policy.