Privacy & Data Protection

How Danipa handles your personal data — what we collect, why, how it's protected, and your rights as a user.

Overview

Your privacy matters. This guide explains in plain language what data Danipa collects, why we need it, how we protect it, and what rights you have over your information.

For the full legal privacy policy, see Privacy Policy.

What Data We Collect

Account Information

Data	Why We Need It
Full name	Identity verification and transaction records
Phone number	Account login, SMS verification, mobile money linking
Email address	Receipts, notifications, account recovery
Date of birth	Age verification and KYC compliance
Country of residence	Regulatory compliance and service availability
Profile photo	Optional — for personalization

Identity Documents (KYC)

Data	Why We Need It
Government ID photo	Identity verification required by financial regulations
Selfie	Matching your face to your ID to prevent fraud
Proof of address	Required for Premium tier verification

Transaction Data

Data	Why We Need It
Transaction amounts	Processing your payments
Recipient details	Delivering funds to the correct person
Transaction timestamps	Record-keeping and dispute resolution
Payment method	Processing through the correct provider
IP address	Security monitoring and fraud prevention

Device Information

Data	Why We Need It
Device type and model	App compatibility and security
Operating system	App updates and compatibility
App version	Support and troubleshooting
Device ID	Fraud prevention (detecting unauthorized devices)

Usage Data

Data	Why We Need It
Features used	Improving the app experience
Error logs	Fixing bugs and crashes
Performance metrics	Ensuring the app runs smoothly

How We Protect Your Data

Encryption

In transit: All data between your device and Danipa servers is encrypted using 256-bit TLS (the same standard used by banks)
At rest: Your data is encrypted on our servers using AES-256 encryption
Documents: KYC documents are stored in encrypted, access-controlled storage

Access Controls

Only authorized personnel can access customer data
Access is role-based — support agents see only what's needed to help you
All data access is logged and audited
KYC documents are reviewed by trained verification staff only

Infrastructure

Servers hosted in secure, certified data centers
Regular security audits and penetration testing
Real-time monitoring for unauthorized access attempts
Automatic account locking on suspicious activity

Data Minimization

We only collect data that's necessary for providing our services. We don't:

Sell your data to third parties
Use your data for targeted advertising
Collect more information than required
Track your location (except when you voluntarily use "Find an Agent")

Your Rights

You have the following rights regarding your personal data:

Right to Access

You can request a copy of all data Danipa holds about you:

Go to Settings → Privacy → Request My Data
We'll prepare your data within 30 days
You'll receive a secure download link via email

Right to Correction

If your data is incorrect:

Go to Settings → Profile to update basic information yourself
For KYC-related corrections, contact support — you may need to resubmit documents

Right to Deletion

You can request deletion of your account and associated data:

Go to Settings → Account → Delete Account
Your account is deactivated for 30 days (you can cancel during this period)
After 30 days, personal data is permanently deleted

Note: We're required by financial regulations to retain transaction records for a minimum period (typically 5–7 years) even after account deletion. These records are anonymized where possible.

Right to Data Portability

You can export your data in a machine-readable format:

Go to Settings → Privacy → Export Data
Select the data types (transactions, profile, statements)
Choose format: JSON or CSV
Download your data

Right to Object

You can opt out of non-essential data processing:

Marketing communications: Settings → Notifications → turn off promotional notifications
Usage analytics: Settings → Privacy → Analytics → turn off

Data Sharing

When We Share Your Data

Recipient	What's Shared	Why
Mobile money providers (MTN, etc.)	Phone number, amount	To process your transaction
Payment partners	Transaction details	To complete cross-border transfers
KYC verification services	ID documents	To verify your identity
Law enforcement	As legally required	In response to valid legal requests

When We Never Share

We never sell your data to advertisers, data brokers, or marketing companies
We never share your full ID documents with merchants
We never give third parties access to your transaction history for commercial purposes

Data Retention

Data Type	Retention Period
Account information	Duration of account + 30 days after deletion
Transaction records	7 years (regulatory requirement)
KYC documents	7 years after account closure (regulatory requirement)
Usage analytics	12 months
Error logs	6 months
Support conversations	3 years

Cookies and Web

If you use Danipa on the web:

Essential cookies — required for login and security (always active)
Analytics cookies — help us improve the website (opt-in)
No advertising cookies — we don't serve ads

Manage cookie preferences at the bottom of any web page.

Children's Privacy

Danipa is not intended for users under 18 years of age. We do not knowingly collect data from minors. If we discover that a minor has created an account, it will be closed and the data deleted.

Changes to Privacy Practices

If we make significant changes to how we handle your data:

You'll receive an in-app notification
An email will be sent to your registered address
Changes are summarized in plain language
You'll have 30 days to review before changes take effect
You can close your account if you disagree with the changes

Contact

For privacy-related questions or requests:

Email: privacy@danipa.com
In-app: Settings → Privacy → Contact Privacy Team
Mail: Danipa Business Systems Inc., Kitchener, Ontario, Canada