Privacy Policy
1. Introduction
ChapaaNow is a digital lending application operated by Juventus Tech Limited, providing
short-term loan services to eligible users in Kenya. We are committed to protecting your privacy and
handling your personal data in a transparent, secure, and lawful manner.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you
use the ChapaaNow mobile application ("App") and related services. This policy is designed to comply
with Google Play Developer Program Policies, the Kenya Data Protection Act,
2019, and other applicable regulations.
2. Information We Collect
2.1 Information You Provide
When you register for and use our application, and when you apply for a loan, we collect certain personal
information that you voluntarily provide to us. This information is required to create and manage your
account, assess your loan eligibility, and provide our loan services to you.
The information you may provide includes:
- Full name
- National identity card number
- Date of birth
- Mobile phone number
- Email address
- Employment and income-related information
- Emergency contact names and phone numbers (provided by you voluntarily)
We collect and use this information solely for legitimate purposes such as identity verification, credit
risk assessment, loan processing, customer support, and compliance with applicable laws and regulations.
2.2 Information Collected Automatically
When you use the App, we may collect:
- Device information (model, OS version, device identifiers)
- App usage data and logs
- Approximate location (for fraud prevention and compliance)
- IP address and network information
2.3 Information from Third Parties
We may receive information from:
- Mobile payment providers (e.g., M-PESA)
- Credit reference bureaus (where legally permitted)
- Identity verification and fraud prevention partners
3. App Permissions and Their Purpose
ChapaaNow requests only the permissions necessary to provide loan services:
- SMS: We access SMS messages solely for verifying financial transactions, detecting
fraud, and assessing creditworthiness. We do not read personal or private messages unrelated to
financial activity. Our systems automatically filter and extract only the transaction-related
information needed for credit evaluation.
- Contacts: This permission is used exclusively to simplify the process when you
choose to provide emergency contact information. When you initiate the emergency contact input
process, the system allows you to quickly select from your existing contacts. We do not access,
store, or upload your entire contact list, and we never use this permission for any other purpose.
- Location (Approximate): Location data is collected to verify your geographical
presence, prevent fraudulent activities, and ensure compliance with local regulatory requirements.
We only use approximate location data (not precise GPS coordinates) and do not share your location
information with third parties.
- Installed Applications: We collect limited metadata about certain financial-related
applications installed on your device
solely for credit risk assessment, fraud prevention, and platform security purposes.
- The collected information is strictly limited to non-content metadata, including: Application
name,
Version code, First installation date, Last update date.
- We do not access, collect, or transmit any in-app content, usage data, login credentials,
messages,
private information, or data unrelated to financial risk evaluation.
- All collected data is securely processed and stored in accordance with our Privacy Policy and
applicable data protection laws. We do not sell, rent, or share installed application data with
unauthorized third parties.
- Device Information: We access device-level information such as hardware model,
operating system version, unique device identifiers, and network information. This data is used to
maintain system security, detect suspicious activities, ensure app compatibility, and improve the
overall user experience.
Permissions are requested transparently and only after user consent. You may manage permissions through
your device settings at any time.
All collected data is encrypted and uploaded to our secure servers at https://core.chapaanow.com to ensure data
integrity and security during transmission.
4. How We Use Your Information
We use your data to:
- Verify identity and comply with KYC requirements
- Assess loan eligibility and credit risk
- Process loan applications and repayments
- Communicate important account and repayment information
- Prevent fraud and unauthorized activity
- Comply with legal and regulatory obligations
5. Data Sharing and Disclosure
We do not sell your personal data.
We may share data only with:
- Licensed payment processors and financial institutions
- Credit reference bureaus (as required by law)
- Fraud detection and compliance service providers
- Government or regulatory authorities when legally required
We do not share user data with advertising networks or use personal data for targeted
advertising.
6. Data Storage and Security
- All data is transmitted using secure encrypted channels (HTTPS).
- User data is encrypted and uploaded to our server at https://core.chapaanow.com
- Personal data is stored on secure servers located in compliance with Kenyan data protection laws.
- We implement technical and organizational safeguards including encryption, access controls, and
regular security audits.
While we take reasonable measures to protect your data, no system is completely secure.
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy
Policy or as required by law. Specifically:
- Account Data Retention:
- For active accounts: We retain your personal data for as long as your account is active and
for a reasonable period thereafter to address any post-account closure issues and fulfill
legal obligations.
- For inactive accounts: We may retain your personal data for the minimum period necessary to
comply with applicable laws, regulations, and contractual obligations, and to protect our
legal rights.
- Credit Information: We retain your credit information as required by applicable
laws and credit reference bureaus, including the retention periods specified by regulatory
authorities and industry standards.
- Legal Compliance Retention: We may retain your personal data for extended periods
to establish, exercise, or defend legal claims, and to address any potential legal disputes or
regulatory investigations.
- User Right to Request Deletion: You have the right to request the deletion of your
personal data at any time, subject to our legal and regulatory obligations to retain certain
information. If you request deletion, we will promptly review your request and delete your personal
data, except for data we are required to retain by law or for legitimate business purposes. In such
cases, we will take reasonable steps to anonymize the retained data to the extent possible.
8. User Rights
Under the Kenya Data Protection Act (2019), you have the following rights regarding your personal data,
subject to applicable laws and regulatory requirements:
Right of Access:
You have the right to request confirmation of whether we process your personal data and to obtain a copy
of such data.
Right of Correction:
You have the right to request correction of inaccurate, outdated, or incomplete personal data.
Right of Erasure:
You may request deletion of your personal data where legally permissible, such as where the data is no
longer necessary for the purposes for which it was collected. This right is subject to our legal and
regulatory obligations, including financial record-keeping requirements.
Right to Restrict Processing:
You have the right to request restriction of processing of your personal data in specific circumstances
provided by law.
Right to Data Portability:
Where applicable, you have the right to receive your personal data in a structured, commonly used, and
machine-readable format, and to request transfer to another data controller where technically feasible.
Right to Object:
You have the right to object to the processing of your personal data where such processing is based on
our legitimate interests, unless we demonstrate compelling legitimate grounds.
Right to Withdraw Consent:
Where processing is based on your consent, you may withdraw such consent at any time. Withdrawal of
consent does not affect the lawfulness of processing conducted prior to withdrawal.
To exercise any of the above rights, please contact us at cs@chapaanow.com. We may need to verify your identity before
processing your request and will respond within the timeframes required by applicable law.
9. Children’s Privacy
ChapaaNow is not intended for users under the age of 18. We do not knowingly collect personal data from
minors.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Any changes will be communicated through the App or
our website, and the updated policy will take effect upon publication.
12. Acceptance of Policy
By using the ChapaaNow App, you acknowledge that you have read and understood this Privacy Policy and
agree to its terms.
Version: 1.0
Effective Date: January 10, 2026
