Privacy Policy
1. Introduction
Effective Date: April 25, 2026
GANJI TECH LIMITED, doing business as "GanjiPesa", registered in Kenya under Registration No. PVT-7815K3WV, with registered office at Thika Superhighway, Githurai, Ruiru, Kiambu County, Kenya ("we", "us", "Company"), operates the GanjiPesa mobile application. For privacy inquiries, contact us at help@ganjipesa.com.
This Privacy Policy explains how we access, collect, use, store, share, and protect your personal information when you use our mobile application and services, in compliance with the Kenya Data Protection Act, No. 24 of 2019 and the Central Bank of Kenya's regulatory framework for digital lending.
GanjiPesa is a secure mobile app that provides instant digital loans to eligible users in Kenya. Apply anytime with a simple process, enjoy fast approval, and choose flexible repayment options that suit your needs. We are committed to responsible lending and transparent fees, ensuring a safe and reliable borrowing experience.
By downloading or using the GanjiPesa app, you agree to be bound by this Privacy Policy. Our services are intended for persons aged 18 years and above.
2. Definitions
Personal Data means any information relating to an identified or identifiable natural person, including identity, contact, financial, device, and transaction data.
Sensitive Personal Information refers to categories requiring heightened protection under the Data Protection Act, 2019, including biometric data used for identity verification and government-issued identification numbers.
Services means the lending and financial services provided through the GanjiPesa mobile application.
3. Consent
By using the GanjiPesa app, you consent to the collection and processing of your personal information for legitimate business purposes, including credit assessment and loan provision.
The legal basis for processing your personal data is established under Section 30(1)(a) of the Kenya Data Protection Act, 2019. We may also process your data on other lawful bases including: performance of a contract, compliance with legal obligations (AML/CFT requirements), and legitimate interest (fraud prevention, service improvement).
You may withdraw your consent at any time by contacting help@ganjipesa.com. Withdrawal of consent does not affect the lawfulness of any processing performed before the withdrawal. Please note that withdrawing consent may result in our inability to provide some or all services to you.
4. Information We Collect
Identity Data: Name, date of birth, gender, national ID number, marital status, education level, and income information.
Contact Data: Residential address and email address.
Emergency Contacts: During the loan application process, users are required to provide the names and phone numbers of two emergency contacts for identity verification and account support purposes.
Device and Technical Data: Device model, operating system version, unique device identifiers (IMEI), IP address, network type, and app installation source.
Usage Data: App session info, feature usage, and crash reports.
Third-Party Data: Credit reports from bureaus (TransUnion, Metropol, CreditInfo) and government verification results.
5. Device Permissions
6. How We Use Your Information
We use your information to: process loan applications, assess creditworthiness, verify identity (KYC), comply with AML/CFT regulations, prevent fraud, manage debt collection if needed, improve our services, provide customer support, and send marketing communications (you can opt out).
Our legal basis includes: your consent, performance of contract, legal obligations, and legitimate interest in fraud prevention and service improvement.
7. Automated Decision-Making
We use automated systems to assess loan applications and creditworthiness. You have the right to request human review of any decision that affects you. Contact help@ganjipesa.com for a review.
8. Information Sharing
We share your personal data with: Credit Reference Bureaus (TransUnion, Metropol), debt collection agencies (if needed), government and regulatory authorities, service providers (cloud hosting, analytics), and for mergers/acquisitions.
We do not sell your personal data to third parties for their own marketing purposes.
9. Emergency Contacts
During loan application, you may provide emergency contact information for identity verification and to contact them if we cannot reach you regarding overdue payments. We will not send marketing communications to your emergency contacts.
10. Data Security
We implement comprehensive security measures including: encryption (TLS 1.2+ in transit, AES-256 at rest), role-based access control, employee background checks, regular security training, secure data center hosting, continuous monitoring, and incident response procedures.
11. Data Retention & Deletion
Data Retention
Your personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. We retain account, identity, transaction, and KYC data for 7 years after your account is closed or transactions are completed (AML/CFT requirements). Credit scoring data is retained for 5 years after account closure. Device and technical data is kept for 2 years, while SMS transaction data is retained for 12 months. Marketing preferences are kept until consent is withdrawn.
Data Deletion
You may request deletion of your personal data at any time by contacting help@ganjipesa.com. We will delete your data within 30 days, unless legal requirements mandate retention (such as AML/CFT compliance). When data is no longer required, it is securely deleted or anonymized using industry-standard methods. Anonymized data may be retained indefinitely for analytical purposes.
12. Children's Privacy
Our services are intended for persons aged 18 years and above. We do not knowingly collect data from minors. If we become aware of inadvertently collecting data from someone under 18, we will delete it immediately. Contact help@ganjipesa.com if you believe this has occurred.
13. Your Rights
Under the Kenya Data Protection Act, 2019, you have the following rights: Right of Access, Right to Rectification, Right to Erasure, Right to Restrict Processing, Right to Data Portability, Right to Object, Right to Withdraw Consent, Right to Human Review of Automated Decisions, and Right to Lodge a Complaint with the ODPC. To exercise any of these rights, contact help@ganjipesa.com.
14. SDK Disclosure
Google Firebase / Google Analytics — Provider: Google LLC. Data collected: app usage statistics, crash reports, performance metrics, device information. Purpose: analytics, performance monitoring, crash reporting, and app improvement. Firebase is configured with data sharing disabled. Privacy policy: policies.google.com/privacy
AppsFlyer — Provider: AppsFlyer Ltd. Data collected: device identifiers (GAID, IDFA), install attribution data, in-app event data. Purpose: marketing attribution, campaign measurement, and optimization of user acquisition. Privacy policy: www.appsflyer.com/privacy-policy
All data transmitted to third-party SDKs is encrypted via HTTPS. We periodically review the SDKs we use and will update this section if we add or replace any SDK.
15. Cookies
Our primary service is delivered through a mobile application. When accessing our website, we may use cookies for security, analytics, and functional purposes. You can manage cookie preferences through your browser settings. We do not use marketing cookies.
16. Policy Changes
We may update this Privacy Policy periodically. Significant changes will be notified via app push notification or email at least 14 days before taking effect. Your continued use of the app after the effective date constitutes acceptance of the changes. The current version is available at www.ganjipesa.com/privacy.
17. Contact Us
GANJI TECH LIMITED
Thika Superhighway, Githurai, Ruiru, Kiambu County, Kenya
Email: help@ganjipesa.com
Website: www.ganjipesa.com