Mkopo Wallet Privacy Policy

Last Updated: April 27, 2025

Mkopo Wallet and its formally affiliated entities in Tanzania (hereinafter referred to as "Mkopo Wallet", "we" or "us") are committed to protecting your personal privacy. This policy details how we collect, use, store and protect your personal data.

1. Data We Collect

To provide loan services, we only collect necessary information:

SMS permissions (READ_SMS)

• Collected content: financial SMS (loans, bills, payment amounts, loan overdue, etc.), verification code SMS, etc.
• Purpose:
  1. Analyze financial-related SMS to assess the user's credit status and develop personalized loan products and services by accessing SMS permissions. Provide appropriate loan products and services by analyzing bills and transaction amount SMS. For example, analyze loan and loan overdue SMS to assess the user's credit status.
  2. To protect the security of user accounts and funds, analyze the verification code SMS to match whether the current device is the device that receives SMS to prevent fraudulent users from logging in with unauthorized devices.
• Security assurance: Data is only used for risk control system analysis of this platform and will not be shared with third parties without user authorization. Data will be encrypted and transmitted to a secure server (https://mkopo-wallet.com/) and will be deleted immediately after analysis. Users can also request to delete information through the online customer service in the App.

Call log permissions (READ_CALL_LOG)

• Collected content: call time, call status, call number and other information
• Purpose: Voice OTP service is provided to make up for the problem that some users receive SMS OTP slowly or cannot receive it. In order to protect the security of user accounts and funds, when using the Voice OTP service, you need to access the call log permission to analyze the call time, call status and caller number in the call log to match the time, answering status and number of the Vocie OTP service call from Mkopo Wallet. This will help us confirm whether the current device is an authorized device to answer the call and prevent fraudulent users from logging in with unauthorized devices.
• Security guarantee: The data is only used for the risk control system analysis of this platform and will not be shared with third parties without user authorization. The data will be encrypted and transmitted to the secure server (https://mkopo-wallet.com/) and deleted immediately after the analysis. Users can also request to delete the information through the online customer service in the App.

Calendar permissions (READ_CALENDAR)

• Collected content: calendar event title, start and end time, whether the event is repeated
• Purpose: will be used for credit repayment reminders and detection of abnormal time behavior patterns
• Security guarantee: The data is only used for the risk control system analysis of this platform and will not be shared with third parties without user authorization. The data will be encrypted and transmitted to the secure server (https://mkopo-wallet.com/) and deleted immediately after the analysis. Users can also request to delete the information through the online customer service in the App.

Installed App Information

• Collected content: application name, installation date, update date, version number, etc.
• Purpose: By analyzing whether the installed App contains virus software or fraudulent software, prevent other programs from stealing user account information to log in and submit false loan applications, thereby protecting the security of user information and loan funds.
• Security guarantee: The data is only used for anti-fraud on this platform. The data will be encrypted and transmitted to the secure server (https://mkopo-wallet.com/) and deleted immediately after the analysis. Users can also request to delete the information through the online customer service in the App.

Basic personal information

• Collected content: name, ID number, mobile phone number, email, age
• Purpose: real-name authentication, anti-fraud verification, loan electronic contract signing

Bank account information

• Collected content: binding bank institution, bank card number, account holder's name
• Purpose: loan issuance after loan application is approved.

Camera permissions

• Collected content: face recognition, ID card shooting
• Purpose: taking ID card photos to help users identify ID card information to complete automatic filling, while performing liveness detection and ID card authenticity verification.

Location information

• Collected content: approximate location information
• Purpose: set anti-fraud geo-fence to confirm that you are within our service range. So that we can provide personalized services based on your location information while assessing risks and your loan application.

Device information

• Collected content: device model, screen size, MAC address, IMIEI, hardware model, operating system version, etc.
• Purpose: We collect information about your device to ensure its safe use and prevent unauthorized individuals or applications from using it. This helps prevent fraud and ensures that only your device can access your account.

2. How We Use Your Data

• Loan Processing & Account Management: Your data is used to verify identity, assess creditworthiness, process loan applications and manage accounts. This includes validating your information against trusted sources to prevent fraud.
• Customer Support & Communication: We may contact you via email, SMS or in-app notifications regarding loan status, repayment reminders or important service updates. You may opt out of promotional messages at any time.
• Risk Assessment & Fraud Prevention: We analyze device and location data to detect suspicious activity and ensure security of your account and our platform.
• Legal & Regulatory Compliance: We retain necessary records to comply with Tanzanian financial regulations, tax laws and anti-money laundering (AML) requirements.
• Service Improvement: Aggregated anonymous data helps us improve app performance, develop new features and optimize loan products.

3. Data Sharing & Storage

• We prioritize your data security and only share limited data with trusted partners under strict confidentiality agreements:
• Third-Party Service Providers: We work with secure cloud storage providers, payment processors and identity verification services. These partners are contractually obligated to protect your data and prohibited from using it for unrelated purposes.
• Legal & Regulatory Disclosures: We may disclose your information if required by law, court order or government authority (e.g. Bank of Tanzania regulations). You will be notified unless legally prohibited.
• Business Transfers: In case of merger, acquisition or asset sale, your data may be transferred to the new entity under this policy's terms.
• International Transfers: If data is processed outside Tanzania, we ensure equivalent protection through Standard Contractual Clauses (SCCs) or other safeguards.
• Storage & Retention: Your data is securely stored in encrypted databases and retained only as necessary (typically 5 years after loan closure for legal compliance).

4. Your Rights

Under Tanzanian law, you have full control over your personal data:

• Access & Portability: Request a copy of your data in machine-readable format via email.
• Rectification: Update inaccurate or incomplete information through the app or by contacting us.
• Erasure: Request deletion of your data unless we are legally required to retain it (e.g. loan records).
• Restriction of Processing: Limit how we use your data (e.g. pause marketing communications).
• Objection to Processing: Challenge automated credit decisions or profiling by requesting human review.
• Withdrawal of Consent: Revoke permissions (e.g. location tracking) in app settings. Note: This may affect service functionality.
• Lodging Complaints: Contact the Tanzania Commission for Science and Technology (COSTECH) if you believe your rights have been violated.

To exercise these rights, email Ip.Impulsando.tu.Progreso@outlook.com with proof of identity. We will respond within 14 business days.

5. Data Security

• We implement technical and organizational safeguards to protect your data:
• Encryption: Data in transit and at rest is encrypted
• Access Controls: Strict permission management systems
• Security Audits: Regular system vulnerability scans and penetration tests
• Staff Training: All employees handling data receive privacy protection training

Please note that internet transmission cannot be 100% secure. You should safeguard account credentials and avoid sharing passwords.

6. Policy Updates

We may periodically revise this policy to reflect legal changes or service updates. Material changes will be notified through:

• In-app banners or push notifications
• Email alerts (if subscribed)
• Updated "Last Revised" date at the top of the policy

Continued use of Mkopo Wallet for 30 days after updates constitutes acceptance. Archived versions are available here for reference.

7. Contact Us

For any questions, data requests or complaints:

• Email: Ip.Impulsando.tu.Progreso@outlook.com
• Mkopo Wallet official support website: https://mkopo-wallet.com/