FinFlo Privacy Policy

FinFlo Privacy Policy

Effective Date: 21-Nov-2025

1. Introduction

Welcome to FinFlo. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how FinFlo ("we," "our," or "us") collects, uses, discloses, and safeguards your information when you use our mobile applications and services.

By using FinFlo applications (User App, Agent App, Merchant App, or School Merchant App), you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

When you register and use FinFlo services, we collect the following personal information:

  • Identity Information:

    • Full name

    • Phone number (required for registration)

    • Email address (optional)

    • Date of birth (for KYC verification)

  • KYC/KYB Documents:

    • National ID card or passport

    • Proof of address

    • Business registration documents (for merchants and agents)

    • Business license (for merchants)

    • School registration documents (for school merchants)

    • Photographs for identity verification

  • Financial Information:

    • Transaction history

    • Wallet balance and transaction records

    • Bank account details (for withdrawals)

    • Mobile money account information

    • Credit score and loan information

  • Device Information:

    • Device ID

    • Device type and model

    • Operating system version

    • Mobile network information

    • IP address

    • Device public key (for encryption)

  • Location Information:

    • Approximate location (for finding nearby agents)

    • GPS coordinates (if location services are enabled)

2.2 Transaction Information

We collect information about your transactions, including:

  • Payment amounts and recipients

  • Transaction timestamps

  • Transaction types (P2P, C2B, A2C, A2M, SERVICE, etc.)

  • Service purchases (airtime, data, utilities, Pay TV)

  • School fee payments

  • Loan applications and repayments

  • Withdrawal requests

2.3 Usage Information

We automatically collect information about how you use our services:

  • App usage patterns

  • Features accessed

  • Time spent in the app

  • Error logs and crash reports

  • Performance data

2.4 Communication Information

  • Customer support communications

  • Feedback and survey responses

  • Notification preferences

2.5 School-Specific Information (School Merchants)

For school merchants, we also collect:

  • Student information (names, student IDs, class/grade)

  • Fee structures and payment records

  • Academic cycle information

  • Outstanding balance records

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

  • To create and manage your account

  • To process transactions and payments

  • To provide customer support

  • To verify your identity (KYC/KYB)

  • To enable features like QR code payments, money transfers, and bill payments

3.2 Security and Fraud Prevention

  • To authenticate your identity

  • To detect and prevent fraud, money laundering, and other illegal activities

  • To protect your account and transactions

  • To comply with regulatory requirements

3.3 Communication

  • To send transaction notifications

  • To provide important service updates

  • To respond to your inquiries

  • To send marketing communications (with your consent)

3.4 Service Improvement

  • To analyze usage patterns and improve our services

  • To develop new features

  • To fix bugs and technical issues

  • To conduct research and analytics

3.5 Legal Compliance

  • To comply with applicable laws and regulations

  • To respond to legal requests and court orders

  • To enforce our terms of service

  • To protect our rights and the rights of our users

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our services:

  • Payment Processors: PayPal and other payment gateway providers for processing mobile money and bank transfers

  • Cloud Services: Cloud hosting providers for data storage and processing

  • Analytics Services: Firebase and other analytics providers for app performance monitoring

  • Communication Services: SMS and email service providers for notifications

  • Identity Verification Services: Third-party KYC/KYB verification providers

4.2 Financial Institutions

  • Banks and mobile money operators for processing transactions

  • Credit bureaus for credit scoring and loan eligibility

4.3 Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or legal processes

  • Government requests

  • Regulatory investigations

  • Protection of rights, property, or safety

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.5 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Technical Safeguards

  • Encryption: All data transmitted between your device and our servers is encrypted using SSL/TLS

  • Secure Storage: Personal information is stored in encrypted databases

  • PIN Protection: Your PIN is hashed and never stored in plain text

  • Biometric Authentication: Support for fingerprint and face recognition for additional security

  • Token-Based Authentication: Secure JWT tokens for API authentication

5.2 Administrative Safeguards

  • Access controls and authentication requirements for staff

  • Regular security audits and assessments

  • Employee training on data protection

  • Incident response procedures

5.3 Physical Safeguards

  • Secure data centers with restricted access

  • Environmental controls and monitoring

Note: While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you

  • Comply with legal obligations

  • Resolve disputes

  • Enforce our agreements

Transaction records and financial data are retained for a minimum of 7 years as required by financial regulations. KYC documents are retained as required by anti-money laundering regulations.

When you request account deletion, we will delete or anonymize your personal information, except where we are required to retain it by law.

