Kopasasa — Privacy Policy

1. Agreement to This Policy

By downloading, registering, or using Kopasasa, you confirm that you have read, understood, and agreed to this Privacy Policy. If you do not agree, you should stop using the Services immediately.

2. Information We Collect

Depending on how you use Kopasasa, we may collect the following categories of personal data:

• Personal Details: full name, date of birth, gender
• Contact Details: phone number, email address, emergency contact information
• Financial Information: income range, bank account details
• Employment Information: occupation, employer, employment status
• Verification Data: selfies, photographs, and identification documents
• Usage and Technical Data: app interactions, feature usage, and basic technical logs

3. Sensitive Personal Data

Certain data categories are considered sensitive personal data under Tanzanian law.

Where such data is collected:

• Submission is voluntary unless required by law
• Processing is strictly limited to legal compliance, fraud prevention, or risk management
• Sensitive data is not used for advertising, profiling, or discriminatory decision-making
• Enhanced security and restricted access measures are applied

Failure to provide sensitive personal data may restrict access to certain services where such data is legally or operationally required.

4. App Permissions

Kopasasa commits that when we collect your data through the app, we will encrypt it using the HTTPS protocol and upload it to our server (https://api.kopasasatz.com/). We will not share your data with any third party without your consent.

Personal Identification Information (Tanzania)

When you use our application, we may request and process personal data such as your full name, gender, date of birth/age, nationality/citizenship, residential address, and national identification details. Depending on the onboarding flow and applicable requirements.

Source: Information you enter in the app.

Purpose: To verify identity, perform KYC (Know Your Customer) checks, prevent fraud, assess eligibility, and comply with applicable legal and regulatory requirements (including AML/CFT obligations).

Compliance note: We process personal data in accordance with applicable Tanzanian data protection requirements, including the Personal Data Protection Act, 2022 (Tanzania) and any applicable regulations/guidance issued from time to time.

User Profile & Application Data

We may collect additional information you provide, such as education level, employment status, occupation, income, marital status, housing type, and other information entered in application forms or questionnaires.

Purpose: To support credit/risk assessment, tailor services, improve risk management models, and provide customer support.

Banking & Payment Information

For financial processing, we may collect bank account details, bank name, payment identifiers, transaction records, repayment history, and other relevant payment information. Where applicable, this may also include mobile money payment details and transaction references (e.g., MNO wallet identifiers and payment confirmations).

Purpose: To evaluate loan/credit requests, confirm repayment capacity, manage disbursements and collections, reconcile payments, and meet AML/CFT compliance requirements.

Note: We do not use this data for advertising or unrelated marketing.

Camera Use for Identity Verification & Liveness

With your permission, the app may use your device camera solely for identity verification and liveness detection, including capturing a selfie and/or scanning official documents.

Purpose: To ensure the identity presented is authentic and to prevent forgery or identity impersonation.

Protective measures: The camera is not used in the background, and images are not used for unrelated purposes.

Emergency Contacts

In certain cases, we may request the name, relationship, and phone number of emergency contact(s) you choose.

Source: Only contacts manually selected by you from your address book.

Purpose: To support identity verification processes and enable communication in emergency situations.

Important: We do not collect your full contact list.

Financial SMS Messages

With your explicit consent, we may access and process only SMS messages related to financial activity, including the sender, timestamp, and relevant content.

Purpose: To strengthen credit scoring, estimate financial capacity, analyze income/expense patterns, and prevent fraud.

Kopasasa will filter your SMS based on the following rules:

• We only collect financial SMS messages that contain keywords such as “loan”, “cash”, “kash”, “credit”, “debt”, “money”, “moni”, and similar terms.
• We only collect SMS messages from your inbox.
• We only access SMS messages related to financial activity from the most recent six (6) months, and we commit to collecting no more than 2,000 messages.

You can choose whether to grant Kopasasa SMS permission, and you can fully control enabling or disabling this feature in your device settings. We commit to securely deleting the financial SMS after the analysis is completed. All data is transmitted securely to our server (https://api.kopasasatz.com/) using SSL encryption. We also commit that we will not share this information with any third party without your consent.

Installed Applications Information

When authorized, we may collect limited data about apps installed on your device, such as package name, category, and installation status.

Purpose: To enhance device risk assessment, support fraud prevention, and contribute to credit risk analysis.

Note: This data is used mainly to identify risk patterns associated with financial abuse or fraud and is not used for advertising.

Device & System Technical Data

While you use our Android app, we may collect technical information such as device model, hardware specifications (e.g., memory, screen resolution), IP address, Android identifiers (e.g., Android ID), mobile network operator, and OS version. Where strictly necessary and permitted, we may also process certain device identifiers for security and fraud prevention.

Purpose: To strengthen security controls, prevent fraud, manage risk, maintain device integrity, and ensure service compatibility and performance.

Note: These identifiers are not used for advertising, marketing, or cross-app profiling.

Approximate Location

With your permission, we may collect approximate location data (e.g., general coordinates, accuracy radius, timestamp, and region-level address indication).

Purpose: To support anti-fraud measures, validate device consistency, and comply with applicable regulatory requirements.

Note: We do not collect location in the background unless you provide explicit consent.

Access & Interaction Logs

We may process service usage data, including account identifiers, encrypted credentials or authentication tokens, OTP verification events, session logs, and in-app interaction events (and related customer support interactions).

Purpose: To maintain accounts, enable secure authentication, process operations, support customers, and continuously improve the product.

Information Obtained from Partners / Third Parties

We may also obtain information from authorized third parties and partners, including:

• Licensed credit bureaus / credit reference partners in Tanzania (as applicable)
• Identity verification providers and sanctions/PEP screening providers
• Telecommunications operators / mobile network operators (where permitted and/or with consent)
• Payment partners, mobile money providers, and banks
• Marketing partners (only where lawful and with required consent)

Purpose: To validate submitted information, perform credit scoring, ensure regulatory compliance, and prevent fraud.

5. Use of Personal Information

We process personal data for the following purposes:

• User registration and account management
• Identity verification and fraud detection
• Credit assessment and service provision
• Compliance with legal and regulatory requirements
• System security, risk control, and operational monitoring
• Customer communication and support services

6. Data Security and Storage

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or loss. Data is transmitted through secure, encrypted channels and stored on protected servers.

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable laws and regulations. Data is securely deleted or anonymized once retention is no longer necessary.

8. Data Sharing and Disclosure

We do not sell personal data. Personal information may be shared only under the following circumstances:

• Where required by law, court order, or regulatory authority
• With trusted service providers supporting verification, compliance, or infrastructure operations
• To prevent fraud, security threats, or unlawful activities
• Where explicit user consent has been obtained

9. Your Rights

Subject to Tanzanian data protection laws, you have the right to:

• Request access to your personal data
• Request correction or deletion of inaccurate or unlawfully processed data
• Object to or restrict certain processing activities
• Withdraw consent where processing is based on consent

Requests may be submitted using the contact details provided below.

10. Cross-Border Data Transfers

Where necessary for operational purposes, personal data may be transferred or processed outside Tanzania. In such cases, appropriate safeguards are implemented to ensure compliance with the Personal Data Protection Act, 2022.

11. Updates to This Policy

This Privacy Policy may be updated periodically. The most current version will be made available through the application or other official communication channels.

12. Contact Information