Privacy Policy

1. Introduction

At eSwipe, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our mobile payment application and services.

By using eSwipe, you consent to the data practices described in this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect personal information that you provide directly to us, including:

• Identity Information: Full name, date of birth, government-issued ID details, nationality
• Contact Information: Email address, phone number (+250 format), physical address, emergency contact
• Account Credentials: Username, encrypted PIN, biometric authentication data (fingerprint, facial recognition)
• Financial Information: MTN Mobile Money account details, bank account information, transaction history, spending patterns
• Verification Documents: ID scans, proof of address, selfie photos for KYC compliance, signature samples
• Device Information: Device model, operating system, unique device identifiers, app version
• Location Data: GPS coordinates (with permission), IP address, network location for fraud detection

2.2 Transaction Data

When you use eSwipe to make payments, we collect:

• Payment Details: Transaction amounts (RWF), currencies, payment methods (QR, NFC, bank transfer)
• Merchant Information: Merchant name, location, category, business type, contact details
• Transaction Metadata: Timestamps, transaction IDs, reference numbers, status updates
• Security Data: Device fingerprint, location at transaction time, biometric verification logs
• Financial Records: Balance updates, transaction history, spending analytics, budget tracking
• Receipt Data: Digital receipts, payment confirmations, invoice details, tax information
• Fraud Prevention: Risk scores, behavioral patterns, anomaly detection data

2.3 Usage and Device Information

We automatically collect information about your device and app usage:

• Device Information: Device model, operating system, unique device identifiers, hardware specifications
• Network Information: IP address, mobile carrier, connection type, network speed, data usage
• Usage Analytics: Features accessed, time spent in app, navigation patterns, user journey data
• Performance Data: Crash reports, error logs, app performance metrics, loading times
• Behavioral Data: Spending patterns, transaction frequency, app usage habits, feature preferences
• Security Logs: Login attempts, authentication methods, security events, access patterns
• Location Data: GPS coordinates (with permission), network location, location history for fraud detection

2.4 Biometric Data

With your consent, we collect and process biometric data for authentication purposes, including fingerprint scans and facial recognition data. This data is encrypted and stored securely on your device and our servers.

2.5 Communication Data

We collect information from your communications with us, including customer support inquiries, feedback, survey responses, and correspondence.

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Create and manage your eSwipe account
• Process payments and transactions through MTN Mobile Money
• Verify your identity and prevent fraud
• Provide customer support and respond to inquiries
• Send transaction confirmations and receipts
• Maintain and improve app functionality

3.2 Analytics and Personalization

We analyze your data to:

• Generate spending insights and financial analytics
• Provide personalized recommendations and budgeting tips
• Classify spending patterns and behavior
• Create customized dashboards and reports
• Improve user experience and app features

3.3 Security and Fraud Prevention

We process your data to:

• Detect and prevent fraudulent transactions
• Monitor for suspicious account activity
• Verify transaction authenticity
• Maintain audit trails for regulatory compliance
• Protect against unauthorized access
• Conduct risk assessments and security monitoring

3.4 Communications

We use your contact information to:

• Send transaction notifications and alerts
• Provide security warnings and fraud alerts
• Share important service updates and announcements
• Send promotional offers (with your consent)
• Conduct customer satisfaction surveys

3.5 Legal and Regulatory Compliance

We process data to comply with legal obligations, including anti-money laundering (AML) regulations, Know Your Customer (KYC) requirements, tax reporting, and responding to lawful requests from authorities.

4. How We Share Your Information

4.1 Payment Processors

We share necessary transaction data with MTN Mobile Money to process payments on your behalf. This includes:

• Account identifiers and payment credentials
• Transaction amounts and merchant details
• Authentication and authorization data

4.2 Service Providers

We engage third-party service providers to support our operations:

• Cloud Hosting: Secure data storage and infrastructure
• Analytics Services: Usage analytics and performance monitoring
• Customer Support: Help desk and support ticketing systems
• Security Services: Fraud detection and threat intelligence
• Communication Services: Email and SMS delivery providers

All service providers are bound by strict confidentiality agreements and process data only as directed by us.

