- About
- Get In Touch
Join our newsletter for early updates and product launches
Last Updated: Thursday, 11th December at 11:22 AM
InversePay Africa Limited (“we” or “us” or “our”) respects the privacy of our users (“user” or “you”). We'll be the controller of the information you provide to us. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our mobile application (the “Application”). Please read this Privacy Policy carefully. Please note that we reserve the right to change this Privacy Policy anytime and for any reason. We will alert you about any changes via in Application notifications. You are encouraged to review this Privacy Policy periodically to stay informed of updates. This Privacy Policy does not apply to the third-party online/mobile store from which you install the Application or make payments, including any in-game virtual items, which may also collect and use your data. We are not responsible for any of the data collected by any such third party.
This policy applies to all personal data processed by InversePay Africa in the course of providing financial services, including data collected through our digital platforms, API integrations, and other channels.
Upon Insurance
We may collect information about you in a variety of ways. The information we may collect via the Application depends on the service you use and includes:
Demographic and other personally identifiable information (such as your name and email address) that you voluntarily give to us when choosing to participate in various activities related to the Application, such as chat, posting messages in comment sections or in our forums, liking posts, sending feedback, and responding to surveys. If you choose to share data about yourself via your profile, online chat, or other interactive areas of the Application, please be advised that all data you disclose in these areas is public and your data will be accessible to anyone who accesses the Application. We may also collect information related to your national identification card number and require a self-portrait to verify your identity as per the requirements of Anti-Money Laundering and Counter-Terrorism Financing legislation. That information along with other personally identifying information about you will be shared internally and may also be shared externally with our compliance, banking, aggregation and product offering partners that undertake an automated review of your information: (i) against relevant government-maintained sanctions lists and lists of politically exposed persons, (ii) for purposes of facial recognition against government provided identification documents, (iii) for accuracy against national databases, (iv) for confirming your identity against other relevant databases such as those maintained by companies providing credit reports, and (v) for the purpose of monitoring transactions for fraudulent and other illegal activities.
The information our servers automatically collect when you access the Application, such as your native actions that are integral to the Application, as well as other interactions with the Application and other users via automatic audit server log.
Financial information, such as data related to your mobile money account and payment method, that we may collect when you purchase, order, return, exchange, or request information about our services from the Application. Please note that we store only very limited if any, financial information that we collect in line with regulatory requirements for safeguarding such information. Otherwise, all financial information is stored by our payment processor.
We may request access or permission to certain features from your mobile device, including your mobile device’s camera (for the purpose of “selfies” used for identification verification), contacts (for the purpose of engaging contacts to join you on the Application), SMS messages (which we may use in the future to simplify your login to the Application), storage (for storing your profile picture for the Application), and potentially GPS (for anti-fraud, Application security purposes) and other features. If you wish to change our access or permissions, you may do so in your device’s settings. It should be noted that like other Applications, we will have access to your device fingerprint which identifies the specific device used for the Application.
Information such as your mobile device ID number, model, and manufacturer, version of your operating system, phone number, country, location, and any other data you choose to provide.
We may request to send you push notifications regarding your account or the Application. If you wish to opt out from receiving these types of communications, you may turn them off in the application under the settings tab.
Information from third parties, such as personal information or network friends, if you connect your account to the third party and grant the Application permission to access this information.
Personal and other information you may provide when entering contests or giveaways and/or responding to surveys.
Under data protection law, we can only use your personal information if we have a proper reason for doing so. In order to use your personal information, we rely on the following legal bases:
Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Application to:
We use an automated decision making system to determine whether a user has provided appropriate authentication to engage with the application, including verification of personally identifiable information (“PII”). This includes: (i) matching PII against national databases, publicly available information, sanctions lists, lists of politically exposed persons and other databases that provide information on potentially illegal activity; (ii) comparison by facial recognition of your selfie image against the image provide with your identification document or other database containing your image; and (iii) tracking your PII in the context of automated monitoring of transactions undertaken by you to look for potentially fraudulent or illegal activity. In the event that we receive an automated report that there is a discrepancy, insufficiency or inaccuracy in the information provided by you, we receive a response from a service provider that your information appears on a list that prohibits our engaging with you, suggests the potential for fraudulent or illegal activity, or if our automated transaction monitoring uncovers the potential for your transactions to be fraudulent or illegal, our compliance and customer service teams will engage to review the background information that generated the automated response and determine if the information provided about you is incorrect and we can proceed to either onboard you as a user or continue to allow your use of the Application and if there are still a need for additional information, we may contact you (most likely via SMS message or email) to seek additional information or clarification. If we are unable to continue with you as a user on our platform, we may provide you with the basis for the decision.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal consequences for you or similarly significant effects. While we’re confident that the technology works, we understand that not everyone is comfortable with decisions being left entirely up to machines.
You have the right to object to an automated decision and ask that a person reviews it and/or to ask that we do not make our decision based on the automated score alone. If you want to know more about these rights or have any questions about our automated decision making processes, please contact us on using the details at the end of this Privacy Policy.
We may share information we have collected about you in certain situations. At no time will our database of users ever be sold to any entity for the purpose of marketing or mailing lists.
Your information may be disclosed as follows:
If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for financial regulation, fraud protection, prevention of terrorism, anti-corruption, money laundering, and credit risk reduction including but not limited to:
We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.
Where it is necessary for our legitimate business interests, we may use your personal data to promote our products or services to you. Where you have provided your consent, we may also share your information with third parties for marketing purposes, as permitted by law. You may withdraw your consent to receive marketing messages at any time by setting your preferences in the Application settings or by following the opt-out link contained in our marketing emails.
If you interact with other users of the Application, those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.
