Privacy Policy

Last updated: February 20, 2026

1. Introduction

Pesaflow ("we", "our", or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our payment processing platform and related services.

2. Information We Collect

We collect the following types of information:

Personal Information

  • Name, email address, and phone number
  • Business information (for merchant accounts)
  • KYC documentation (government-issued ID, business registration)
  • Bank account and payment details

Transaction Data

  • Payment amounts, dates, and recipients
  • Transaction status and settlement details
  • Payment channel used (M-Pesa, card, bank transfer)

Technical Information

  • IP address and browser information
  • Device type and operating system
  • API usage logs and access patterns

3. How We Use Your Information

  • Processing and facilitating payment transactions
  • Verifying your identity and preventing fraud
  • Providing customer support and resolving disputes
  • Complying with legal and regulatory requirements
  • Improving our Services and developing new features
  • Sending important notices about your account and transactions

4. Data Sharing

We may share your information with:

  • Payment providers — to process transactions (e.g., Safaricom for M-Pesa)
  • Financial institutions — for settlement and fund transfers
  • Regulatory authorities — when required by law
  • Service providers — who assist with fraud detection, analytics, and infrastructure

We do not sell your personal information to third parties.

5. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest, secure API authentication, regular security audits, and access controls. All payment card data is handled in compliance with PCI DSS standards. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our Services. Transaction records are retained for the period required by applicable financial regulations (typically 7 years). You may request deletion of your account data, subject to our legal and regulatory obligations.

7. Your Rights

You have the right to:

  • Access your personal data we hold
  • Request correction of inaccurate data
  • Request deletion of your data (subject to legal requirements)
  • Object to processing of your data
  • Request data portability
  • Withdraw consent where processing is based on consent

8. Cookies

We use essential cookies to maintain your session and preferences. We may also use analytics cookies to understand how you interact with our platform. You can manage your cookie preferences through your browser settings.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, sending you an email notification. Your continued use of our Services after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact our Data Protection Officer at privacy@pesaflow.ai