Privacy Policy

1. Introduction

Welcome to MyKoloBox ("we," "our," or "us"). MyKoloBox is a digital platform that facilitates traditional savings groups, commonly known as "Ajo," "Esusu," or "Tontines" in various African communities. We are committed to protecting your privacy and ensuring the security of your personal and financial information.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, whether through our website, mobile application, or any related services (collectively, the "Service").

2. Information We Collect

2.1 Personal Information

When you create an account or use our services, we collect:

• Identity Information: Full name, email address, phone number, date of birth
• Contact Information: Postal address, emergency contact details
• Authentication Information: Username, password, security questions
• Profile Information: Profile picture, bio, preferences

2.2 Financial Information

To facilitate savings group operations, we collect:

• Banking Details: Bank account numbers, routing numbers, account names
• Payment Information: Credit/debit card details (stored securely by our payment processors)
• Transaction History: Contribution records, withdrawal history, payment statuses
• Virtual Account Information: Generated virtual account numbers for deposits

2.3 Group Participation Data

• Group Membership: Groups joined, positions held, roles (member, admin, creator)
• Contribution Records: Payment amounts, dates, frequencies, cycles
• Communication: Messages within groups, invitations sent/received
• Activity Logs: Login times, feature usage, group interactions

2.4 Technical Information

• Device Information: IP address, browser type, device identifiers
• Usage Data: Pages visited, time spent, click patterns
• Location Data: General location based on IP address
• Performance Data: App crashes, response times, error logs

3. How We Use Your Information

3.1 Core Platform Services

• Create and manage your account
• Facilitate group creation and membership
• Process contributions and withdrawals
• Calculate contribution schedules and rotation cycles
• Send notifications about payments and group activities
• Maintain accurate financial records

3.2 Security and Fraud Prevention

• Verify your identity and prevent unauthorized access
• Detect and prevent fraudulent activities
• Monitor for suspicious transactions
• Comply with Know Your Customer (KYC) requirements

3.3 Communication and Support

• Send important account and service updates
• Provide customer support and respond to inquiries
• Send payment reminders and group notifications
• Deliver marketing communications (with consent)

3.4 Platform Improvement

• Analyze usage patterns to improve our services
• Develop new features and functionalities
• Conduct research on savings group behaviors
• Ensure platform stability and performance

4. Information Sharing and Disclosure

4.1 Within Your Savings Groups

4.2 Service Providers

We share information with trusted third-party service providers:

• Payment Processors: Monnify, Flutterwave, and other payment gateways
• Banking Partners: For virtual account creation and management
• Cloud Services: AWS, Google Cloud for data storage and processing
• Communication Services: For SMS and email delivery

4.3 Legal and Regulatory Compliance

We may disclose information when required by law or to:

• Comply with legal processes and government requests
• Enforce our Terms of Service
• Protect the rights, safety, and property of users
• Prevent fraud and ensure platform security
• Meet regulatory requirements for financial services

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction, subject to equivalent privacy protections.

5. Financial Information Protection

5.1 Payment Card Industry (PCI) Compliance

Our payment processing partners maintain PCI DSS compliance, ensuring your payment card information is handled according to the highest security standards.

5.2 Banking Information Security

• Bank account details are encrypted using AES-256 encryption
• Access to financial data is restricted to authorized personnel only
• All financial transactions are logged and monitored
• Regular security audits of financial data handling processes

5.3 Transaction Monitoring

We monitor transactions for suspicious activity and may temporarily restrict accounts or request additional verification to protect against fraud.

6. Group and Contribution Data

6.1 Group Creation and Management

When you create or join a savings group:

• Group details (name, cycle, amount) are shared with all members
• Your contribution history is visible to group participants
• Position numbers and rotation schedules are transparent
• Communication within groups is recorded for dispute resolution

6.2 Contribution Tracking

We maintain detailed records of:

• Contribution amounts and payment dates
• Missed payments and late fees
• Withdrawal amounts and beneficiary information
• Group completion and payout history

6.3 Dispute Resolution

Group data may be used to resolve disputes between members, including providing transaction history and communication records to relevant parties.

7. Data Security

7.1 Technical Safeguards

• Encryption: All data in transit and at rest is encrypted using industry-standard protocols
• Secure Infrastructure: Cloud-based architecture with multiple layers of security
• Access Controls: Role-based access with multi-factor authentication
• Regular Updates: Security patches and system updates applied promptly

7.2 Organizational Safeguards

• Employee training on data protection and privacy
• Background checks for personnel with data access
• Incident response procedures for security breaches
• Regular security assessments and penetration testing

7.3 Data Breach Response

In the unlikely event of a data breach, we will:

• Notify affected users within 72 hours
• Provide details about the nature and scope of the breach
• Offer guidance on protective measures
• Cooperate with regulatory authorities as required

8. Data Retention

8.1 General Retention Periods

• Account Information: Retained while account is active plus 7 years after closure
• Financial Records: Maintained for 7 years for regulatory compliance
• Transaction History: Permanent retention for completed savings cycles
• Communication Logs: 5 years for dispute resolution purposes

8.2 Legal and Regulatory Requirements

Some data may be retained longer to comply with:

• Anti-money laundering (AML) regulations
• Tax reporting requirements
• Fraud prevention and detection
• Legal proceedings and court orders

8.3 Data Deletion

Upon request and subject to legal requirements, we will delete or anonymize your personal data. Note that some information may need to be retained for completed savings group cycles.

9. Your Rights and Choices

9.1 Access and Portability

• Request access to your personal data
• Download your account information and transaction history
• Obtain a copy of your data in a portable format

9.2 Correction and Updates

• Update your profile information at any time
• Correct inaccurate personal data
• Add missing information to your account

9.3 Communication Preferences

• Opt out of marketing communications
• Customize notification settings
• Choose preferred communication channels

9.4 Account Closure

You may close your account at any time, subject to:

• Completion of active savings group commitments
• Settlement of outstanding financial obligations
• Compliance with legal retention requirements

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

• Essential Cookies: Required for platform functionality and security
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember your settings and preferences
• Security Cookies: Detect suspicious activity and protect against fraud

10.2 Managing Cookies

You can control cookies through your browser settings, though disabling essential cookies may affect platform functionality.

11. Third-Party Services

Our platform integrates with various third-party services:

• Monnify: Payment processing and virtual account creation
• Banking Partners: Account verification and transaction processing
• SMS Providers: Transaction notifications and alerts
• Email Services: Account communications and updates

These services have their own privacy policies, and we encourage you to review them.

12. International Data Transfers

While our primary operations are in Nigeria, some data may be processed in other countries where our service providers operate. We ensure adequate protection through:

• Contractual safeguards with service providers
• Compliance with international data protection standards
• Regular monitoring of data handling practices

13. Children's Privacy

MyKoloBox is designed for users 18 years of age and older. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our services or features
• New legal or regulatory requirements
• Enhanced security measures
• User feedback and suggestions

We will notify you of significant changes through email or platform notifications at least 30 days before they take effect.

15. Contact Information