We may use third-party advertising companies to serve ads when you visit the Application. These companies may use information about your visits to the Application and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.
We may share your information with our affiliates. Affiliates include any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
With your consent, we may share your information with our business partners to offer you certain products, services or promotions.
We may share your information with advertisers and investors for the purpose of conducting general business analysis.
If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline honor commitments we made in this Privacy Policy
It is sometimes necessary for us to share your Personal Information outside Rwanda. These transfers are subject to special rules under Rwanda's data protection law. Not all countries have the same data protection laws as Rwanda. We will, however, ensure the transfer complies with data protection laws and all personal information will be secure. Under the data protection law, it is also necessary to make these safeguards available to data subjects if they request.
If you would like further information please contact us (see ‘Contact Us’ below).
We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorised parties. Therefore, we cannot guarantee complete security if you provide personal information.
If you no longer wish to receive correspondence, emails, or other communications from us, you may opt out by:
If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly
Under data protection law, you have a number of rights when it comes to your personal data:
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.
You have the right to obtain a copy of your information that we hold, and certain other information (similar to that provided in this Privacy Policy).
You are entitled to have your information corrected if it’s inaccurate or incomplete.
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there’s no compelling reason for us to keep using it. This is not a general right to erasure; there are exceptions.
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
You have rights to obtain and reuse your personal data for your own purposes across different services.
You have the right to object to certain types of processing, including processing based on our legitimate interests and processing for direct marketing (i.e. if you no longer want to be contacted with potential opportunities).
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator. The national data protection regulator in Rwanda is the (Rwanda National Cyber Unit)
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
We will keep your personal information while we are providing products and services to you. Thereafter, we will keep your personal information for as long as is necessary:
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. Further details on this are available on request using the contact details set out below. When it is no longer necessary to retain your personal information, we will delete or shred it as necessary.
Records regarding this procedure must be maintained in accordance with InversePay’s Data Retention Policy or as required by local or country regulations, whichever is longer.
Periodic testing on a risk-based frequency of the requirements of this procedure and testing criteria are determined under the AML Policy, in accordance with its requirements, and may include testing on systems upon which these controls are reliant.
This section explains how Inversepay ("we", "our", or "us") uses third-party software development kits (SDKs), device features, and system permissions on both iOS and Android platforms. This disclosure is provided to comply with Apple App Store and Google Play Store requirements and to ensure transparency regarding data access and usage.
We use a third-party identity verification service, Smile ID, to perform Know Your Customer (KYC), authentication, and fraud-prevention checks.
On iOS devices, the Smile ID SDK uses Apple's TrueDepth camera and ARKit framework to capture face-related information, including 3D spatial orientation and facial expressions, during the selfie capture process. This information is used solely to confirm that the selfie is being taken by a live person (liveness detection) and to reduce fraud. ARKit-based facial spatial orientation and facial expression data is processed entirely locally on the device and is not transmitted to us or to any third party.
On Android devices, Smile ID uses the device camera and platform-supported computer vision techniques to perform selfie capture and liveness detection. No Android biometric templates are accessed, and facial analysis data used for liveness detection is processed in accordance with platform security requirements.
On both platforms, only the required selfie images and document images needed for identity verification are securely transmitted to Smile ID in accordance with their privacy and security practices. We do not use this data for advertising, profiling, or any purpose unrelated to identity verification.
We request camera access on iOS and Android to enable essential app features, including QR code scanning, profile photo capture, and document capture for identity verification or transactions. Camera access is only used when you actively choose to use these features.
We support optional biometric authentication to help secure access to the app. On iOS, this includes Face ID or Touch ID via Apple's Local Authentication framework. On Android, this includes the system-provided biometric authentication framework.
Biometric information is processed entirely by the operating system on your device. We do not access, store, or transmit biometric data on either platform.
With your permission, we may collect location information on iOS and Android to detect your country or region, perform address lookups, and display maps or nearby agents. Location data may include approximate or precise location depending on your device settings and is used only while the app is in use, unless explicitly stated otherwise.
If you choose to grant access, we may read contact information from your device on iOS and Android to help you find friends or invite contacts to join the app. Contacts are accessed only with your explicit consent and are not used for advertising purposes.
Bluetooth functionality may be used on iOS and Android to support nearby device interactions, such as proximity-based payment notifications or device discovery. Bluetooth access does not allow us to read personal content stored on your device.
We may request access to your photo library or media storage on iOS and Android so you can select profile pictures or save transaction receipts. Only the photos or media items you explicitly choose to upload or save are accessed.
We use push notifications on iOS and Android to send transaction alerts, payment confirmations, and important account or security updates. You can disable notifications at any time through your device settings.
We use analytics and crash-reporting tools on both platforms to understand app usage, monitor performance, and diagnose technical issues. Information collected may include usage events, device type, operating system version, app version, and crash diagnostics. This data is used in aggregated or pseudonymous form where possible.
We collect basic technical information on iOS and Android, such as device model, operating system version, app version, and user agent information, for compatibility, security, analytics, and diagnostic purposes.
Sensitive information, such as authentication tokens and credentials, is stored securely on your device using encrypted, system-provided secure storage mechanisms (for example, the iOS Keychain or Android Keystore).
We share data with third-party service providers only when necessary to provide app functionality, comply with legal obligations, or improve our services. These providers process data in accordance with their own privacy policies and applicable laws. We do not sell your personal data.
You can manage or revoke app permissions at any time through your device settings on iOS or Android. Disabling certain permissions may limit some app features.
Our users' privacy is vital to us. We are committed to safeguarding the information entrusted to us and will continually update this policy to ensure that users' rights concerning personal information are respected. If you have questions or comments about this Privacy Policy, please contact us at support@inversepay.app.