App   DG  LOAN

Privacy Policy

Effective Date: August 10, 2025

At DG LOAN, we value your privacy and are committed to protecting your personal data. We do not sell your personal information to third parties. We only collect the minimum data necessary to provide and improve our services, and we handle all data in accordance with applicable laws, including the Kenya Data Protection Act 2019, the General Data Protection Regulation (GDPR), and the App Review Guidelines.

You can manage or revoke app permissions at any time in your device’s system settings. You can also withdraw your consent to data processing at any time without affecting the lawfulness of processing before withdrawal.

Contents

  1. Account Registration and Management
  2. Personal Data Collection and Usage
  3. Data Sharing and Disclosure
  4. Data Security and Storage
  5. Your Privacy Rights
  6. Cookies and Tracking Technologies
  7. Protecting Minors’ Privacy
  8. Policy Updates and Changes
  9. International Data Transfers
  10. Contacting DG LOAN

1. Account Registration and Management

1.1 Account registration To access DG LOAN products and services, you must register your account using your mobile number as the primary identifier. We may consolidate and synchronize information across devices associated with your account to maintain consistent service standards. Without required information, you may not be able to use certain features.

Legal Basis under GDPR: Processing your personal data for account registration is necessary for the performance of a contract (Art. 6(1)(b) GDPR) and to comply with legal obligations under Kenyan financial regulations (Art. 6(1)(c) GDPR).

1.2 Account login When you log in for the first time, we send an SMS verification code to confirm your identity. This meets legal requirements and protects your account.

1.3 User personal information authentication To verify your identity and provide services (including loan applications, payments, and repayments), you must provide:

  • Full name, national ID/passport number, date of birth, gender
  • Marital status, education level, employment status, monthly income
  • Address, phone number, email
  • Emergency contacts

We may verify this data with authorized agencies under Kenyan law.

Legal Basis under GDPR: Compliance with legal obligations (Art. 6(1)(c)) and performance of a contract (Art. 6(1)(b)).

You can withdraw your consent for optional data fields at any time via the app settings or by contacting customer service.

1.4 Emergency contacts You must obtain your contact’s consent before adding them. We will only contact them for:

  • Fraud prevention or account security verification
  • Regulatory compliance

1.5 Customer service and dispute resolution We verify your identity using your registered information. Customer support records are retained for 30 days before deletion, as required by Kenyan regulations.

1.6 Loan and repayment processing To process loan disbursements and repayments, you must provide a verified bank account or mobile money wallet.

1.7 Products and information services We may send you product updates, promotions, and service notices only with your explicit opt-in consent. You can withdraw consent at any time via the app settings or by contacting customer service.

1.8 Order management We keep transaction and loan records for processing, payment reconciliation, fraud detection, and regulatory compliance.

2. Personal Data Collection and Usage

Device Information

  • Purpose: Identify your device and protect your account from fraud.
  • When Used: During loan applications, credit limit changes, or sensitive transactions.
  • Legal Basis (GDPR): Fraud prevention (legitimate interests, Art. 6(1)(f)) and contract performance (Art. 6(1)(b)).
  • Protection: Data is encrypted, stored securely (https://appios.loanplus.co.ke), and deleted after 90 days unless needed for investigations.
  • Permission Control: Access is requested dynamically at runtime and only when needed. You can revoke this permission anytime in your device settings.

Camera Access

  • Purpose: We use your camera only for two purposes: (i) to perform a short liveness check to confirm it is really you, and (ii) to capture clear images of your ID document for identity verification.
  • When Used: The camera is activated only when you manually start the in-app ID verification flow (for example, when taking a selfie for liveness or photographing your ID). It is never used in the background.
  • Legal Basis (GDPR): Our legitimate interests in fraud prevention and identity verification (Art. 6(1)(f)) and, where required, your consent (Art. 6(1)(a)), which you can withdraw at any time.
  • Protection: Photos and video frames are encrypted in transit and at rest. We never sell your images. We only share them with our contracted identity-verification providers or competent authorities when required by law.
  • Permission Control: Camera permission is requested dynamically at the moment you use the ID verification feature, and you can deny or revoke it at any time in your device settings.

