Your data. Your choice. Your financial journey.

1. Who we are

Collect is operated by:

Legal Entity

IKANISA

Email

info@ikanisa.com

For the personal data described in this Policy, IKANISA acts as the data controller unless another organisation is identified as the controller. A partner bank, insurer, payment provider or professional service provider may act as a separate data controller for the products and services it provides.

2. What this Policy covers

This Policy applies when you:

• Visit the Collect website
• Use the Collect Android or iOS application
• Use a Collect-supported USSD, SMS or WhatsApp journey
• Create or join a savings group
• Use credit-readiness services
• Submit documents for a loan application
• Express interest in an insurance product
• Join a diaspora savings group
• Contact customer support
• Participate in a pilot, event or survey
• Apply to become a bank, community or service partner

Partner banks, insurers and other external organisations may provide separate privacy notices for their services.

3. Personal data we may collect

4. How we obtain personal data

We may obtain information:

• Directly from you
• From your savings group or authorised group leader
• From a partner bank or custodian
• From a payment or mobile-money provider
• From an insurer
• From a professional service provider you instruct us to coordinate
• From identity, KYC, fraud or compliance providers
• From publicly available official registers
• Automatically from your device when you use Collect

Where another person provides information about you, we may ask that person to confirm that they are authorised to do so.

5. How we use personal data

We use personal data to:

• Create and secure your account
• Verify identity and eligibility
• Create and administer savings groups
• Reconcile contributions and update ledgers
• Send statements and transaction confirmations
• Support savings goals and repayment schedules
• Prepare credit-readiness checklists
• Review and organise loan documents
• Coordinate requested professional services
• Prepare bank-review-ready application files
• Connect you to partner banks and insurers
• Support collateral and group-consent workflows
• Prevent fraud, misuse and unauthorised access
• Meet legal and regulatory obligations
• Resolve complaints and disputes
• Improve product accessibility and performance
• Send service messages and, where permitted, marketing communications
• Produce aggregated and de-identified statistics

We do not use personal data for an unrelated purpose without an appropriate legal basis.

6. Our legal bases

Depending on the service and your location, we process personal data because:

• It is necessary to provide the service you requested
• You have given consent
• We must comply with a legal or regulatory obligation
• Processing is necessary to protect you, another person or the platform
• We or a partner have a legitimate interest that does not override your rights
• Processing is necessary to establish, exercise or defend a legal claim

You may withdraw consent where processing depends on consent. Withdrawal does not affect processing that was lawful before withdrawal.

7. How information is shared

8. International transfers

Collect may operate across Rwanda, Malta, the European Economic Area, the United Kingdom, Canada, the United States and other jurisdictions.

Where information is stored or transferred outside your country, we use appropriate legal, contractual, organisational and technical safeguards. Where required, we seek regulatory authorisation and use approved data-transfer arrangements.

Subprocessor Link: /subprocessors

9. AI and automated processing

Collect may use artificial intelligence to:

• Guide application intake
• Map lender requirements
• Extract or organise document information
• Identify missing or inconsistent information
• Generate a preparation checklist
• Prepare a draft application summary
• Support fraud and security monitoring

• Approve or reject a loan
• Set final loan pricing
• Approve or reject an insurance claim
• Issue an insurance policy

Final lending decisions remain with the partner lender. Insurance decisions remain with the licensed insurer. You may request human support, challenge inaccurate information and ask for correction of your records.

Recommended Trust Commitment Subject To Technical Confirmation: Collect does not use customers’ private financial documents to train publicly available AI models.

10. How long we retain information

We keep personal data only for as long as needed to:

• Operate your account and requested services
• Maintain accurate group and transaction records
• Meet KYC, AML, accounting, tax and regulatory requirements
• Prevent fraud and protect security
• Resolve disputes
• Establish or defend legal claims
• Enforce agreements

Retention periods may differ by data type and partner. When a retention period ends, information is securely deleted, destroyed or irreversibly anonymised. Some records may be retained after account deletion where required by law, contract, fraud-prevention requirements or an active legal dispute.

11. Your privacy rights

Depending on applicable law, you may request to:

• Access personal data we hold about you
• Receive a copy of your data
• Correct inaccurate or incomplete information
• Export data in a structured format
• Object to certain processing
• Restrict processing
• Withdraw consent
• Stop direct marketing
• Request deletion
• Challenge a decision based solely on automated processing
• Ask who has received your data
• Complain to a data-protection authority

Email

info@ikanisa.com

Form

/privacy-request

We may need to verify your identity before completing a request.

12. Account deletion and data deletion

13. Security and trust

We use safeguards designed to protect personal data, including:

• Encryption in transit and at rest
• Role-based access controls
• Authentication and session controls
• Audit logs
• Secure development and testing
• Vendor due diligence
• Segregation of customer and operational data
• Incident monitoring and response
• Employee confidentiality and training
• Data minimisation
• Backup and recovery controls

No technology system is completely risk-free. If a breach affects your rights or legally requires notification, we will notify affected users and the appropriate authority.

• We do not sell personal data.
• We do not hold customer deposits on Collect’s balance sheet.
• We do not make final loan or insurance decisions.
• We explain when a partner will receive your information.
• We provide routes to access, correct and delete eligible data.
• We limit group-member visibility to information needed for group operation.
• We document important processing and partner access.

14. Cookies and website analytics

We may use:

• Essential cookies
• Security cookies
• Preference cookies
• Performance and analytics cookies
• Marketing cookies, where consent is required

You can manage optional cookies through Cookie Settings. See the separate Cookie Policy.

Link: /cookies

15. Children

Collect is not intended for people under the minimum age required by applicable law, except where a specific youth product is lawfully offered with verified consent from a parent or guardian. We do not knowingly create an ordinary financial account for a child without the required authorisation.

16. Marketing

You may opt out of marketing communications at any time by selecting Unsubscribe, changing app communication settings or contacting info@ikanisa.com. We may still send essential security, transaction, policy or service communications.

17. Changes to this Policy

We may update this Policy as Collect, our partners or legal requirements change. Material changes will be communicated through the app, website, email, SMS or another appropriate channel. The latest version will always show its effective date.

18. Contact and complaints

Email

info@ikanisa.com

You may also lodge a complaint with the competent data-protection authority.