Legal

Privacy Policy

Last updated: April 1, 2026

1. Introduction

Loanegyzer (Pty) Ltd ("Loanegyzer", "we", "us", or "our") is committed to protecting the privacy of individuals and organizations who use our platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use the Loanegyzer platform, RentGyzer, GyzerGo, and all associated services.

2. Information We Collect

2.1 Account Information

When you register for our Services, we collect:

  • Full name and contact details (email, phone number, physical address)
  • Organization name and registration details
  • Role and position within your organization
  • Authentication credentials (encrypted and hashed)

2.2 Financial Data

Through your use of the platform, we process:

  • Loan application data, disbursement records, and repayment history
  • Rental billing, payment records, and arrears information
  • Credit scoring inputs and outputs
  • Invoice and receipt records

2.3 Property Data (RentGyzer)

For property management users, we process:

  • Property, building, and unit details including addresses
  • Tenant profiles including identification documents
  • Lease agreements and terms
  • Maintenance requests and work order records
  • Inspection evidence (photos, notes, checklists)
  • Proof of residence certificates

2.4 Device and Usage Data

  • Device type, operating system, and app version
  • IP address and approximate location (for security purposes)
  • Usage patterns and feature interaction analytics
  • Error logs and crash reports (without personally identifiable information)

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve our Services
  • Process financial transactions and generate reports
  • Authenticate users and enforce access controls
  • Send service-related notifications (payment reminders, maintenance updates)
  • Generate aggregated analytics and benchmarks (anonymized)
  • Comply with legal and regulatory requirements
  • Detect and prevent fraud, security incidents, and unauthorized access

4. Data Sharing

We do not sell your personal data. We may share information with:

  • Your Organization: Your Tenant administrator and authorized users within your organization can access data in accordance with their role permissions.
  • Service Providers: Cloud hosting (AWS), email delivery, SMS gateways, and payment processors who process data on our behalf under strict contractual obligations.
  • Regulatory Bodies: When required by law or regulatory order.
  • Credit Bridge (with consent): Rental payment history may be shared with financial institutions for credit assessment purposes, only with explicit tenant consent through our consent management framework.

5. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for data at rest (including mobile SQLite databases)
  • TLS 1.3 encryption for data in transit
  • JWT RS256 token-based authentication with automatic rotation
  • Row-level security and tenant isolation in the database
  • Role-based access control (RBAC) with 9 distinct permission levels
  • Encrypted token storage on mobile devices (Android EncryptedSharedPreferences, iOS Keychain)
  • Regular security audits and penetration testing

6. Data Retention

We retain your data for as long as your account is active and as needed to provide the Services. Upon account termination:

  • Active data is retained for 30 days to allow for reactivation
  • Financial records are retained for 7 years as required by Zambian financial regulations
  • Anonymized analytics data may be retained indefinitely
  • Mobile app local data is deleted on logout (tokens, cache, sync queue, downloaded documents)

7. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Consent Withdrawal: Withdraw consent for data sharing (e.g., Credit Bridge) at any time through the consent management interface.
  • Objection: Object to processing of your data for specific purposes.

8. Cookies and Tracking

Our web applications use essential cookies for authentication and session management. We use Google Analytics for aggregated usage metrics. No advertising cookies or third-party trackers are used.

9. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children.

10. International Data Transfers

Your data may be processed and stored on servers located outside your country of residence, including the United States (AWS infrastructure). We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

12. Contact Us

For privacy-related inquiries or to exercise your rights:

  • Data Protection Officer: [email protected]
  • Address: Suite 504, Anchor House, Cairo Road, Lusaka, Zambia
  • Phone: +260-977-642-633