Privacy Policy

Last updated: 1 January 2026

1. Information We Collect

We collect the following categories of personal data:

  • Identity data: Full name, date of birth, national ID number, passport number
  • Contact data: Email address, phone number, physical address
  • Financial data: Bank account details, M-Pesa number, transaction history
  • KYC data: ID document scans, selfies, proof of address documents
  • Usage data: Login times, pages visited, investment activity, device information

2. How We Use Your Data

We use your personal data to:

  • Verify your identity and comply with CMA Kenya KYC requirements
  • Process investments, deposits, and withdrawals
  • Detect and prevent fraud and money laundering
  • Send you investment confirmations, dividend notifications, and account alerts
  • Improve our platform through analytics (anonymized where possible)
  • Comply with legal and regulatory obligations

3. Data Sharing

We do not sell your personal data. We share data with trusted third parties only where necessary:

  • Smile Identity: For biometric KYC verification
  • Safaricom / M-Pesa: For payment processing
  • Banking partners: For fund custody and settlement
  • CMA Kenya: Regulatory reporting as required by law
  • Cloud providers: AWS (data stored in EU-West-1 and AF-South-1 regions)

4. Data Retention

We retain your personal data for as long as your account is active and for 7 years after closure, as required by Kenyan financial regulations. KYC documents are retained for 10 years in accordance with Anti-Money Laundering (AML) requirements.

5. Your Rights

Under Kenyan data protection law, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Request deletion of your data (subject to legal obligations)
  • Object to certain processing activities
  • Lodge a complaint with the Office of the Data Protection Commissioner

6. Security

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 in transit, multi-factor authentication, and regular penetration testing. Client funds are held in segregated accounts at regulated Kenyan banks.

7. Cookies

We use essential cookies to operate the platform and optional analytics cookies to improve it. See our Cookie Policy for full details.

8. Contact

For privacy requests or questions, contact our Data Protection Officer at privacy@mali.co.ke.