Data Protection & User Information

Last Updated: January 15, 2025

1. Our Commitment to Data Protection

At eSwipe, protecting your personal data is fundamental to our operations. We recognize that you trust us with sensitive financial information, and we take this responsibility seriously. This document outlines our comprehensive approach to data protection and your rights as a user.

We comply with international data protection standards including GDPR, Rwanda's Data Protection and Privacy Law, and industry-specific regulations for financial services.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

2.1 Contractual Necessity

Processing is necessary to fulfill our contract with you, including:

  • Creating and managing your account
  • Processing payment transactions
  • Providing customer support
  • Delivering requested services and features

2.2 Legal Obligations

We must process certain data to comply with legal requirements:

  • Know Your Customer (KYC) verification
  • Anti-Money Laundering (AML) screening
  • Counter-Terrorism Financing (CTF) compliance
  • Tax reporting and record keeping
  • Regulatory audits and investigations

2.3 Legitimate Interests

We process data for legitimate business purposes:

  • Fraud detection and prevention
  • Security monitoring and threat protection
  • Service improvement and analytics
  • Network and information security
  • Business intelligence and strategic planning

2.4 Consent

For certain processing activities, we obtain your explicit consent:

  • Biometric authentication (fingerprint, facial recognition)
  • Location tracking for enhanced features
  • Marketing communications and newsletters
  • Personalized recommendations and analytics
  • Third-party data sharing for specific purposes

3. Data Protection Principles

Our data protection practices are guided by internationally recognized principles:

1

Lawfulness, Fairness, and Transparency

We process data legally, fairly, and transparently. You always know what data we collect and why.

2

Purpose Limitation

Data is collected for specific, explicit, and legitimate purposes and not processed in ways incompatible with those purposes.

3

Data Minimization

We only collect data that is adequate, relevant, and limited to what is necessary for the stated purposes.

4

Accuracy

We take reasonable steps to ensure personal data is accurate and up-to-date. You can correct inaccuracies at any time.

5

Storage Limitation

Data is retained only as long as necessary for the purposes for which it was collected, or as required by law.

6

Integrity and Confidentiality

We implement appropriate security measures to protect against unauthorized access, loss, destruction, or damage.

7

Accountability

We demonstrate compliance with data protection principles through documentation, policies, and regular audits.

4. Your Data Rights

As an eSwipe user, you have comprehensive rights regarding your personal data:

Right to Access

You can request access to all personal data we hold about you. This includes:

  • Account information and transaction history
  • Data categories and processing purposes
  • Recipients of your data
  • Retention periods
  • Sources of collected data

How to exercise: Navigate to Settings → Privacy → Download My Data or email privacy@eswipe.app

Right to Rectification

Correct inaccurate or incomplete personal information at any time.

How to exercise: Update information in app settings or contact support for assistance

Right to Erasure (Right to be Forgotten)

Request deletion of your personal data, subject to legal retention requirements.

Important limitations:

  • Financial records must be retained for 7 years per Rwanda law
  • Fraud investigation data may be retained longer
  • Backup copies may persist for up to 90 days

How to exercise: Settings → Privacy → Delete Account or email privacy@eswipe.rw

Right to Data Portability

Receive your data in a structured, machine-readable format (CSV, JSON) for transfer to another service.

How to exercise: Settings → Privacy → Export Data

Right to Restrict Processing

Limit how we process your data in certain circumstances, such as during accuracy verification or when contesting processing legality.

How to exercise: Email privacy@eswipe.rw with your request

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

How to exercise: Settings → Notifications → Manage Preferences

Right to Withdraw Consent

Withdraw consent for processing activities at any time. This does not affect the lawfulness of processing before withdrawal.

How to exercise: Settings → Privacy → Manage Consents

Right to Lodge a Complaint

File a complaint with the Rwanda Utilities Regulatory Authority (RURA) if you believe your rights have been violated.

Contact RURA: info@rura.rw or visit www.rura.rw

5. Special Categories of Data

We process certain sensitive data categories with enhanced protections:

Biometric Data

Fingerprints and facial recognition data are processed only with your explicit consent and stored with additional encryption. You can disable biometric authentication at any time.

Financial Data

Payment credentials and transaction data are encrypted using AES-256 and stored in PCI DSS compliant systems.

Location Data

Precise location is collected only when necessary for fraud detection and only with your permission. You control location access through device settings.

6. Data Protection by Design

We implement data protection from the earliest stages of system design:

  • Privacy by Default:Most privacy-protective settings are enabled by default
  • Data Encryption:End-to-end encryption for sensitive data at rest and in transit
  • Access Controls:Role-based access with strict authentication requirements
  • Pseudonymization:Personal identifiers replaced with artificial identifiers where possible
  • Regular Audits:Quarterly security audits and annual compliance assessments
  • Staff Training:Mandatory data protection training for all employees

7. Data Breach Response

In the unlikely event of a data breach, we have established procedures to:

Detection & Assessment

Immediate identification and impact assessment of the breach

Containment

Swift action to contain and mitigate the breach

Notification

Affected users notified within 72 hours via email and in-app alert

Regulatory Reporting

Notification to relevant authorities as required by law

Investigation

Thorough investigation to determine cause and prevent recurrence

Support

Dedicated support team to assist affected users

8. International Data Transfers

When transferring data internationally, we ensure adequate protection through:

🔒

Standard Contractual Clauses

EU-approved contractual terms ensuring data protection compliance

Adequacy Decisions

Transfers to countries recognized as providing adequate data protection

🛡️

Security Safeguards

Technical and organizational measures equivalent to those in Rwanda

9. Automated Decision-Making

eSwipe uses automated systems for certain decisions. You have the right to:

  • Know when automated decisions significantly affect you
  • Obtain human intervention for important decisions
  • Contest automated decisions
  • Receive an explanation of the logic involved

Examples of Automated Decisions:

  • Fraud Detection: Transactions flagged as potentially fraudulent
  • Credit Scoring: Creditworthiness assessments for financial services
  • Spending Classification: Automatic categorization of transactions
  • Risk Assessment: Account security risk levels

To request human review: Contact support@ within 30 days of the decision

10. Contact & Complaints

Data Protection Officer

Name: Jean Paul Mugisha

Email: dpo@eswipe.rw

Phone: +250791700692

Address: KG 123 St, Kigali, Rwanda

Office Hours: Mon-Fri, 8AM-6PM EAT

Regulatory Authority

Authority: Rwanda Utilities Regulatory Authority

Email: info@rura.rw

Website: www.rura.rw

Phone: +250 788 126 200

Address: Airport Road, Kigali

Response Times: We respond to data protection inquiries within 5 business days and complete requests within 30 days, as required by law.

Your Data, Your Control

At eSwipe, we believe you should always have control over your personal data. We're committed to transparency, security, and respecting your privacy rights. If you have any questions about how we protect your data, please don't hesitate to contact us.