Privacy Policy

1. Introduction and scope

This Privacy Policy ("Policy") describes how Pixa SACCO and its affiliates (collectively, "Pixa SACCO", "we", "us", or "our") collect, use, disclose, store, and otherwise process personal information in connection with our websites, web applications, APIs, mobile experiences (if any), and related services (collectively, the "Services").

The Services are designed for savings and credit cooperative organizations (SACCOs), microfinance institutions, workplace savings groups, village savings and loan associations (VSLAs), and similar entities, together with their administrators, staff, auditors, and members ("Organizations" and "Users"). Depending on how your Organization configures the platform, we may process personal information about administrators, employees, members, guarantors, next of kin, and other individuals whose data is entered into the Services by your Organization.

By accessing or using the Services, or by submitting personal information to us or through the Services, you acknowledge that you have read this Policy. If you use the Services on behalf of an Organization, you represent that you are authorized to bind that Organization to this Policy where applicable. If you do not agree with this Policy, you must not use the Services.

This Policy does not override any terms in your subscription agreement, data processing agreement, or similar contract with us; where those documents address privacy or security, the more specific provision applies to the extent of any conflict.

2. Definitions

• "Personal information" means information that identifies or can reasonably be linked to an identified or identifiable individual. It includes contact details, account credentials (in hashed form where stored by us), financial and membership identifiers when tied to a person, and online identifiers such as IP address when combined with other data.
• "Organization" means the legal entity or group that subscribes to or is provisioned on the Services and that determines how member and operational data is collected and used within the product.
• "Processing" means any operation performed on personal information, including collection, recording, organization, storage, adaptation, retrieval, use, disclosure, restriction, erasure, or destruction.

3. Who is responsible for your data

Where we provide the Services directly to an Organization under a commercial agreement, we typically act as a processor or service provider with respect to personal information that the Organization uploads or instructs us to process on its behalf. The Organization is usually the controller or business for that data and is responsible for providing notices to its members and staff and for obtaining consents or other lawful bases where required.

Where we determine the purposes and means of processing—for example, for account creation on our marketing site, billing contact details, security telemetry for our own infrastructure, or compliance with laws that apply directly to us—we act as a controller for those limited categories of data.

If you are a member of a SACCO or similar group and have questions about how your Organization uses your data inside Pixa SACCO, please contact your Organization first. If you have questions about our infrastructure, security, or this Policy, use the contact methods described in Section 15.

4. Information we collect

The categories of personal information we process depend on how you interact with the Services. They may include the following:

4.1 Account and authentication data

• Full name, email address, telephone number, job title or role, and organizational affiliation.
• Credentials: passwords are stored using one-way cryptographic hashing; we do not store plaintext passwords. Session tokens and similar artifacts may be stored in cookies or browser storage to keep you signed in according to your session settings.
• Optional profile fields your Organization enables (for example profile photo URLs, language preferences, or notification settings).

4.2 Organization and subscription data

• Organization name, registration or license identifiers, address, currency, branding assets, and billing contacts.
• Subscription plan, usage metrics, invoice history, and payment-related references (payment card data, if collected, is typically handled by our payment processor and not stored by us except as tokenized references where applicable).

4.3 Operational and financial data you enter in the product

Organizations may store extensive records in the Services. Examples include, without limitation:

• Member records: names, national or government identifiers where permitted, dates of birth, gender, photographs, addresses, employment, next of kin, nominee details, and KYC documents.
• Savings and share capital: account identifiers, balances, transaction history, deposit and withdrawal instructions, and dividend participation.
• Loans: application data, credit assessments, collateral descriptions, repayment schedules, guarantor information, and collections notes.
• Expenses, dividends, meetings, resolutions, audit logs, and exports generated from the above.

This list is illustrative. Your Organization controls which modules and fields are used and what data is mandatory for its operations.

4.4 Communications and support

• Content of emails, in-app messages, or support tickets you send to us or to your Organization through channels we operate.
• Metadata such as timestamps, message identifiers, and delivery status for service-related communications (for example email verification or password reset messages).

4.5 Technical, usage, and security data

• Device and connection data: IP address, approximate location derived from IP, browser type and version, operating system, device identifiers, and screen resolution.
• Usage data: pages or screens viewed, features used, click paths, time spent, errors and crash reports, and API request logs (which may include user or Organization identifiers in server logs).
• Security data: failed login attempts, password reset requests, anomaly detection signals, and audit trails required for accountability and fraud prevention.

4.6 Information from third parties

We may receive personal information from identity providers if your Organization enables single sign-on, from payment processors, from email delivery status webhooks, or from integrations your Organization connects to the Services. We process such information in accordance with this Policy and any applicable integration terms.

5. Purposes and legal bases for processing

For users in the European Economic Area, United Kingdom, or similar jurisdictions, we rely on one or more of the following legal bases under the General Data Protection Regulation (GDPR) or local equivalent, as applicable:

• Contract: processing necessary to perform our agreement with your Organization or to take steps at your request before entering a contract (for example creating an account, providing the Services, invoicing).
• Legitimate interests: improving and securing the Services, debugging, analytics in aggregated or pseudonymized form, direct communication about security or product changes, and preventing abuse—balanced against your rights.
• Legal obligation: compliance with tax, accounting, court orders, or regulatory requests where we are legally required to retain or disclose data.
• Consent: where we expressly ask for consent (for example optional marketing communications or non-essential cookies where required by law), you may withdraw consent at any time without affecting prior processing.

For personal information that Organizations upload about their members, the Organization is generally responsible for establishing its own legal bases (such as contract with the member, legal obligation, or consent) and for providing any required privacy notices.

