Privacy Policy

Permissions Disclosure
KopaLink is committed to the preservation of your privacy and transparency in accordance with the 2019 Data Protection and Privacy Act and other pertinent regulations. In order to assess your eligibility and guarantee a smooth loan acceptance process, we require specific permissions to access specific data from your device. All information we collect is exclusively used for the purpose of providing our services, and we guarantee its secure storage, transmission, and exclusive use. Your information will not be disclosed to any third parties without your explicit consent.

SMS Permission Notice

To support fraud prevention, credit scoring, and loan eligibility assessment, the application may access SMS records when a user applies for a credit product.

SMS permission is requested only after the user actively initiates a credit application. The application does not access SMS messages before obtaining the user's explicit authorization. Once permission is granted, the application may access SMS records from the most recent six months, with a maximum review scope of approximately 3,500 messages.

Within the authorized scope, SMS records are initially reviewed in their entirety. The application then applies predefined finance-related keywords to identify and extract messages that may be relevant to financial behavior assessment. Only messages matching the filtering criteria are considered during the evaluation process.

The SMS information that may be accessed includes sender information, recipient information, message date and time, and message content. This information is used solely for fraud prevention, credit scoring, and loan eligibility assessment.

Emergency Contact Information
In order to prevent fraud and verify identification, we need access to two emergency contacts.

These contacts may be manually input, we will not request any additional information from your address book without your consent.

All data is securely stored on our servers and transmitted via HTTPS.

Specifications of the Device
Purpose: Device authentication, fraud detection, and environment risk evaluation.

This information includes the model name, specifications, and unique identifiers, such as the OS version, brand, model number, IMEI, serial number, developer mode status, screen width, default language, age, time zone, and other device environment parameters. Furthermore, display and luminance parameters, CPU data, and device performance details are included. Although we exclusively utilize this information for financial applications, we also gather information regarding the applications that are installed on your smartphone. This includes the app name, version number, installation date, and whether it is a pre-installed system app. This guarantees the financial stability of accounts and eliminates fraudulent software, thereby aiding in the identification and evaluation of potential threats. It is imperative to underscore that the homepage does not transmit or process any information if you do not elect to register. Furthermore, we avoid employing data from applications that do not belong to a particular financial category. Safeguarded from unauthorized access, all data that has been collected is securely stored on our systems.

Network Information

1. GAID/ADID: In order to optimize your advertising experience and analyze ad data, we obtain your Google Advertising ID (GAID).
2. ACCESS_WIFI_STATE: Our objective is to gather data about your Wi-Fi network in order to assess risk and detect potential anomalies.
3. ACCESS_NETWORK_STATE: In order to assess risk and prevent data loss during network disruptions, we collect your network data, which includes your, connection status, and network type.
4. The simCountryIso, simOperator, networkType, and macAddress are all supplementary pieces of information.

KYC

For purposes of identity verification, fraud prevention, and credit assessment, we may request that you provide certain personal information during the application and KYC process. This information may include:

- Telephone number
- Email address

- Name

- Gender

- Date of birth

- Numerical value of registration document
- Instructional capabilities
- Information regarding occupations

- The marital status
-Address information

Installed App List Data Disclosure

For anti-fraud and credit scoring purposes, this app accesses installed application information only when the user actively taps the “Apply for Loan” button during the loan application process.

The collected app list data is limited to essential fields only, including app name, app version, installation time, and app package ID.

This information is used solely for anti-fraud and credit assessment purposes and is not used for any other purposes.Installed app list data is not shared with any third-party services.

All data transmissions are encrypted and handled in accordance with our privacy policy.

Data Security Methodology
After being entirely encrypted, all data that has been collected will be securely transmitted to an HTTPS server. Without your explicit authorization, your information will not be disclosed to any other parties.

Security and Storage of Data
If you choose not to submit an application, your data will not be published. We guarantee that all data that has been collected is transmitted securely to our servers using cutting-edge encryption and security protocols. Any third party will be unable to access your data if you fail to provide unambiguous consent.
You consent to the acquisition, processing, and secure storage of personal information, including your name, phone number, operating system, and device type, as well as the accumulation of SMS, device activity records, and address data, by utilizing our services. Additionally, we may enhance our credit assessment by compiling data from credit bureaus and financial organizations.

