Skip to main content
Legal

GDPR Compliance

Last updated April 18, 2026

This statement explains how Njangy complies with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Economic Area (EEA). Njangy operates a community finance platform and processes financial and identity data subject to both GDPR and financial services regulations.

Legal Basis for Processing

  • Contract , Processing account data, financial transactions, house membership, and savings is necessary to provide the services you registered for.
  • Legal obligation , KYC/AML regulations require identity verification (via Veriff), transaction recording, and retention of financial records for a minimum of 7 years.
  • Legitimate interests , Error monitoring (Sentry), fraud prevention, and platform security.
  • Consent , Push notifications and promotional emails are sent only with your opt-in consent.

Data We Process

  • Identity data , Name, email, avatar, verification status, account role
  • KYC data , First/last name, date of birth, identification documents, biometric data (processed by Veriff, not stored locally)
  • Location data , Country, city, postal code, coordinates (regulatory compliance)
  • Financial data , Wallet balance, transaction history, house membership, savings balances, commission records. Payment card data handled by Stripe/PayPal (not stored locally).
  • Technical data , IP address, browser type, device info, error logs (Sentry), session replays

Data Processors (Sub-processors)

  • Veriff OÜ , Identity verification (KYC), biometric processing. Estonian company, GDPR-compliant. Processes identification documents and facial biometrics.
  • Supabase Inc. , Database hosting (PostgreSQL), user authentication.
  • Vercel Inc. , Website hosting and CDN.
  • Stripe Inc. , Card payment processing and payouts.
  • PayPal Holdings Inc. , Payment processing.
  • Functional Software Inc. (Sentry) , Error tracking and performance monitoring.
  • Google LLC (Firebase) , Push notification delivery.
  • Resend Inc. , Transactional email delivery.

Data Retention

  • Account data , Duration of account plus 30-day soft-delete period.
  • Financial records , 7 years (regulatory requirement for financial services).
  • KYC records , Verification status retained locally; documents retained by Veriff per its retention policy.
  • Audit trail , Immutable, retained indefinitely for regulatory compliance.
  • Error logs , 90 days (Sentry).

Your GDPR Rights

  • Access (Art. 15) , Request a copy of all personal data we hold.
  • Rectification (Art. 16) , Correct inaccurate data via account settings or by contacting us.
  • Erasure (Art. 17) , Request deletion. Financial records and audit trails are exempt due to regulatory retention requirements.
  • Restriction (Art. 18) , Limit processing while disputes are resolved.
  • Portability (Art. 20) , Receive your data in JSON format.
  • Object (Art. 21) , Object to legitimate-interest processing.
  • Withdraw consent (Art. 7) , Withdraw notification/marketing consent via account preferences.

Contact dpo@njangy.com to exercise your rights. Response within one month; complex requests may take up to three months with notice.

Biometric Data (Veriff KYC)

During identity verification, Veriff processes biometric data (facial recognition) to match your face against your identification document. This processing is necessary for KYC/AML compliance (legal obligation). Biometric data is processed and stored by Veriff, not by Njangy. Veriff's processing complies with GDPR Art. 9(2)(g), substantial public interest in preventing financial crime.

International Data Transfers

Your data may be transferred outside the EEA. We ensure safeguards via Standard Contractual Clauses (SCCs) and only use sub-processors with equivalent data protection standards.

Data Breach Notification

We will notify the supervisory authority within 72 hours (Art. 33) and affected individuals without undue delay if high risk (Art. 34).

Data Protection Officer

DPO contact: dpo@njangy.com.

Supervisory Authority

You may lodge a complaint with your local data protection authority.

Contact

General: support@njangy.com | Data protection: dpo@njangy.com