7. Your Rights and Choices

You have the following rights regarding your personal information:

7.1 Access and Portability

  • Request access to your personal information

  • Request a copy of your data in a portable format

  • View your transaction history and account information

7.2 Correction

  • Update your personal information through the app settings

  • Request correction of inaccurate information

7.3 Deletion

  • Request deletion of your account and personal information

  • Note: Some information may be retained for legal compliance

7.4 Opt-Out

  • Opt out of marketing communications

  • Disable push notifications (except critical transaction notifications)

  • Disable location services

7.5 Data Portability

  • Export your transaction history and statements

  • Request your data in a machine-readable format

7.6 Withdraw Consent

  • Withdraw consent for data processing where applicable

  • Note: This may affect your ability to use certain services

To exercise these rights, please contact us at [privacy@finflo.com] or through the app settings.

8. Children's Privacy

FinFlo services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete such information promptly.

Parents or guardians who believe their child has provided personal information should contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Third-Party Services

Our apps may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of third-party services before using them.

10.1 Integrated Services

  • Payment Gateways: PayPal and other payment processors

  • Analytics: Firebase Analytics

  • Push Notifications: Firebase Cloud Messaging

  • Cloud Storage: Cloud hosting providers

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Remember your preferences

  • Analyze app usage

  • Improve user experience

  • Provide personalized content

You can control cookies through your device settings, though this may affect app functionality.

12. Biometric Data

If you choose to enable biometric authentication (fingerprint or face recognition), your biometric data is stored securely on your device and is never transmitted to our servers. We only receive confirmation of successful authentication.

13. Marketing Communications

We may send you marketing communications about our services, promotions, and updates. You can opt out at any time by:

  • Using the unsubscribe link in emails

  • Adjusting notification settings in the app

  • Contacting us directly

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy in the app

  • Sending a notification through the app

  • Updating the "Last Updated" date

Your continued use of FinFlo services after changes become effective constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

FinFlo Privacy Team

16. Regulatory Compliance

FinFlo operates in compliance with:

  • Data Protection Act of Uganda (2019)

  • Anti-Money Laundering (AML) regulations

  • Know Your Customer (KYC) requirements

  • Financial services regulations

17. Data Protection Officer

For data protection inquiries, you can contact our Data Protection Officer at:

18. Complaints

If you have concerns about how we handle your personal information, you have the right to file a complaint with:

  • Our support team at finfloug@gmail.com

  • The relevant data protection authority in your jurisdiction

19. Consent

By using FinFlo services, you consent to:

  • The collection and use of your information as described in this policy

  • The processing of your personal information for the purposes outlined

  • The transfer of your information as described in this policy

20. Account Security

You are responsible for:

  • Maintaining the confidentiality of your PIN

  • Keeping your device secure

  • Notifying us immediately of any unauthorized access

  • Using strong authentication methods

21. Special Provisions for Different User Types

21.1 Regular Users

  • Standard personal and financial information collection

  • Transaction history and wallet management

  • Service purchase records

21.2 Agents

  • Additional business information and documents

  • Commission and transaction records

  • Float management data

  • Agent performance metrics

21.3 Merchants

  • Business registration and verification documents

  • Payment processing records

  • Customer transaction data (anonymized where possible)

  • Revenue and analytics data

21.4 School Merchants

  • School registration documents

  • Student information (collected with appropriate consent)

  • Fee structure and payment records

  • Academic cycle data

22. Data Breach Notification

In the event of a data breach that may affect your personal information, we will:

  • Notify you as soon as possible

  • Provide details of the breach

  • Explain steps we are taking to address it

  • Advise on steps you can take to protect yourself

23. Automated Decision Making

We use automated systems for:

  • Credit scoring and loan eligibility

  • Fraud detection

  • Transaction processing

  • Risk assessment

You have the right to request human review of automated decisions that significantly affect you.

By using FinFlo, you acknowledge that you have read, understood, and agree to this Privacy Policy.

FinFlo App is offered to you by Hussein Mwinyi Ibrahim and FinFlo (U) Ltd as a company

Version: 1.0

Comments

Post a Comment

Popular posts from this blog

FinFlo Account Deletion Policy

 Overview: This Account Deletion Policy outlines the procedures and guidelines for users who wish to delete their accounts on the FinFlo platform. Account Rectification/Deletion Request: Users can request the rectification or deletion of their accounts by submitting a formal request through email or phone as specified in the Privacy Policy on the Website and App. The request should include the user's full name, username, and any other information necessary to identify the account. Verification: To ensure the security and privacy of our users, FinFlo will verify the identity of the account owner before processing the deletion request. This may involve confirming account details, requesting additional information, or using multi-factor authentication. Processing Time: Account deletion requests will be processed within 7 business days after successful verification and any other timelines as stipulated in the Data Protection and Privacy Act, 2019. During this period, users may not...
Read more