Privacy Policy

Last updated: January 2025

1. Who We Are

MFI Digit (“we”, “us”, “our”) provides WhatsApp-based financial services infrastructure for regulated financial institutions, including Microfinance Institutions (MFIs), Credit Unions, and other member-based financial organizations.

We act solely as a technology service provider. The financial institutions using our platform remain responsible for their customer relationships, financial decisions, and regulatory obligations.

2. Our Role in Data Processing

MFI Digit operates as a data processor on behalf of its financial institution clients. These institutions act as the data controllers for member and customer information.

We process data only in accordance with documented instructions from our clients and applicable financial and data protection regulations.

3. Data We Process

Depending on the services enabled by a financial institution, we may process:

• Phone numbers – to deliver messages and verify member identity via WhatsApp
• Message content – service requests, confirmations, and guided interactions
• Transaction-related data – as required to process member requests
• Interaction metadata – delivery status, timestamps, and flow completion events

4. Purpose of Processing

We process data strictly to:

• Verify member identity and authenticate requests
• Enable account inquiries and service requests
• Support loan, repayment, savings, and payment workflows as configured by the institution
• Deliver confirmations, receipts, and notifications
• Enable escalation to human agents when required

We do not use personal data for advertising, marketing, profiling, or purposes unrelated to the financial services being provided.

5. Data Sharing

Data may be transmitted to the following parties, strictly as required:

• WhatsApp Business Platform – for message delivery and interaction handling
• Financial institution clients – the institutions whose members are being served
• Payment service providers – such as mobile money operators, where applicable
• Infrastructure providers – secure cloud and hosting services required for operation

We do not sell personal data and do not share data for unrelated third-party purposes.

6. Data Retention

• Authentication codes: deleted within minutes of use or expiration
• Message and interaction logs: retained for up to 90 days for support and verification
• Transaction records: retained as required by applicable financial regulations and institutional agreements, which may vary by jurisdiction

7. Security Measures

We implement security controls appropriate for regulated financial environments, including:

• Encrypted WhatsApp messaging via the WhatsApp Business Platform
• Encryption in transit (TLS) and at rest for stored data
• Role-based access controls and authentication
• Comprehensive logging and audit trails
• Regular security reviews and system monitoring

8. Member Rights

Members and customers should exercise their data rights through their financial institution, which remains the data controller. This includes:

• Access to personal data
• Correction or deletion requests
• Opt-out of WhatsApp-based services

9. Contact

For platform-level privacy inquiries, please contact MFI Digit through our official contact channels.

Privacy contact: contact [at] mfidigit [dot] com

10. Governing Framework

This Privacy Policy is governed by applicable data protection and financial regulations in the jurisdictions where our financial institution clients operate.