1.1 Personal Identification Information: When you register, we may collect your full name, email address, phone number, government-issued ID, and physical address.

1.2 Financial Information: To facilitate transactions, we collect payment method details, bank account information, mobile money credentials, transaction history, and wallet balances. All financial data is encrypted and stored securely.

1.3 Verification Information: To comply with anti-money laundering (AML) and know-your-customer (KYC) regulations, we may collect tax identification numbers, source of funds documentation, and beneficial ownership information.

1.4 Usage Data: We automatically collect information about your interactions with the Platform, including IP addresses, device identifiers, browser types, access times, pages viewed, and referral sources.

1.5 Communications Data: We may record and store communications between you and other Platform users, customer support inquiries, and feedback submissions.

2.1 Platform Operation: To create and manage your account, facilitate partnerships, process payments, and provide customer support.

2.2 Compliance: To verify your identity, prevent fraud, comply with financial regulations (including AML/KYC), and investigate suspicious activities.

2.3 Communication: To send transaction notifications, updates about your partnerships, security alerts, and promotional offers (you may opt out of marketing communications).

2.4 Improvement: To analyze usage patterns, troubleshoot issues, and enhance Platform features and security.

2.5 Legal Obligations: To respond to lawful requests from regulatory authorities, law enforcement, and courts.

For users in the European Economic Area, we process your personal information based on: (a) performance of a contract (e.g., facilitating your partnerships), (b) compliance with legal obligations (e.g., AML regulations), (c) your explicit consent (e.g., marketing communications), and (d) our legitimate interests (e.g., Platform security and improvement).

4.1 With Other Users: When you enter a partnership, certain information (e.g., your username, partnership terms, and ratings) may be visible to your counterparty.

4.2 Service Providers: We share information with third-party vendors who provide payment processing, identity verification, data storage, customer support, and analytics services under strict confidentiality agreements.

4.3 Regulatory Authorities: We may disclose information to financial regulators, law enforcement, or tax authorities as required by applicable law (including the Central Bank of Kenya, Kenya Revenue Authority, and Financial Reporting Centre).

4.4 Business Transfers: In the event of a merger, acquisition, or asset sale, your information may be transferred to the successor entity.

4.5 With Your Consent: We may share your information for other purposes with your explicit consent.

4.6 Aggregated Data: We may share anonymized, aggregated data for research, marketing, or analytical purposes that cannot reasonably identify you.

We implement industry-standard security measures, including:

• Encryption: All financial and personal data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access Controls: Role-based access restrictions and multi-factor authentication for system administrators.
• Monitoring: 24/7 intrusion detection and real-time fraud monitoring systems.
• Audits: Regular third-party security assessments and penetration testing.

While we take reasonable precautions, no method of transmission over the Internet or electronic storage is 100% secure. You are responsible for maintaining the confidentiality of your account credentials.

We retain your personal information for as long as your account is active or as necessary to provide our services. After account closure, we may retain certain information to comply with legal obligations (e.g., financial transaction records for 7 years under Kenyan law), resolve disputes, prevent fraud, and enforce our agreements.

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information (subject to legal retention obligations).
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Request a machine-readable copy of your data for transfer to another service provider.
• Objection: Object to processing based on legitimate interests or direct marketing.
• Withdraw Consent: Withdraw previously given consent at any time.

To exercise these rights, contact us at privacy@hellogwiji.com. We will respond within 30 days.

We use cookies, web beacons, and similar technologies to enhance your experience, analyze usage, and serve relevant content. You may configure your browser to reject cookies, but some Platform features may not function properly. For more information, see our Cookie Policy.

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We implement appropriate safeguards, such as standard contractual clauses, to ensure your information remains protected.

The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors. If we become aware of such collection, we will delete the information immediately.

The Platform may contain links to external websites. We are not responsible for the privacy practices of such third parties. We encourage you to review their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. Material changes will be notified via email or prominent notice on the Platform. Your continued use of the Platform after such changes constitutes acceptance of the revised policy.

For privacy-related inquiries, complaints, or to exercise your rights, please contact us at:

Email: privacy@hellogwiji.com
Address: [Insert Your Physical Address]
Data Protection Officer: [Insert DPO Name and Contact]

You also have the right to lodge a complaint with your local data protection authority (e.g., the Office of the Data Protection Commissioner in Kenya).

To the fullest extent permitted by law, Hello Gwiji shall not be liable for any unauthorized access, data breach, or loss of information resulting from circumstances beyond our reasonable control, including but not limited to cyberattacks, force majeure events, or user negligence in safeguarding account credentials. You agree to indemnify and hold Hello Gwiji harmless from any claims arising from your violation of this Privacy Policy or applicable laws.