Privacy Policy

Last Updated: June 25, 2026 • Kenyan Data Protection Act 2019 Compliance

CrediPoa Limited ("we", "us", or "our") is dedicated to protecting and respecting your privacy. This Privacy Policy details how we collect, store, share, and process your personal data in accordance with the Data Protection Act No. 24 of 2019 of the Republic of Kenya.

1. Data We Collect

When you register, submit KYC forms, or apply for digital credit on CrediPoa, we collect:

  • Identity Data: Full legal name, National ID card photograph, ID number, and date of birth.
  • Contact Data: Mobile phone number registered with Safaricom, emergency contact name, and emergency contact phone number.
  • Device Fingerprint Data: Screen resolution, browser hash, user-agent details, OS type, local time zone, and canvas hash (captured for fraud screening).
  • Financial & Employment Data: Monthly income estimate, employment category, and business details.

2. Purpose of Processing Personal Data

We use the collected information to:

  • Verify your identity and run background checks.
  • Calculate credit limits and underwrite digital loans.
  • Detect and prevent fraud, multi-accounting, and identity theft.
  • Verify emergency contact details to complete security evaluations.
  • Process disbursements and repayments via M-Pesa STK Push / Paybill.
  • Fulfill regulatory report requirements under the Central Bank of Kenya guidelines.

3. Sharing of Personal Data

We treat your data with strict confidentiality. Personal details may be shared ONLY under the following circumstances:

  • With Credit Reference Bureaus (CRB) to register credit performance (obligatory for defaults).
  • With payment processors (Safaricom M-Pesa API gateways) to verify transactions.
  • With law enforcement or regulatory agencies when required under Kenyan laws.

We DO NOT sell, rent, or distribute your contacts or information to third-party marketing services.

4. Data Retention and Security

Your personal data is encrypted in transit and at rest using modern secure encryption protocols. We retain your information as long as you maintain an active account, or as required by regulatory financial and tax laws in Kenya (typically seven years post-account closure).

5. Your Legal Rights

Under the Data Protection Act 2019, you have the right to request access to your stored personal data, correct inaccurate details, request data deletion (subject to loan settlement and legal retention duties), and withdraw processing consent.

6. Contact Our Data Protection Officer

For questions regarding data processing, consent withdrawal, or to exercise your rights, contact our Data Protection Officer at privacy@credipoa.co.ke or call +254 713 752872.

By submitting the onboarding consent check on the KYC wizard, you provide your explicit consent for CrediPoa to collect and process your information as outlined in this Privacy Policy.