Data Utilization
In order to acquire your personal information, the subsequent two methodologies are implemented:
1. Directly submitted data: We may record and retain the information you provide when you apply for products and/or services, complete online forms, provide feedback, resolve disputes, or contact us regarding our financial services. We may also monitor the data generated by your transactions and activity while you are using our services. When the service is executed, usage data is routinely collected.
2. Information that we proactively collect: We collect information from your computer, smartphone, and other access devices when you use our website, app, and related services.
The manner in which we employ your data:
-To verify your identity

-To construct models for credit assessment

-To superintend credit histories and evaluate loan proposals

-To examine the distribution of collections and payments.
The information supplied can be used for a variety of purposes, including the determination and qualification of your creditworthiness, the verification of your identity, the assessment of the risk associated with your credit request, and statistical analysis, as previously mentioned.

3rd Party Code, and SDKs

What SDKs do we app use and why?

SDKs used & purpose:

AppsFlyer - marketing attribution and campaign measurement. (com.android.installreferrer:installreferrer)This is used with AF to count download and installation attribution

(com.google.android.gms:play-services-auth-api-phone & com.google.android.gms:play-services-auth )  SMS OTP autofill via SMS Retriever (improves UX and reduces mistyped otp).

Firebase Analytics - app usage/events to improve flows. Firebase Crashlytics(com.google.firebase:firebase-crashlytics ) - crash reports and stack traces for stability fixes.

SDK Compliance Statement

We ensure Google Play compliance through strict SDK governance, data minimization, and transparency. Only essential SDKs are integrated for core functions (analytics, attribution, OTP, crash reporting). We do not share sensitive personal data (e.g., IDs, full names, SMS content) with third parties. User consent is obtained before data collection, with opt-out options available. Data is protected באמצעות encryption, access controls, and logging. SDKs are regularly reviewed and updated. Privacy details are disclosed, and users may request data or account deletion via support.

Data Sharing

We do not sell or rent your personal data to third parties. We only share your information when necessary to provide core services or to comply with legal obligations:

• Service providers: such as payment, identity verification, and essential system operations. These providers process data only as required to perform their services and are bound by strict confidentiality obligations.
• Legal and regulatory requirements: when disclosure is required by applicable laws or authorities.
• Security and risk control: for fraud prevention and to ensure the security and integrity of our services.
• For marketing or any non-essential purposes, we will obtain your separate explicit opt-in consent, and you may withdraw your consent at any time.

We follow the principle of data minimization, collecting and sharing only the information necessary for clearly defined purposes, and implement appropriate safeguards to protect your data.

In order to protect your privacy, we have implemented the following policies regarding the acquisition and utilization of data.

Significance
All capitalized phrases in our Privacy Policy have the same meanings as our language of use, unless otherwise specified (where applicable).

We collect personal information.
Furthermore, you furnish us with precise personal information. This information may have been acquired from sources other than yourself, such as the provision of personal information during the account establishment process or in other forms, or it may have been explicitly provided by you. It is accessible whenever the software utilizes it. The Data Protection Act of 2019 does not impose any restrictions; however, it does give permission for specific information collection methods and purposes.

Information that was directly obtained from you or your mobile device
Name, ID number, date of birth, gender, educational background, physical address, email address, employment details, marital status, emergency contacts, phone number, SIM card details, financial and credit information (including Mobile Money, if applicable), and an Account ID and/or password are among the numerous pieces of personal information that you are required to provide in order to register and establish your account.

In order to guarantee the smooth operation of the electronic money feature of the application, it is imperative to furnish payment-related information, including the type of payment card, mobile wallet account data, issuer name, account bearer name, account number, and payment amount.

Information obtained from applications or website visits
We may collect specific technical information about your activities, including your, the websites you have visited in the past or present, the duration of your sessions, your device ID or media access control address, and information about the model, manufacturer, and operating system of your device, during your use of the application or visit to our website.

Furthermore, cookies frequently accumulate particular data when you utilize the program or access our website. Cookies are small files that are retained on your computer or mobile device in order to improve the user interface and monitor user behavior. Despite the fact that the majority of devices and browsers default to accommodating cookies, the app or website may not function as intended if the settings are modified to reject specific categories of cookies or to remove stored cookies at any time..

It is imperative to recognize that the functionality of specific applications may be jeopardized if geolocation tracking is temporarily disabled on your smartphone. When utilized on a mobile device, the application monitors and accumulates real-time geolocation data. Inadvertent geolocation data collection may occur while the program is operating in the background, despite our best efforts to prevent it. Enabling GPS may improve the functionality of your mobile device's application.

Further, in order to interact with the application, the User is required to submit an inventory of emergency contacts, phone and text message logs, and digital information. The User's mobile device's technical specifications and distinctive identifiers, such as the IMEI number, MAC address, and phone number, as well as information regarding the mobile network, operating system, mobile browser type, and preferred time zone, must be submitted.

Data obtained from external sources
Third parties, such as mobile network providers, collecting agencies, agents, suppliers, contractors, and partners, may provide us with access to your personal information in order to fulfill our service obligations. In order to fulfill our obligations to these parties and to ensure compliance with our Privacy Policy and the Data Protection Act of 2019, we exclusively collect this data.