6. Cookies, sessions, and similar technologies

We and our subprocessors may use cookies, local storage, session storage, and similar technologies for purposes such as:

• Strictly necessary: authentication, load balancing, security (for example CSRF protection), and remembering essential preferences.
• Functional: remembering UI choices where not strictly necessary but improving usability.
• Analytics: understanding aggregate usage patterns to improve the product, where implemented.

Where required by law, we will obtain consent before using non-essential cookies and provide a cookie preference mechanism. You can also control cookies through your browser settings; disabling strictly necessary cookies may prevent the Services from functioning correctly.

7. Disclosure and subprocessors

We do not sell your personal information and we do not share it for cross-context behavioral advertising as a "sale" under the California Consumer Privacy Act (CCPA) as amended. We may disclose personal information in the following circumstances:

• Service providers and subprocessors: hosting providers, database and backup vendors, email delivery services, error monitoring, customer support tools, and security vendors, bound by written agreements requiring appropriate confidentiality and security measures and processing only on our instructions where they act as processors.
• Your Organization: administrators and authorized Users within the same Organization can typically access operational data according to role-based permissions configured in the product.
• Professional advisers: lawyers, accountants, or insurers under confidentiality obligations.
• Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality and continued protection of personal information.
• Legal and safety: when we believe disclosure is necessary to comply with law, regulation, legal process, or governmental request; to enforce our terms; to protect the rights, property, or safety of Pixa SACCO, our users, or the public; or to detect or prevent fraud or security incidents.

8. International transfers

We may process and store personal information in countries other than the country in which you or your Organization are located. Those countries may have data protection laws that differ from those of your country. Where we transfer personal information from the EEA, UK, or Switzerland to countries not deemed to provide an adequate level of protection, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or UK authorities, or other lawful transfer mechanisms, supplemented by technical and organizational measures as required.

9. Data retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Policy, unless a longer period is required or permitted by law. Typical factors include:

• Active subscription: operational data remains available for the duration of the Organization's subscription and according to the Organization's retention settings where offered.
• After termination: we may retain certain data for a defined wind-down period for disaster recovery, dispute resolution, or legal compliance, then delete or irreversibly anonymize it in accordance with your contract and our data retention schedule.
• Logs and backups: server and security logs may be retained for a shorter or longer technical window depending on system design; backup media may retain residual copies until overwritten in the ordinary course.
• Legal holds: we may preserve data when required for litigation, investigations, or regulatory inquiries.

10. Security

We implement technical and organizational measures designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures may include, where appropriate:

• Encryption in transit (such as TLS) for data transmitted over public networks.
• Encryption at rest for databases and backups where supported by our infrastructure.
• Role-based access control, least-privilege administrative access, and authentication requirements.
• Logging, monitoring, and incident response procedures.
• Vendor security assessments and contractual security commitments.

No method of transmission or storage is completely secure. You are responsible for maintaining the confidentiality of your credentials and for notifying your Organization or us promptly if you suspect unauthorized access to your account.

11. Your rights and how to exercise them

Depending on your location, you may have rights under applicable privacy laws. These may include, where applicable:

• Access: obtain confirmation of whether we process your personal information and receive a copy in a structured, commonly used format where technically feasible.
• Rectification: correct inaccurate or incomplete personal information.
• Erasure: request deletion of personal information subject to legal exceptions (for example records we must retain for regulatory purposes).
• Restriction or objection: limit or object to certain processing, including processing based on legitimate interests.
• Portability: receive personal information you provided in a machine-readable format where processing is based on consent or contract and is automated.
• Withdraw consent: where processing is based on consent, withdraw it at any time.
• Non-discrimination (CCPA): we will not deny services, charge different prices, or provide a different level of quality solely because you exercised your privacy rights, except where permitted by law (for example reasonable incentives related to voluntary programs).

For data that your Organization controls in the Services, we may need to forward your request to the Organization or ask you to contact them directly, since we may not have authority to modify or delete their operational records. For data for which we are the controller, contact us as described in Section 15. You may also lodge a complaint with a supervisory authority in your country of residence or work.

12. Children

The Services are not directed to individuals under the age of 16 (or the higher age required in your jurisdiction) for their independent use. Organizations should not create member accounts for minors except where permitted by law and with appropriate parental or guardian authority. If you believe we have collected personal information from a child in violation of this Policy, please contact us and we will take appropriate steps to investigate and remediate.

13. Automated decision-making

The Services may support workflows, alerts, or calculations (for example interest accrual, eligibility checks, or reporting) that operate according to rules configured by your Organization. Unless we explicitly notify you otherwise and obtain any legally required consent, we do not make solely automated decisions that produce legal or similarly significant effects about you without human involvement by the Organization where such decisions are restricted by law.

14. Changes to this policy

We may update this Policy periodically to reflect changes in our practices, technology, legal requirements, or the Services. We will revise the "Effective and last updated" date at the top of this page and, where changes are material, provide additional notice as required by law (for example by email to Organization administrators or an in-product notification). Your continued use of the Services after the effective date of an update constitutes your acknowledgment of the revised Policy where permitted by law. If you do not agree, you should stop using the Services and contact your Organization.

15. Contact and complaints

For questions about this Policy, to exercise privacy rights where Pixa SACCO acts as controller, or to report a concern about our processing practices, please contact your Organization's administrator in the first instance for operational data, or use the official support or privacy contact published for your deployment of Pixa SACCO (for example on your Organization's intranet, contract, or our website).

If we do not resolve your concern, you may have the right to complain to a data protection authority. In the European Economic Area, a list of supervisory authorities is available from the European Data Protection Board. In the United Kingdom, the Information Commissioner's Office (ICO) accepts complaints from individuals.

This Policy is provided for transparency and does not constitute legal advice. Organizations should consult qualified counsel regarding their obligations under financial services, cooperative, employment, and data protection laws applicable in their jurisdiction.