Privacy Policy

(Last updated: May 14, 2025)

1. Introduction

This Privacy Policy describes how Chotapesa and its Affiliates ("we," "us," or "our") collect, store, use, transfer, disclose, and protect your Personal Information in compliance with Tanzanian law, including the Personal Data Protection Act (PDPA), 2022, and other applicable regulations.

By using the Application, you acknowledge that you have read, understood, and consent to the terms herein. This Policy applies alongside our Terms and Conditions and governs your use of the Platform and Services.

2. Definitions

• "Applicable Law" includes the PDPA, Electronic and Postal Communications Act (EPOCA), Cybercrimes Act, and other Tanzanian regulations.
• "Sensitive Personal Information" refers to data such as religion, marital status, biometrics, financial details, and health-related information, as defined under the PDPA.

3. Personal Information We Collect

a. Information Provided Directly by You:

• Name, date of birth, gender, educational background, religion (explicit consent required), physical address, email, occupation, marital status, emergency contacts, phone number, SIM details, financial/credit details (e.g., Mobile Money/bank account information).

b. Information Collected Automatically:

• Technical Data: We collect your IP address, device information (e.g., device model, operating system, browser type), and usage data (e.g., pages visited, session duration). With your permission, we may also collect information about your SMS (time stamp, phone number, and SMS content), phone status, camera, advertising ID, and other data. This information may be uploaded to our servers or a service provider's server, or stored locally on your device. You can enable or disable access to this information at any time through your device settings, but this may affect certain functionalities.
• Location Data: We collect real-time geographic location data when you use the App. You may disable location tracking, but this may affect certain functionalities.
• Cookies and Tracking Technologies: We use cookies and similar technologies to enhance user experience and track activity. You can manage cookie settings through your device or browser, but disabling cookies may impact App functionality.

c. Information from Third Parties:

• Credit bureaus, banks, mobile networks, and partners, collected only for lawful purposes with verified consent.

d. Third-Party Data You Provide:

• Emergency contacts or family members’ data. You confirm obtaining their explicit consent for processing.

4. Legal Basis for Processing

• Explicit consent (for Sensitive Data).
• Contractual necessity (e.g., account registration, loan services).
• Legal obligations (e.g., anti-money laundering checks).
• Legitimate interests (e.g., improving App functionality).

5. Use of Personal Information

• Verify identity, manage accounts, process payments, and conduct credit scoring.
• Comply with legal obligations (e.g., KYC, anti-money laundering).
• Communicate updates, resolve queries, and improve services.
• Send marketing materials (with opt-in consent).

Automated Decision-Making:

Credit scoring models are transparent. You may request manual review.

6. Data Sharing and Transfers

We share data only with:

• Regulators, banks, and partners necessary for service delivery.
• Third parties under contractual safeguards (e.g., data processors).

International Transfers:

Data is stored in Tanzania. Any cross-border transfers will comply with PDPA requirements (e.g., adequacy decisions or binding corporate rules).

7. Data Retention

• Only as long as necessary for the purposes stated.
• Specific retention periods:
  • Account data: 7 years post-account closure (for legal compliance).
  • Transaction records: 5 years (per financial regulations).
• Anonymized data may be retained for analytics.

8. Security and Breach Notification

• We implement technical and organizational measures to protect your data.
• In case of a breach, we will notify the Tanzania Data Protection Commission and affected users within 72 hours, per PDPA requirements.

9. Your Rights

Under Tanzanian law, you have the right to:

• Access, correct, or delete your data.
• Withdraw consent (may affect service availability).
• Object to automated decisions or direct marketing.
• Request data portability (where feasible).

Submit requests to: [email protected]. Responses within 30 days.

10. Marketing Communications

• Marketing materials (SMS, email, push notifications) require opt-in consent.
• Opt-out anytime via embedded links or by contacting us.

11. Children’s Data

Services are not directed to minors under 18. If inadvertently collected, we will delete such data upon verification.

12. Changes to This Policy

Updates will be notified via email/App notifications. Continued use implies acceptance.

13. Contact Us

For inquiries, data requests, or complaints:

Email: [email protected]

Acknowledgment and Consent

By using the App, you:

• Confirm explicit consent for Sensitive Data processing.
• Agree to third-party data sharing as described.
• Accept PDPA-compliant practices outlined above.