Information concerning external parties that you provide
However, it is essential that you obtain their consent. Per the "Acceptance and consent" section below, you are permitted to furnish us with personal information regarding third parties, such as spouses, family members, associates, and emergency contacts.

Using the confidential information that we have gathered
In addition to any other uses authorized by the Data Protection Act of 2019 and comparable legislation, the personal information we collect may be used for the following purposes:
a. verifying your identity, establishing your account, and managing your credit terms.
b. Verifying the prerequisites prior to creating an account.
c. Overseeing the distribution of loans and the payment of service fees.
d. The evaluation and development of credit models.
e. complying with legal obligations, including anti-money laundering and know-your-customer regulations.
f. I am contacting you to provide the application with usage instructions.
g. providing you with information regarding any updates to the services or application.
h. responding to and addressing inquiries and comments.
i. the development, evaluation, enhancement, and customization of the application.
j. engaging in genuine phone conversations or communicating with you via SMS.
k. the analysis of trends, user behavior, demographic data, and service utilization.
l. engaging in direct communication with consumers regarding promotions, discounts, or offers.

The dissemination of the confidential information that we accumulate
In addition to the uses authorized by the Data Protection Act of 2019 and associated laws, we may disclose your personal information to Affiliates and other organizations for the following reasons:

Responding to regulatory inquiries and conducting investigations are legal obligations
a.court cases that are relevant to our business or to you.
b.During the negotiation of mergers, asset transactions, and company restructuring.
c. establishing partnerships with external organizations that provide services such as product development, research, and marketing.
d. providing anonymized, aggregated data.
e. In situations where disclosure is necessary to prevent damage, denounce illicit activity, investigate any violations of the terms of use, or comply with relevant laws.
f. We make every effort to ensure that any personal information that is not necessary for your identification is anonymized.

International exchange of confidential information
Your personal information may be used, stored, transmitted, and processed outside of your current location or country of origin when you use our services. We ensure that these transfers are protected to the same extent as required by the legal system of your country in accordance with our Privacy Policy.

Confidentiality of personal information
We will retain personal data for the duration necessary to attain the objectives for which it was collected, or as otherwise provided by the Data Protection Act of 2019 and other relevant statutes. When your information is no longer necessary to fulfill legal or commercial obligations or for the intended purpose, we will dispose of it, thereby erasing any means of personally identifying you.

Obtaining confidential information
Please be advised that we retain the right to impose an administrative charge in accordance with the Kenyan Information and Communications Act. If we have the authority to update any personal information about you, you may request that we revise it by contacting us using the information provided below. Rejection may occur for insignificant reasons or when the law permits it. This is not an exhaustive list.

The location in which your personal information is stored
The personal data that has been collected may be managed, transmitted, or retained by third-party service providers if they maintain a level of security that is equivalent to that of this privacy statement. This may entail the processing or storage of data outside of your country of origin, under the supervision of our employees or external vendors.

Ensuring the confidentiality of your data
It is essential to protect your personal information. We take the requisite precautions to prevent unauthorized access, collection, use, disclosure, and processing, as well as to prevent loss or damage. However, the security of internet communication cannot be guaranteed. You are accountable for the protection of your account and mobile device, as well as the preservation of confidentiality.

Changes to this privacy statement
General notices will be issued by the website or application in the event of any modifications. The enhancements are permissible as long as the website is regularly accessed. To ensure that this privacy statement is in accordance with the evolving legal or regulatory requirements or to reflect changing circumstances, it may be revised at any time.

Words
Any discrepancies between the English and other language variants of this privacy statement will be resolved by the English version.

Acceptance and consent
Please be informed that you have given your consent to the collection, use, disclosure, storage, transmission, and processing of your personal data in accordance with the regulations outlined in this privacy statement. It is your responsibility to obtain consent for the use of third-party personal data in the modes described below.

Promotional and marketing merchandise
Marketing communications may be disseminated through a diverse array of platforms. You may revoke your consent by contacting us or utilizing the resources at your disposal. All loan receipts and other documents will be preserved.

External websites are accessed through the use of hyperlinks
We are not responsible for the data practices of these websites and have no control over them. Consequently, it is essential that you are cognizant of their policies regarding the acquisition and utilization of information. Hyperlinks to external websites may be present on our website and application.

The boundaries of accountability
Furthermore, we are not liable for any indirect, incidental, consequential, extraordinary, exemplary, or punitive damages that may result from the use of the App or communication with third parties. We are not responsible for any delays or failures that are the consequence of events that are beyond our reasonable control.