image

Privacy Policy

Effective Date: January 1, 2026

1. Introduction

Ognimohub, a pioneering IT Company, Digital Marketing Company, and FinTech Agency, is committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how Ognimohub (referred to as "we," "us," or "our") collects, uses, stores, shares, and protects your personal data when you use our cross-platform Mobile Financial Services (MFS) solution, including our User App, Agent App, Merchant App, website, and related services (collectively, the "Services").

We understand the importance of transparency and accountability in handling your data, especially in the sensitive financial services sector. This policy is designed to be comprehensive, clear, and compliant with leading international and regional data protection regulations, including but not limited to:

  • General Data Protection Regulation (GDPR) (EU 2016/679)
  • California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
  • Lei Geral de Proteção de Dados (LGPD) (Brazil)
  • Personal Information Protection and Electronic Documents Act (PIPEDA) (Canada)
  • Protection of Personal Information Act (POPIA) (South Africa)
  • Data Protection Act (DPA) (Kenya)
  • Other relevant data protection laws in jurisdictions where Ognimohub operates or offers its Services.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with the terms of this policy, please do not use our Services.


2. Who We Are

Ognimohub is an IT Company, Digital Marketing Company, and FinTech Agency dedicated to transforming financial interactions through seamless, secure, and scalable digital financial transactions. Our Services include mobile and web applications designed for users, agents, and merchants, facilitating payments, money transfers, virtual card management, and a comprehensive suite of other financial services.

Our Contact Information:

Ognimohub Agency Address: PR89+2WP, Pioneer House, Kenyatta Avenue, Nairobi, Kenya

Email: support@ognimohub.com

Phone: +254 745 497444


3. Data Protection Officer (DPO)

To ensure our commitment to data privacy and compliance with relevant regulations, Ognimohub has appointed a Data Protection Officer (DPO). Our DPO is responsible for overseeing our data protection strategy and implementation, ensuring compliance with GDPR and other applicable privacy laws. If you have any questions about this Privacy Policy or our data protection practices, you can contact our DPO at:

Email: dpo@ognimohub.com 


4. Principles of Data Processing

We adhere to the following fundamental principles when processing your personal data:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and in a transparent manner in relation to the data subject.
  • Purpose Limitation: We collect personal data for specified, explicit, and legitimate purposes and do not further process it in a manner that is incompatible with those purposes.
  • Data Minimization: We ensure that personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  • Accuracy: We take every reasonable step to ensure that personal data is accurate and, where necessary, kept up to date. Inaccurate personal data is erased or rectified without delay.
  • Storage Limitation: We keep personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and Confidentiality (Security): We process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
  • Accountability: We are responsible for, and able to demonstrate compliance with, the aforementioned principles.


5. Types of Data We Collect

We collect various types of information to provide and improve our Services. The data we collect can be broadly categorized as follows:

5.1. Personal Information

This includes data that can be used to identify you directly or indirectly. We collect the following categories of personal information:

  • Name: For account creation, identification, and personalization of services.
  • Email Address: For account creation, communication, notifications, and password recovery.
  • User IDs: Unique identifiers assigned to your account for internal management and service delivery.
  • Address: For identity verification, fraud prevention, and compliance with financial regulations.
  • Phone Number: For account creation, multi-factor authentication, communication, and transaction notifications.

Purpose of Collection for Personal Information:

  • App functionality: To enable core features of our Services, such as account access, transaction processing, and user identification.
  • Developer communications: To send you important updates, service announcements, and support messages.
  • Fraud prevention, security, and compliance: To verify your identity, detect and prevent fraudulent activities, and comply with Anti-Money Laundering (AML) and Know Your Customer (KYC) regulations.
  • Account management: To manage your account, provide customer support, and facilitate account-related requests.

5.2. Financial Information

Given the nature of our Services, we collect sensitive financial information to facilitate transactions and ensure compliance.

