App   Digital Loan Plus

Privacy Policy

Effective Date: August 10, 2025

At Digital Loan Plus, we value your privacy and are committed to protecting your personal data. We do not sell your personal information to third parties. We only collect the minimum data necessary to provide and improve our services, and we handle all data in accordance with applicable laws, including the Kenya Data Protection Act 2019, the General Data Protection Regulation (GDPR), and the Google Play Developer Program Policies.

You can manage or revoke app permissions at any time in your device’s system settings. You can also withdraw your consent to data processing at any time without affecting the lawfulness of processing before withdrawal.

Contents

  1. Account Registration and Management
  2. Personal Data Collection and Usage
  3. Data Sharing and Disclosure
  4. Data Security and Storage
  5. Your Privacy Rights
  6. Cookies and Tracking Technologies
  7. Protecting Minors’ Privacy
  8. Policy Updates and Changes
  9. International Data Transfers
  10. Contacting Digital Loan Plus

1. Account Registration and Management

1.1 Account registration To access Digital Loan Plus products and services, you must register your account using your mobile number as the primary identifier. We may consolidate and synchronize information across devices associated with your account to maintain consistent service standards. Without required information, you may not be able to use certain features.

Legal Basis under GDPR: Processing your personal data for account registration is necessary for the performance of a contract (Art. 6(1)(b) GDPR) and to comply with legal obligations under Kenyan financial regulations (Art. 6(1)(c) GDPR).

1.2 Account login When you log in for the first time, we send an SMS verification code to confirm your identity. This meets legal requirements and protects your account.

1.3 User personal information authentication To verify your identity and provide services (including loan applications, payments, and repayments), you must provide:

  • Full name, national ID/passport number, date of birth, gender
  • Marital status, education level, employment status, monthly income
  • Address, phone number, email
  • Emergency contacts

We may verify this data with authorized agencies under Kenyan law.

Legal Basis under GDPR: Compliance with legal obligations (Art. 6(1)(c)) and performance of a contract (Art. 6(1)(b)).

You can withdraw your consent for optional data fields at any time via the app settings or by contacting customer service.

1.4 Emergency contacts You must obtain your contact’s consent before adding them. We will only contact them for:

  • Fraud prevention or account security verification
  • Regulatory compliance

1.5 Customer service and dispute resolution We verify your identity using your registered information. Customer support records are retained for 30 days before deletion, as required by Kenyan regulations.

1.6 Loan and repayment processing To process loan disbursements and repayments, you must provide a verified bank account or mobile money wallet.

1.7 Products and information services We may send you product updates, promotions, and service notices only with your explicit opt-in consent. You can withdraw consent at any time via the app settings or by contacting customer service.

1.8 Order management We keep transaction and loan records for processing, payment reconciliation, fraud detection, and regulatory compliance.

2. Personal Data Collection and Usage

Device Information

  • Purpose: Identify your device and protect your account from fraud.
  • When Used: During loan applications, credit limit changes, or sensitive transactions.
  • Legal Basis (GDPR): Fraud prevention (legitimate interests, Art. 6(1)(f)) and contract performance (Art. 6(1)(b)).
  • Protection: Data is encrypted, stored securely (https://api.loanplus.co.ke), and deleted after 90 days unless needed for investigations.
  • Permission Control: Access is requested dynamically at runtime and only when needed. You can revoke this permission anytime in your device settings.

Photo Access

  • Purpose: Only access photos you select for verification or support.
  • When Used: When you initiate a support request requiring images.
  • Legal Basis (GDPR): Consent (Art. 6(1)(a)), withdrawable at any time.
  • Protection: Selected files only, encrypted in transit and at rest, deleted within 24–48 hours of case closure.
  • Permission Control: Requested dynamically when the feature is used.

Approximate Location

  • Purpose: Verify transaction legitimacy and customize services by region.
  • When Used: During transactions, logins, or region-specific services.
  • Legal Basis (GDPR): Fraud prevention (Art. 6(1)(f)) and compliance with geographic restrictions (Art. 6(1)(c) where applicable).
  • Protection: City-level precision only, on secure servers (https://api.loanplus.co.ke/), stored for up to 90 days.
  • Permission Control: You can disable location access anytime in device settings.

Emergency Contacts

  • Purpose: Assist with account recovery or repayment arrangements.
  • When Used: Only with your explicit consent during verified support processes.
  • Legal Basis (GDPR): Consent (Art. 6(1)(a)).
  • Protection: Encrypted, securely stored on secure servers (https://api.loanplus.co.ke/)

SMS Data Processing( Financial Related Only)

  • Purpose: With your explicit consent, we access financial SMS content to assess creditworthiness and enhance fraud prevention. We analyze the following data: precise message timestamps, sender phone numbers, and financial message content—including banking transactions, loan updates, and payment confirmations—while strictly excluding all non-relevant communications.

  • When Used: Our system retrieves only the following message types:

    • Banking transactions (balance updates, transfer confirmations)
    • Digital payments (transaction receipts, billing statements)
    • Credit service alerts (loan disbursements, repayment reminders) Messages older than 110 days are excluded, along with personal chats, promotions, non-financial OTPs, and unrelated notifications. Advanced pattern recognition automatically filters valid transactions using financial keywords (e.g., “account,” “cash,” “charge,” “cost”,” “expiry”,” “fund”).

  • Data Protection: All data undergoes financial lexicon screening, transmits via SSL/TLS encryption, and is stored with AES-256 on secured servers https://api.loanplus.co.ke/. Information is deleted after 90 days, unless retained for active fraud investigations. You may revoke access anytime in device settings, though restricted permissions could limit service functionality.

3. Data Sharing and Disclosure

We share your data only when:

  • You give explicit consent
  • Required by law, court order, or regulator
  • Needed for fraud prevention or account security

We do not sell your personal data. In corporate changes (e.g., mergers), we will notify you and ensure the successor entity follows this policy.

4. Data Security and Storage

We use:

  • Encryption in transit and at rest
  • Role-based access controls
  • Minimum privilege enforcement
  • Regular security audits and penetration testing
  • Certified secure cloud services

If a breach occurs, we will notify affected users and regulators as required by law.

5. Your Privacy Rights

You have the right to:

  • Access your data (Art. 15 GDPR)
  • Correct inaccurate data (Art. 16 GDPR)
  • Delete your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing, including for marketing (Art. 21 GDPR)
  • Request human review of automated decisions (Art. 22 GDPR)

You can exercise these rights via help@loanplus.co.ke or +254 207 905 950. We respond within 5 business days.

6. Cookies and Tracking Technologies

We use cookies only for performance optimization and user preference storage. You can disable them in browser settings, but some features may not work.

7. Protecting Minors’ Privacy

Digital Loan Plus is for users aged 18+. We do not knowingly collect data from minors. If notified, we will delete the account and related data within 72 hours.

8. Policy Updates and Changes

We may update this policy for legal, regulatory, or operational reasons. We will notify you in-app and require acknowledgment before continuing service. If you do not agree, you can withdraw consent and request data deletion before changes take effect.

9. International Data Transfers

If we transfer your data outside your country or region (e.g., to servers in Kenya), we ensure safeguards under applicable laws, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy Decisions
  • Other legally recognized transfer mechanisms

10. Contacting Digital Loan Plus

Email: help@loanplus.co.ke

Phone: +254 207 905 950 (Mon–Fri, 9:00 AM–6:00 PM EAT)