4.3 Regulatory Authorities

We may disclose information to government agencies, law enforcement, or regulatory bodies when required by law or to protect our legal rights.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to this Privacy Policy.

4.5 Data Sale Policy

eSwipe does not sell, rent, or trade your personal data to third parties for commercial purposes. We may share anonymized, aggregated statistical data that cannot identify you personally with partners, researchers, or the public for analytical and marketing purposes only.

5. Data Security

5.1 Security Measures

We implement industry-leading security measures to protect your data:

• Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Authentication: Multi-factor authentication with biometric verification
• Access Controls: Role-based access with principle of least privilege
• Monitoring: 24/7 security monitoring and intrusion detection
• Auditing: Regular security audits and penetration testing
• Compliance: PCI DSS Level 1 certification

5.2 Data Storage

Your data is stored in secure, encrypted databases hosted in certified data centers with redundant backups and disaster recovery systems.

5.3 Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours and take immediate steps to mitigate any harm.

6. Your Privacy Rights (GDPR Compliance)

6.1 Right to Access

You have the right to access all personal data we hold about you, including:

• Account information and transaction history
• Data categories and processing purposes
• Recipients of your data
• Retention periods and data sources

How to exercise: Navigate to Settings → Privacy → Download My Data or email privacy@eswipe.rw

6.2 Right to Rectification

Correct inaccurate or incomplete personal information at any time through app settings or by contacting support.

6.3 Right to Erasure (Right to be Forgotten)

Request deletion of your personal data, subject to legal retention requirements:

• Financial records must be retained for 7 years per Rwanda law
• Fraud investigation data may be retained longer
• Backup copies may persist for up to 90 days

How to exercise: Settings → Privacy → Delete Account or email privacy@eswipe.rw

6.4 Right to Data Portability

Receive your data in a structured, machine-readable format (CSV, JSON) for transfer to another service.

How to exercise: Settings → Privacy → Export Data

6.5 Right to Restrict Processing

Limit how we process your data in certain circumstances, such as during accuracy verification or when contesting processing legality.

How to exercise: Email privacy@eswipe.rw with your request

6.6 Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

How to exercise: Settings → Notifications → Manage Preferences

6.7 Right to Withdraw Consent

Withdraw consent for processing activities at any time. This does not affect the lawfulness of processing before withdrawal.

How to exercise: Settings → Privacy → Manage Consents

6.8 Right to Lodge a Complaint

File a complaint with the Rwanda Utilities Regulatory Authority (RURA) if you believe your rights have been violated.

Contact RURA: info@rura.rw or visit www.rura.rw

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide services and maintain your account
• Comply with legal and regulatory requirements (minimum 7 years for financial records)
• Resolve disputes and enforce agreements
• Prevent fraud and maintain security
• Improve services through analytics

After the retention period, we securely delete or anonymize your data.

8. Children's Privacy

eSwipe is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take immediate steps to delete it.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure adequate protection through:

• Standard contractual clauses approved by data protection authorities
• Transfers to countries with adequate data protection laws
• Security measures equivalent to or exceeding local requirements
• Your explicit consent for transfers where required

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for app functionality and security
• Performance Cookies: Track app performance and identify issues
• Analytics Cookies: Understand user behavior and improve services
• Functional Cookies: Remember your preferences and settings

You can manage cookie preferences through your device settings, though disabling certain cookies may affect functionality.

11. Third-Party Services

Our app may contain links to third-party websites and services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any personal information.

12. Updates to Privacy Policy

We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes through:

• In-app notifications
• Email to your registered address
• Prominent notice on our website

Continued use of eSwipe after updates constitutes acceptance of the revised policy.

13. Contact Information

For privacy-related questions, concerns, or to exercise your rights, please contact:

14. Regulatory Authority

You have the right to lodge a complaint with the relevant data protection authority if you believe your privacy rights have been violated: