Skip to main content
Legal

Privacy Policy

Last updated April 18, 2026

Thank you for choosing to be part of our community at Njangy ("Company", "we", "us", or "our"). We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns, please contact us at support@njangy.com.

Njangyoperates a community finance platform providing ROSCA (Rotating Savings and Credit Association) services, peer-to-peer loans, savings accounts, sponsorships, and raffles. Given the financial nature of our services, we take data protection and regulatory compliance particularly seriously. This privacy policy applies to all information collected through our website, mobile applications, and related services (collectively, the "Services").

What Information Do We Collect?

Information you provide directly

  • Name, email address, and account credentials
  • Location data (country, city, postal code, coordinates) for regulatory compliance
  • Profile information (avatar, display preferences, privacy mode settings)
  • Payment information (processed by our payment partners, we do not store card numbers)
  • Communication preferences (notification and email opt-in/opt-out)

Identity verification data (KYC)

As a financial services platform, we are required to verify your identity. We use Veriff, a third-party identity verification provider, to collect and process:

  • First name, last name, and date of birth
  • Government-issued identification documents (passport, national ID, driver's license)
  • Biometric data (facial recognition for document matching)
  • Verification status and decision history

Veriff processes this data under its own privacy policy and data processing agreement. Identity documents are stored by Veriff, not in our systems. We receive only verification status (accepted/rejected) and basic identity fields.

Information collected automatically

  • IP address, browser type, device information, and operating system
  • Session data, page interactions, and error reports (via Sentry)
  • Session replay data for debugging, Sentry may record anonymized session replays when errors occur
  • Device tokens for push notification delivery (via Firebase Cloud Messaging)

Financial activity data

  • All transactions: deposits, withdrawals, savings payments, house plays, loan disbursements, sponsorship contributions, raffle entries
  • ROSCA house membership data: collection dates, play amounts, contribution history
  • Savings account balances and payment schedules
  • Commission charges and fee history

How Do We Use Your Information?

  • Account and identity management , To create your account, verify your identity through Veriff KYC, and maintain account security.
  • Financial service delivery , To operate ROSCA houses, process savings contributions, manage loan disbursements, facilitate sponsorships, and run raffles.
  • Payment processing , To facilitate deposits and withdrawals through Stripe, PayPal, MTN Mobile Money, and Orange Money.
  • Regulatory compliance , To comply with know-your-customer (KYC), anti-money laundering (AML), and financial services regulations.
  • Commission and fee calculation , To calculate and apply platform commissions on financial transactions as disclosed in our fee schedule.
  • Error monitoring , To identify and fix technical issues using error tracking and session replay.
  • Communications , To send transactional emails (account confirmations, payment receipts, verification status updates) and, with your consent, promotional communications.
  • Security and fraud prevention , To detect unauthorized access, prevent fraud, and protect the integrity of financial transactions.

Who Do We Share Your Information With?

  • Identity verification , Veriff (KYC identity verification, biometric processing). Veriff processes identification documents and biometric data under its own privacy policy.
  • Payment processors , Stripe (card payments and payouts), PayPal (deposits/withdrawals), MTN Mobile Money, and Orange Money (mobile payments). These processors handle payment data directly under their own policies.
  • Error monitoring , Sentry (error tracking and anonymized session replay).
  • Push notifications , Firebase Cloud Messaging (device tokens for notification delivery, opt-in only).
  • Email delivery , Resend (transactional email processing).
  • Database and hosting , Supabase (PostgreSQL database), Vercel (website hosting).
  • Regulatory authorities , We may disclose information to financial regulators, law enforcement, or other authorities as required by law.

We do not sell your personal information. We do not use your data for third-party advertising.

Data Retention

  • Account data , Retained for the duration of your account. Upon deletion, data is soft-deleted and permanently purged after 30 days.
  • Financial transaction records , Retained for 7 years as required by financial regulations and tax law.
  • KYC verification records , Verification status retained for the duration of your account. Identity documents are retained by Veriff under its data retention policy.
  • Audit trail , Immutable records of all account and financial changes are retained for regulatory compliance and cannot be deleted.

Account Deletion

You may request account deletion via the DELETE ACCOUNT button in your profile. Your account is immediately deactivated and data is soft-deleted. After 30 days, personal data is permanently purged. Financial transaction records and audit trails are retained for 7 years as required by law.

Data Security

We implement technical and organizational security measures including: TLS/HTTPS encryption for all data in transit, row-level security (RLS) on all database tables, role-based access control, bcrypt password hashing, and HMAC-SHA256 signature verification on all payment and verification webhooks from Veriff, Stripe, and other partners.

Your Privacy Rights

  • Access , Request a copy of your personal data.
  • Rectification , Correct inaccurate data.
  • Erasure , Request deletion (subject to financial record retention requirements).
  • Restriction , Limit processing in certain circumstances.
  • Portability , Receive your data in a structured format.
  • Objection , Object to processing based on legitimate interests.
  • Withdraw consent , Withdraw consent for notifications and marketing at any time.

To exercise your rights, contact support@njangy.com. We will respond within 30 days.

Minors

Our Services are for adults aged 18 and over. We do not knowingly collect data from minors. Identity verification via Veriff includes age checking. If we discover a minor's data has been collected, we will deactivate the account and delete the data immediately.

Data Breach Notification

In the event of a personal data breach, we will notify the applicable supervisory authority within 72 hours. If the breach poses a high risk to your rights, we will notify you directly without undue delay.

Changes to This Policy

Material changes will be communicated via email or prominent notice on our website. The date at the top of this page indicates the most recent revision.

Contact Us

Data Protection Officer: support@njangy.com. We will respond within 30 days.