  • User Payment Info: This may include details related to your linked bank accounts, debit/credit cards, or mobile money wallets. We do not store full payment card numbers on our servers; instead, we use tokenization through PCI DSS compliant payment gateways.
  • Purchase History: Records of your transactions, payments made, and services utilized through Ognimohub.
  • Credit Score: In certain instances, and with your explicit consent where required, we may access your credit score for specific financial services like microfinance or loan eligibility assessments.

Purpose of Collection for Financial Information:

  • App functionality: To process payments, facilitate money transfers, and enable other financial transactions.
  • Fraud prevention, security, and compliance: To monitor transactions for suspicious activity, comply with financial regulations, and protect against financial crime.
  • Account management: To provide you with a detailed transaction history and manage your financial activities within the app.

5.3. Files and Documents

  • Files and Docs (Optional): This may include identity documents (e.g., national ID, passport), proof of address (e.g., utility bills), or other documents required for KYC verification, enhanced due diligence, or specific service applications.

Purpose of Collection for Files and Documents:

  • App functionality: Primarily for identity verification (KYC), compliance with regulatory requirements, and enabling access to certain financial services.

5.4. Messages

We collect information related to your communications with us and through our platform.

  • Emails (Optional): Content of emails sent to or received from our support team, or transactional emails generated by the app.
  • SMS or MMS (Optional): Content of SMS/MMS messages related to transaction confirmations, OTPs (One-Time Passwords), or marketing communications (with consent).
  • Other In-App Messages (Optional): Communications within the app, such as chat support or notifications.

Purpose of Collection for Messages:

  • App functionality: To provide customer support, send transaction alerts, and facilitate secure communication.
  • Advertising or marketing: To send promotional offers and updates, where you have provided consent.
  • Account management: To assist with account-related inquiries and provide service information.

5.5. App Info and Performance

We collect technical data about your use of our Services to ensure optimal performance and security.

  • Crash Logs: Records of application crashes and errors.
  • Diagnostics: Technical data about the app's performance, stability, and usage patterns.
  • Other App Performance Data: Information related to app loading times, feature usage, and overall responsiveness.

Purpose of Collection for App Info and Performance:

  • Analytics: To understand how our app is used, identify areas for improvement, and optimize user experience.
  • Fraud prevention, security, and compliance: To detect and diagnose technical issues that could impact security or lead to fraudulent activities.

5.6. App Activity

We monitor your interactions within the app to enhance functionality and personalize your experience.

  • App Interactions (Optional): Information about how you interact with various features and sections of the app.
  • In-App Search History (Optional): Records of your search queries within the app.

Purpose of Collection for App Activity:

  • App functionality: To personalize your experience, recommend relevant services, and improve navigation.
  • Analytics: To understand user behavior and optimize app design and features.

5.7. Contacts

  • Contacts (Optional): With your explicit permission, we may access your device's contact list.

Purpose of Collection for Contacts:

  • App functionality: To facilitate features like sending money to contacts or inviting friends to use Ognimohub. We only access contacts you explicitly select for these specific actions.

5.8. Photos and Videos

  • Photos (Optional): With your explicit permission, we may access your device's photo gallery.

Purpose of Collection for Photos:

  • App functionality: To allow you to upload profile pictures or attach images for support inquiries or KYC verification (e.g., uploading a photo of an ID document).
  • Account management: To personalize your profile or assist with verification processes.


6. How We Use Your Data

We use the collected data for various purposes, primarily to provide, maintain, protect, and improve our Services, and to develop new ones. Our use of your data is always based on a lawful basis, as required by GDPR and other privacy regulations.

6.1. Lawful Bases for Processing

We process your personal data based on one or more of the following lawful bases:

  • Performance of a Contract: Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (e.g., providing financial services, processing transactions).
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject (e.g., AML/KYC regulations, tax reporting, fraud prevention).
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (e.g., improving our Services, ensuring security, marketing our services to existing customers). We conduct a legitimate interest assessment (LIA) to ensure your rights are protected.
  • Consent: You have given explicit consent to the processing of your personal data for one or more specific purposes (e.g., for optional marketing communications, accessing your contacts). You have the right to withdraw your consent at any time.

