Effective Date: March 2026

Privacy Policy

Vixzz Technology Ltd

1

Overview

Vixzz Technology Ltd (“Vixzz”, “we”, “our”, or “us”) operates a digital payments and mobile money platform that enables users, merchants, billers, and agents to initiate, receive, process, and manage electronic financial transactions.

This Privacy Policy explains how we collect, use, store, share, and protect personal data in compliance with:

  • The Kenya Data Protection Act, 2019
  • Central Bank of Kenya (CBK) regulations
  • Applicable AML/CFT and financial services laws

This policy applies to all Vixzz services, including mobile applications, POS systems, web platforms, and APIs.

2

Categories of Data We Collect

2.1 Identity Information

  • Full legal name
  • National ID or passport number
  • Date of birth
  • Phone number
  • Email address
  • Physical or business address

2.2 Business & Agent Information

  • Business registration details
  • Merchant or biller account information
  • Agent accreditation and onboarding records

2.3 Financial & Transaction Information

  • Wallet and account identifiers
  • Transaction records (P2P, merchant payments, biller payments, deposits, withdrawals)
  • Settlement and reconciliation data
  • Linked bank account references (securely stored and masked)

2.4 Technical Information

  • Device identifiers
  • IP address
  • Application and operating system information
  • POS terminal identifiers
  • Access logs and timestamps

2.5 Compliance & Risk Data

  • KYC verification results
  • AML and fraud monitoring indicators
  • Transaction risk scores
  • Regulatory and audit records
3

Purpose of Data Processing

We process personal data strictly for the following purposes:

  • Account creation and management
  • Transaction processing and settlement
  • Identity verification and regulatory compliance
  • Fraud prevention, risk monitoring, and system security
  • Customer, merchant, biller, and agent support
  • Regulatory reporting and audit requirements
  • System performance, reliability, and operational integrity

We do not use personal data for unrelated purposes.

4

Legal Basis for Processing

We process data based on:

  • Performance of contractual obligations
  • Compliance with legal and regulatory requirements
  • Legitimate interests related to security and fraud prevention
  • User consent, where required by law
5

Data Sharing & Disclosure

We may disclose information only to:

5.1 Regulators & Authorities

  • Central Bank of Kenya
  • Law enforcement or regulatory bodies where legally required

5.2 Licensed Financial Partners

  • PSP license partners
  • Settlement and partner banks
  • Card and payment network providers

5.3 Service Providers

  • Cloud infrastructure providers
  • Security, monitoring, and compliance service providers
  • Communication and notification services

All third parties are contractually obligated to protect data confidentiality and security.

6

AML, Fraud & Monitoring

Vixzz operates continuous transaction monitoring to detect:

  • Fraud
  • Money laundering
  • Terrorist financing
  • Unauthorized or suspicious activity

Where required, transactions may be restricted, delayed, or reported to relevant authorities in accordance with law.

7

Data Retention

We retain data:

  • As long as an account remains active
  • As required by CBK and applicable laws
  • For audit, dispute resolution, and legal obligations

Data is securely deleted or anonymized once retention requirements expire.

8

Data Security

We implement appropriate technical and organizational safeguards, including:

  • Encryption of sensitive data
  • Secure authentication and authorization controls
  • Role-based access management
  • Monitoring, logging, and audit trails
  • Network and infrastructure security controls

Access to personal data is limited to authorized personnel only.

9

User Rights

Subject to applicable law, users may:

  • Request access to their personal data
  • Request correction of inaccurate information
  • Request deletion where legally permissible
  • Object to certain processing activities

Requests are handled in accordance with legal and regulatory obligations.

10

Responsibilities of Merchants, Billers & Agents

Merchants, billers, and agents using the Vixzz platform must:

  • Protect customer data
  • Use data only for authorized transactions
  • Comply with applicable data protection laws
  • Report suspected fraud or misuse immediately

Failure to comply may result in suspension or termination.

11

Cross-Border Processing

Where necessary for operational or regulatory purposes, data may be processed outside Kenya under appropriate safeguards consistent with applicable law.

12

Policy Updates

This Privacy Policy may be updated periodically to reflect legal, regulatory, or operational changes. Updated versions will be made available through official Vixzz channels.

13

Contact Information

Vixzz Technology Ltd

Privacy Inquiries
privacy@vixzz.com
General Support
support@vixzz.com