Privacy Policy

Effective Date: 1 June 2025

Last Updated: 1 June 2025

1. Introduction

Welcome to E-Mpesa (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application E-Mpesa (the “App”), which provides payment services.

By using our App, you consent to the data practices described in this Privacy Policy. If you do not agree with the practices described in this policy, please do not use our App.

2. Information We Collect

2.1 Personal Information

We may collect the following types of personal information:

  • Account Information: Name, email address, phone number and bank account
  • Payment Information: M-Pesa phone numbers and transaction references
  • Contact Information: Business/client details for payment information

2.2 Document and File Information

  • Generated Content: Payment receipt and transaction number
  • Document Metadata: File names, timestamps, and access logs

2.3 Usage Information

  • App Usage: Feature interaction, session duration, preferences
  • Device Information: Device type, OS, mobile network

2.4 Technical Information

  • Log Data: IP addresses, browser type, access history
  • Crash Reports: Errors and diagnostics for debugging
  • Analytics Data: Usage metrics and app performance

3. How We Use Your Information

3.1 Service Provision

  • Currency exchange and payment processing
  • Process M-Pesa payments
  • Transfer deposit and withdraws from and to Deriv
  • Access all your transactions history

3.2 Account Management

  • Create and maintain accounts
  • Authenticate and manage user access
  • Provide support and notify users of changes

3.3 App Improvement

  • Analyze data to improve performance
  • Develop new features
  • Identify and fix bugs

3.4 Communication

  • Service-related notifications
  • Customer support
  • Feedback responses

4. Information Sharing and Disclosure

We do not sell, rent, or trade your information. However, we may share it under the following circumstances:

4.1 Service Providers

We may share data with third parties who help operate the app:

  • Firebase/Google Cloud: Authentication, storage, database
  • M-Pesa: Payment processing
  • Analytics Providers: Performance tracking
  • Technical Support Teams: App maintenance and hosting

4.2 Legal Requirements

We may disclose information to comply with:

  • Legal processes or law enforcement
  • Court orders or government regulations
  • Protection of our users, systems, and rights
  • Prevention of fraud or illegal activities

4.3 Business Transfers

If we merge, are acquired, or sell assets, your data may be transferred.

5. Data Security

We use industry-standard safeguards to protect your data.

5.1 Technical Safeguards

  • Encryption: SSL/TLS for secure data transfer
  • Cloud Storage: Firebase with access control
  • Authentication: Multi-factor options
  • Security Updates: Ongoing patching and improvements

5.2 Access Controls

  • Limited access for authorized personnel only
  • Security audits and vulnerability testing

5.3 Backup and Recovery

  • Regular backups
  • Disaster recovery procedures
  • Data integrity monitoring

6. Data Retention

We retain your data only as long as necessary.

Retention Periods:

  • Account Info: account is deleted after 60 days after user request account to be closed
  • Documents/Files: Until you delete them or storage expires
  • Transaction Records: until you close your account + 60 days
  • Analytics Data: Aggregated and retained indefinitely

7. Your Rights and Choices

7.1 Access and Control

  • View and update account info
  • Request/download personal data
  • Correct inaccurate data
  • Request deletion (where legally possible)

7.2 Privacy Settings

  • Manage notification preferences
  • Opt-out of optional data sharing
  • Control location settings

7.3 Account Management

  • Close or delete your account
  • Export your data before deletion

8. Third-Party Services

We integrate with third-party providers:

8.1 Authentication

8.2 Cloud Services

8.3 Payments

9. Children’s Privacy

We do not knowingly collect data from children under 13. If we become aware of such data, we will delete it.

10. International Data Transfers

Your data may be processed outside your country. We ensure lawful transfers with appropriate safeguards.

11. California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal info is collected
  • Request deletion of personal info
  • Opt-out of data selling
  • Non-discrimination for exercising rights

12. EU Users (GDPR)

If you reside in the EU, you may:

  • Access your data
  • Request correction or erasure
  • Restrict processing
  • Request portability
  • Object to data processing

13. Changes to This Policy

We may update this policy. You’ll be notified via:

  • In-app notice
  • Email (if provided)
  • Posted update in the App

14. Contact Information

If you have any questions or concerns, please contact us:

Email: empesakenya@gmail.com

Phone: +254 701 569 962

Address: Nairobi, Kenya

In-App Support: Available via the help section

15. Consent

By using E-Mpesa, you confirm that you have read and agreed to this Privacy Policy.