6.2. Specific Use Cases

  • To Provide and Maintain Our Services: This includes enabling you to add/send money, make payments, recharge mobile/airtime, cash out, perform bank transfers, access microfinance, use virtual cards, pay utility bills, make donations, pay education fees, and manage investments.
  • To Process Transactions: Facilitating all financial transactions initiated through our User, Agent, and Merchant Apps.
  • To Personalize Your Experience: Customizing content, offers, and features based on your usage patterns and preferences.
  • To Improve and Develop New Services: Analyzing usage data, crash logs, and performance metrics to enhance existing features and develop innovative financial solutions.
  • For Security and Fraud Prevention: Implementing robust security measures, verifying identities, detecting suspicious activities, and protecting against unauthorized access, fraud, and other illegal activities. This includes compliance with AML and KYC obligations.
  • For Communication: Sending transactional notifications, security alerts, customer support messages, and, with your consent, marketing and promotional materials.
  • For Customer Support: Responding to your inquiries, resolving issues, and providing assistance related to our Services.
  • For Compliance with Legal and Regulatory Obligations: Adhering to applicable laws, regulations, court orders, and governmental requests, including reporting obligations to financial authorities.
  • For Business Operations: Managing our business, including accounting, auditing, internal reporting, and other administrative functions.


7. Data Sharing and Disclosure

Ognimohub does not share user data with other companies or organizations for their independent marketing or commercial purposes. We are committed to protecting your privacy and ensuring that your data is not sold or rented to third parties.

However, in order to provide our Services effectively and comply with legal obligations, we may share your data with the following categories of recipients, strictly under contractual agreements that mandate data protection and confidentiality:

  • Payment Service Providers (PSPs) and Financial Institutions: To facilitate transactions (e.g., Stripe, PayPal, banks for transfers, mobile money operators). These entities are bound by their own privacy policies and regulatory requirements.
  • Identity Verification and Fraud Prevention Services: Third-party providers that assist us in verifying your identity, conducting KYC checks, and detecting fraudulent activities.
  • Cloud Hosting and Infrastructure Providers: Services that provide secure data storage, computing power, and network infrastructure (e.g., AWS, Azure, Google Cloud).
  • Customer Support and Communication Platforms: Tools that help us manage customer inquiries and send transactional or marketing communications.
  • Analytics Providers: Services that help us understand app usage and performance (e.g., Google Analytics for Firebase), but typically with aggregated or anonymized data where possible.
  • Professional Advisors: Lawyers, auditors, and consultants who provide professional services to Ognimohub and are bound by confidentiality obligations.
  • Law Enforcement and Regulatory Authorities: When legally required to do so, in response to a valid subpoena, court order, or other legal process, or to comply with AML/KYC regulations.
  • Affiliates and Subsidiaries: Data may be shared within the Ognimohub corporate family for internal administrative purposes, service delivery, and business operations, provided they adhere to this Privacy Policy.
  • In the Event of a Business Transfer: If Ognimohub is involved in a merger, acquisition, or asset sale, your personal data may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal data.

Data shared with these third parties is limited to what is necessary for them to perform their designated functions and is subject to strict contractual obligations to protect your data and comply with applicable data protection laws. We conduct due diligence on all third-party service providers to ensure they meet our security and privacy standards.


8. International Data Transfers

Ognimohub operates globally, and your personal data may be processed, stored, and transferred to countries outside of your country of residence, including countries within the European Economic Area (EEA) and countries outside the EEA (e.g., Kenya where Ognimohub is based, or the United States where some cloud service providers may be located).

When we transfer your personal data internationally, we take appropriate safeguards to ensure that your data remains protected in accordance with this Privacy Policy and applicable data protection laws. These safeguards may include:

  • Standard Contractual Clauses (SCCs): Implementing SCCs approved by the European Commission or other relevant authorities for transfers to countries not deemed to provide an adequate level of data protection.
  • Adequacy Decisions: Relying on adequacy decisions by the European Commission or other relevant authorities, which recognize that a country provides an adequate level of data protection.
  • Binding Corporate Rules (BCRs): For transfers within our corporate group, if applicable.
  • Consent: Obtaining your explicit consent for specific transfers, where other safeguards are not applicable or feasible.

