Privacy Policy
Effective Date: January 15, 2025
Introduction
MpesaFlow ("we", "our", or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, and safeguard your information when you use our payment integration platform, website, or any related services (collectively, the "Services").
Information We Collect
We collect the following types of information:
1. Account Information
- Business name and registration details
- Contact information (email, phone number)
- Login credentials (encrypted)
- API keys and authentication tokens
2. Transaction Data
- Payment processing information
- Transaction history and metadata
- Customer payment details (processed securely)
- Integration logs and API usage data
3. Technical Information
- Device and browser information
- IP addresses and access logs
- Usage statistics and analytics
- Cookies and similar tracking technologies
How We Use Your Information
We use your information for the following purposes:
- To process payments and maintain transaction records
- To provide customer support and resolve issues
- To improve our services and develop new features
- To detect and prevent fraud or unauthorized access
- To comply with legal and regulatory requirements
- To communicate important updates and service information
Data Security
We implement industry-standard security measures to protect your information, including:
- End-to-end encryption for sensitive data
- Regular security audits and penetration testing
- Secure data centers and infrastructure
- Access controls and authentication protocols
- Compliance with PCI DSS and other security standards
Google User Data
When you authenticate with Google OAuth, we may access the following information:
- Basic profile information (name, email address)
- Account verification status
- Authentication tokens for secure API access
We use Google user data solely for:
- Account creation and user authentication
- Providing access to our payment services
- Account management and customer support
We comply with Google's Limited Use requirements:
- We only use Google user data for the purposes stated in this policy
- We do not use Google user data for advertising purposes
- We do not sell Google user data to third parties
- We do not use Google user data for purposes other than those disclosed without your consent
- We retain Google user data only as long as necessary for the stated purposes
Data Retention
We retain your information for the following periods:
- Account Information: Until you delete your account or request deletion
- Transaction Data: 7 years for regulatory compliance and audit purposes
- Google User Data: Until you revoke access or delete your account
- Technical Information: Up to 2 years for security and analytics purposes
- Marketing Data: Until you opt-out or request deletion
You may request deletion of your data at any time, subject to legal and regulatory requirements.
Data Sharing and Third Parties
We may share your information with:
- Payment processors and financial institutions to facilitate transactions (M-Pesa, banks)
- Service providers who assist in operating our platform (hosting, analytics, customer support)
- Google services only for authentication and account management purposes
- Law enforcement or regulatory bodies when legally required
- Business partners with your explicit consent
All third parties are contractually obligated to protect your data and use it only for the specified purposes.
Your Rights and Choices
You have the right to:
- Access and review your personal information
- Request corrections to your data
- Delete your account and associated data
- Opt-out of marketing communications
- Request data portability
Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
- Email: privacy@moflay.com
- Address: Nairobi, Kenya