App   Digital Loan Plus

Privacy Policy

Effective Date: August 10, 2025

At Digital Loan Plus, we value your privacy and are committed to protecting your personal data. We do not sell your personal information to third parties. We only collect the minimum data necessary to provide and improve our services, and we handle all data in accordance with applicable laws, including the Kenya Data Protection Act 2019, the General Data Protection Regulation (GDPR), and the App Review Guidelines.

You can manage or revoke app permissions at any time in your device’s system settings. You can also withdraw your consent to data processing at any time without affecting the lawfulness of processing before withdrawal.

Contents

  1. Account Registration and Management
  2. Personal Data Collection and Usage
  3. Data Sharing and Disclosure
  4. Data Security and Storage
  5. Your Privacy Rights
  6. Cookies and Tracking Technologies
  7. Protecting Minors’ Privacy
  8. Policy Updates and Changes
  9. International Data Transfers
  10. Contacting Digital Loan Plus

1. Account Registration and Management

1.1 Account registration To access Digital Loan Plus products and services, you must register your account using your mobile number as the primary identifier. We may consolidate and synchronize information across devices associated with your account to maintain consistent service standards. Without required information, you may not be able to use certain features.

Legal Basis under GDPR: Processing your personal data for account registration is necessary for the performance of a contract (Art. 6(1)(b) GDPR) and to comply with legal obligations under Kenyan financial regulations (Art. 6(1)(c) GDPR).

1.2 Account login When you log in for the first time, we send an SMS verification code to confirm your identity. This meets legal requirements and protects your account.

1.3 User personal information authentication To verify your identity and provide services (including loan applications, payments, and repayments), you must provide:

  • Full name, national ID/passport number, date of birth, gender
  • Marital status, education level, employment status, monthly income
  • Address, phone number, email
  • Emergency contacts

We may verify this data with authorized agencies under Kenyan law.

Legal Basis under GDPR: Compliance with legal obligations (Art. 6(1)(c)) and performance of a contract (Art. 6(1)(b)).

You can withdraw your consent for optional data fields at any time via the app settings or by contacting customer service.

1.4 Emergency contacts You must obtain your contact’s consent before adding them. We will only contact them for:

  • Fraud prevention or account security verification
  • Regulatory compliance

1.5 Customer service and dispute resolution We verify your identity using your registered information. Customer support records are retained for 30 days before deletion, as required by Kenyan regulations.

1.6 Loan and repayment processing To process loan disbursements and repayments, you must provide a verified bank account or mobile money wallet.

1.7 Products and information services We may send you product updates, promotions, and service notices only with your explicit opt-in consent. You can withdraw consent at any time via the app settings or by contacting customer service.

1.8 Order management We keep transaction and loan records for processing, payment reconciliation, fraud detection, and regulatory compliance.

2. Personal Data Collection and Usage

Device Information

  • Purpose: Identify your device and protect your account from fraud.
  • When Used: During loan applications, credit limit changes, or sensitive transactions.
  • Legal Basis (GDPR): Fraud prevention (legitimate interests, Art. 6(1)(f)) and contract performance (Art. 6(1)(b)).
  • Protection: Data is encrypted, stored securely (https://appios.loanplus.co.ke), and deleted after 90 days unless needed for investigations.
  • Permission Control: Access is requested dynamically at runtime and only when needed. You can revoke this permission anytime in your device settings.

Photo Access

  • Purpose: Only access photos you select for verification, support, image feedback app issues.
  • When Used: When you initiate a support request requiring images.
  • Legal Basis (GDPR): Consent (Art. 6(1)(a)), withdrawable at any time.
  • Protection: Selected files only, encrypted in transit and at rest, deleted within 24–48 hours of case closure.
  • Permission Control: Requested dynamically when the feature is used.

Location When In Use Usage

  • Purpose: Verify transaction legitimacy and customize services by region.
  • When Used: During transactions, logins, or region-specific services.
  • Legal Basis (GDPR): Fraud prevention (Art. 6(1)(f)) and compliance with geographic restrictions (Art. 6(1)(c) where applicable).
  • Protection: City-level precision only, encrypted, stored for up to 90 days.
  • Permission Control: You can disable location access anytime in device settings.

Emergency Contacts

  • Purpose: Assist with account recovery or repayment arrangements.
  • When Used: Only with your explicit consent during verified support processes.
  • Legal Basis (GDPR): Consent (Art. 6(1)(a)).
  • Protection: Encrypted, securely stored, never used for marketing or third-party sharing.

Tracking Usage

  • Purpose: To improve app performance and user experience through _anonymous_analytics (e.g., crash reports, feature usage).

When Used:

  • Tracking occurs only if you consent via the app’s opt-in prompt.

  • Covers:

    • App interactions (e.g., buttons clicked, screens viewed).
    • Performance data (e.g., loading times, error logs).

Data Safety:

  • No personal identifiers (e.g., name, phone number) collected.
  • Used solely to optimize app functionality.
  • Manage tracking: Disable anytime in Settings > Privacy > Tracking.

3. Data Sharing and Disclosure

We share your data only when:

  • You give explicit consent
  • Required by law, court order, or regulator
  • Needed for fraud prevention or account security

We do not sell your personal data. In corporate changes (e.g., mergers), we will notify you and ensure the successor entity follows this policy.

4. Data Security and Storage

We use:

  • Encryption in transit and at rest
  • Role-based access controls
  • Minimum privilege enforcement
  • Regular security audits and penetration testing
  • Certified secure cloud services

If a breach occurs, we will notify affected users and regulators as required by law.

5. Your Privacy Rights

You have the right to:

  • Access your data (Art. 15 GDPR)
  • Correct inaccurate data (Art. 16 GDPR)
  • Delete your data (Art. 17 GDPR)
  • Restrict processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing, including for marketing (Art. 21 GDPR)
  • Request human review of automated decisions (Art. 22 GDPR)

You can exercise these rights via help@loanplus.co.ke or +254 207 905 951. We respond within 5 business days.

6. Cookies and Tracking Technologies

We use cookies only for performance optimization and user preference storage. You can disable them in browser settings, but some features may not work.

7. Protecting Minors’ Privacy

Digital Loan Plus is for users aged 18+. We do not knowingly collect data from minors. If notified, we will delete the account and related data within 72 hours.

8. Policy Updates and Changes

We may update this policy for legal, regulatory, or operational reasons. We will notify you in-app and require acknowledgment before continuing service. If you do not agree, you can withdraw consent and request data deletion before changes take effect.

9. International Data Transfers

If we transfer your data outside your country or region (e.g., to servers in Kenya), we ensure safeguards under applicable laws, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy Decisions
  • Other legally recognized transfer mechanisms

10. Contacting Digital Loan Plus

Email: help@loanplus.co.ke

Phone: +254 207 905 951 (Mon–Fri, 9:00 AM–6:00 PM EAT)