We ensure that any third-party service providers involved in international data transfers also adhere to these safeguards.


9. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period for different types of data varies depending on:

  • The nature of the data: Some data, like transaction records, may have longer statutory retention periods.
  • The purpose of collection: Data collected for account management will be retained as long as your account is active.
  • Legal and regulatory obligations: Financial regulations (e.g., AML laws) often require us to retain certain data for a specified period (e.g., 5-7 years after the business relationship ends).
  • Dispute resolution and legal claims: We may retain data for longer periods if there is an ongoing dispute or potential legal claim.

Once the retention period expires, your personal data will be securely deleted, anonymized, or aggregated in a manner that prevents re-identification, unless further retention is required by law or for legitimate business purposes.


10. Data Security

Ognimohub is committed to protecting your personal data from unauthorized access, alteration, disclosure, or destruction. We implement robust technical and organizational security measures, including:

  • Encryption in Transit: Your data is transferred over secure connections using industry-standard encryption protocols (e.g., TLS/SSL) to protect it during transmission.
  • Encryption at Rest: Where appropriate, sensitive data is encrypted when stored on our servers.
  • Two-Factor Authentication (2FA): We offer and encourage the use of 2FA for user, agent, and merchant accounts to add an extra layer of security.
  • Access Controls: Strict access controls are in place to limit access to personal data only to authorized personnel who have a legitimate business need to access it.
  • Regular Security Audits and Penetration Testing: We regularly conduct security assessments to identify and address vulnerabilities.
  • Firewalls and Intrusion Detection Systems: To protect our network infrastructure from external threats.
  • Data Backup and Recovery: Regular backups are performed to prevent data loss, and we have disaster recovery plans in place.
  • Employee Training: Our employees receive regular training on data protection, privacy, and security best practices.
  • Physical Security: Our data centers and physical infrastructure are protected by appropriate physical security measures.

While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.


11. Your Data Protection Rights

Depending on your jurisdiction and applicable data protection laws (e.g., GDPR, CCPA, LGPD, PIPEDA), you may have the following rights regarding your personal data:

  • Right to Information/Access: You have the right to request confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and information regarding the processing.
  • Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data concerning you.
  • Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected, or if you withdraw consent and there is no other legal ground for processing). We provide a way for you to request that your data be deleted.
  • Right to Restriction of Processing: You have the right to request the restriction of processing of your personal data under certain conditions (e.g., if you contest the accuracy of the data, or if the processing is unlawful).
  • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.
  • Right to Object: You have the right to object to the processing of your personal data under certain circumstances, particularly when processing is based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you believe that the processing of your personal data infringes applicable data protection laws.
  • Rights related to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain exceptions apply.

How to Exercise Your Rights: To exercise any of these rights, please contact us using the contact details provided in Section 2 or by contacting our DPO as specified in Section 3. We will respond to your request in accordance with applicable data protection laws. We may need to verify your identity before processing your request.


12. Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected personal data from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible. If you believe that a child under 18 has provided us with personal data, please contact us immediately.


13. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to the practices of third parties. We encourage you to review the privacy policies of any third-party sites or services you visit. We are not responsible for the content, privacy policies, or practices of any third-party websites or services.


14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technological advancements. We will notify you of any material changes by posting the new Privacy Policy on our website and within our apps, and by updating the "Effective Date" at the top of this policy. We may also notify you through other means, such as email, if required by law. We encourage you to review this Privacy Policy periodically for any changes. Your continued use of our Services after any modifications to this Privacy Policy will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

Address: PR89+2WP, Pioneer House, Kenyatta Avenue, Nairobi, Kenya

Email: support@ognimohub.com

Phone: +254 745 497444

Data Protection Officer (DPO): Email: dpo@ognimohub.com

This site uses cookies

We may utilize cookies when you access our website, including any related media platforms or mobile applications. These technologies are employed to enhance site functionality and optimize your interactions with our services.

View More