Photo Access

  • Purpose: We only access the specific photos or files you choose to upload for identity verification or customer support. We never scan or access your entire gallery.
  • When Used: Only when you voluntarily select images or documents in the app, for example to complete verification or to submit a support request.
  • Legal Basis (GDPR): Your consent (Art. 6(1)(a)), which you can withdraw at any time.
  • Protection: Selected files are encrypted in transit and at rest and are kept only as long as needed to handle your request, typically deleted within 24–48 hours after the case is closed, unless a longer retention is required by law.
  • Permission Control: Photo/media permission is requested dynamically when you use this feature, and you can deny or revoke it at any time in your device settings.

Location When In Use Usage

  • Purpose: Verify transaction legitimacy and customize services by region.
  • When Used: During transactions, logins, or region-specific services.
  • Legal Basis (GDPR): Fraud prevention (Art. 6(1)(f)) and compliance with geographic restrictions (Art. 6(1)(c) where applicable).
  • Protection: City-level precision only, encrypted, stored securely (https://appios.loanplus.co.ke) for up to 90 days.
  • Permission Control: You can disable location access anytime in device settings.

Emergency Contacts

  • Purpose: Assist with account recovery or repayment arrangements.
  • When Used: Only with your explicit consent during verified support processes.
  • Legal Basis (GDPR): Consent (Art. 6(1)(a)).
  • Protection: Encrypted, stored securely (https://appios.loanplus.co.ke), never used for marketing or third-party sharing.

Tracking Usage

  • Purpose: To improve app performance and user experience through _anonymous_analytics (e.g., crash reports, feature usage).

When Used:

  • Tracking occurs only if you consent via the app’s opt-in prompt.

  • Covers:

    • App interactions (e.g., buttons clicked, screens viewed).
    • Performance data (e.g., loading times, error logs).

Data Safety:

  • No personal identifiers (e.g., name, phone number) collected.
  • Used solely to optimize app functionality.
  • Manage tracking: Disable anytime in Settings > Privacy > Tracking.

3. Data Sharing and Disclosure

We share your data only when:

  • You give explicit consent
  • Required by law, court order, or regulator
  • Needed for fraud prevention or account security

We do not sell your personal data. In corporate changes (e.g., mergers), we will notify you and ensure the successor entity follows this policy.

4. Data Security and Storage

We use:

  • Encryption in transit and at rest
  • Role-based access controls
  • Minimum privilege enforcement
  • Regular security audits and penetration testing
  • Certified secure cloud services

If a breach occurs, we will notify affected users and regulators as required by law.

5. Your Privacy Rights

You have the right to:

  • Access your data (Art. 15 GDPR)
  • Correct inaccurate data (Art. 16 GDPR)
  • Delete your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing, including for marketing (Art. 21 GDPR)
  • Request human review of automated decisions (Art. 22 GDPR)

You can exercise these rights via help@loanplus.co.ke or +254 207 905 951. We respond within 5 business days.

6. Cookies and Tracking Technologies

We use cookies only for performance optimization and user preference storage. You can disable them in browser settings, but some features may not work.

7. Protecting Minors’ Privacy

DG LOAN is for users aged 18+. We do not knowingly collect data from minors. If notified, we will delete the account and related data within 72 hours.

8. Policy Updates and Changes

We may update this policy for legal, regulatory, or operational reasons. We will notify you in-app and require acknowledgment before continuing service. If you do not agree, you can withdraw consent and request data deletion before changes take effect.

9. International Data Transfers

If we transfer your data outside your country or region (e.g., to servers in Kenya), we ensure safeguards under applicable laws, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy Decisions
  • Other legally recognized transfer mechanisms

10. Contacting DG LOAN

Email: help@loanplus.co.ke

Phone: +254 207 905 951 (Mon–Fri, 9:00 AM–6:00 PM EAT)