Privacy Policy

Last updated: March 15, 2026

1. Introduction

TumiaX ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our asset-backed credit platform and services.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the platform or use our services.

2. Information We Collect

2.1 Personal Identification Information

For KYC compliance and account verification, we collect:

  • Full name and email address
  • Phone number
  • Date of birth
  • Government-issued ID information (passport, national ID, driver's license)
  • Biometric data (selfie photographs for identity verification)
  • Residential address and proof of address documents
  • Tax identification number (where applicable)

2.2 Asset Information

To evaluate and secure credit, we collect detailed information about your assets:

  • Asset type and detailed description
  • Purchase price, date, and proof of purchase
  • Title deeds, registration documents, and ownership certificates
  • Photographs and videos of assets
  • Serial numbers, VIN numbers, and unique identifiers
  • Location data (GPS coordinates of assets)
  • Valuation reports and condition assessments
  • Insurance policy details and documents

2.3 Financial Information

For credit assessment and transaction processing:

  • Bank account details for withdrawals
  • Mobile money wallet information
  • Transaction history and spending patterns
  • Credit utilization and repayment history
  • Income and employment information

2.4 Technical and Usage Data

Automatically collected information:

  • Device information (IP address, browser type, operating system)
  • App usage statistics and interaction data
  • Location data (for fraud prevention and asset verification)
  • Cookies and similar tracking technologies
  • Log data and error reports

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Platform Operations

  • Create and manage your account
  • Process KYC/AML verification
  • Verify asset ownership and authenticity
  • Calculate credit limits based on asset valuation
  • Process credit transactions, repayments, and withdrawals
  • Send service notifications and updates

3.2 Risk Management

  • Assess creditworthiness and repayment capacity
  • Monitor for suspicious activities and potential fraud
  • Track asset conditions and valuations over time
  • Detect and prevent unauthorized asset transfers
  • Calculate risk scores and credit utilization

3.3 Legal and Compliance

  • Comply with anti-money laundering regulations
  • Maintain records as required by financial regulators
  • Respond to lawful requests from authorities
  • Enforce our Terms of Service and agreements
  • Establish, exercise, or defend legal claims

3.4 Asset Recovery

  • Locate and recover collateral assets in default cases
  • Coordinate with law enforcement or recovery agents
  • Verify asset condition and location during recovery
  • Document recovery proceedings for legal purposes

4. Data Security

We implement comprehensive security measures to protect your personal and asset information:

  • Encryption: All sensitive data encrypted at rest (AES-256) and in transit (TLS 1.3)
  • Access controls: Strict role-based access to personal information
  • Field-level encryption: Highly sensitive fields (ID numbers, financial data) encrypted individually
  • Regular audits: Security assessments and penetration testing
  • Fraud monitoring: Real-time detection of suspicious activities

While we implement industry-leading security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but will promptly notify you of any data breaches affecting your information.

5. Data Retention

5.1 Active Accounts

We retain your information for as long as your account is active or as needed to provide services. This includes retention throughout the life of any credit agreements secured by your assets.

5.2 Inactive Accounts

If your account becomes inactive (no logins for 24 months), we may archive your data. You will be notified before any archiving occurs.

5.3 Account Deletion and Outstanding Obligations

⚠️ IMPORTANT: Outstanding Debt

If you have outstanding credit balances, your data cannot be fully deleted until all obligations are satisfied. Your information will be retained as necessary to:

  • Enforce the credit agreement
  • Locate and recover collateral assets if default occurs
  • Comply with legal and regulatory requirements
  • Maintain audit trails for financial transactions

5.4 Post-Closure Retention

After account closure (with no outstanding obligations), we retain:

  • Transaction records: 7 years (regulatory requirement)
  • KYC documents: 5 years after account closure
  • Asset records: 3 years after asset release
  • Communication logs: 2 years

After these periods, data is permanently anonymized or deleted.

6. Sharing Your Information

We do not sell, trade, or rent your personal information. We may share information with:

6.1 Service Providers

  • KYC verification partners (identity verification)
  • Cloud infrastructure providers (data hosting)
  • Valuation service providers (asset appraisals)
  • Payment processors (transaction handling)
  • Insurance partners (if you purchase insurance)

All service providers are contractually bound to protect your data and use it only for the specified services.

6.2 Legal and Regulatory

  • Financial regulators for compliance audits
  • Law enforcement when required by law
  • Courts and tribunals in legal proceedings
  • Tax authorities as required by law

6.3 Recovery Agents

In the event of default, we may share necessary information with:

  • Collection agencies
  • Asset recovery specialists
  • Legal counsel
  • Credit bureaus (reporting default)

You will be notified of such sharing where required by law.

6.4 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change in ownership.

7. Your Rights

You have the following rights regarding your personal information:

✅ Right to Access

Request a copy of your personal data

✅ Right to Rectification

Correct inaccurate or incomplete data

✅ Right to Erasure

Request deletion (subject to outstanding obligations)

✅ Right to Restriction

Limit processing of your data

✅ Right to Portability

Receive data in structured, machine-readable format

✅ Right to Object

Object to processing based on legitimate interests

To exercise these rights, please contact us at privacy@tumiax.com. We will respond within 30 days.

Note: Rights may be limited where data is necessary for ongoing credit agreements, legal obligations, or fraud prevention.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place through standard contractual clauses and data processing agreements.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and preferences
  • Analyze platform usage and performance
  • Detect fraud and security threats
  • Remember your login information

You can control cookies through your browser settings. Disabling cookies may affect platform functionality.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without verification of parental consent, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes through:

  • Email notification to your registered address
  • Prominent notice on the platform
  • In-app notifications

The "Last updated" date at the top of this page will reflect the most recent changes. Your continued use after changes constitutes acceptance of the updated policy.

12. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection practices. You can contact our DPO at:

Email: dpo@tumiax.com

Address:
Data Protection Officer
TumiaX Limited
Plot No. 123, Samora Avenue
Dar es Salaam, Tanzania

13. Complaints

If you believe we have violated your privacy rights, you have the right to lodge a complaint with:

  1. TumiaX first – we will investigate and respond within 30 days
  2. The relevant data protection authority in your jurisdiction

You may also seek judicial remedy if you believe your rights have been infringed.

14. Contact Information

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Privacy Inquiries

Email: privacy@tumiax.com

Data Protection Officer: dpo@tumiax.com

Phone: +255 123 456 789

Address:
TumiaX Limited
Plot No. 123, Samora Avenue
Dar es Salaam, Tanzania

By creating an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.