TZS Loan Privacy Policy

A. TZS Loan Privacy Agreement Overview

This Agreement is entered into by TZS Loan and the registered user of the TZS Loan platform (hereinafter referred to as "User" or "you"), has full contractual effect, and applies to the User and all activities of the User on the TZS Loan platform.

Before you register as a user of the TZS Loan platform, please read all the following terms carefully. By registering, accessing or using the TZS Loan platform, you agree to comply with the following terms when using TZS Loan Services. You promise that you have read, understood and accepted all the terms under this Agreement, and promise to comply with all current laws, regulations, rules and other government requirements, Tanzanian Consumer Law and the Data Privacy Act 2012. You shall bear all legal liabilities arising from the violation of any of the above terms in your own name. If you do not agree to these terms or you do not fully understand any of the terms in this Agreement, please do not continue.

B. Information and permissions that TZS Loan needs to collect.

1.SMS information

How to use: After the user authorizes, the financial SMS of the user is analyzed to facilitate the assessment of the user's credit status and provide personalized loan products and services to the user. For example, personalized loan products and services are provided through "salary arrival SMS" and "transaction amount SMS". For example, the credit status of the user is assessed through "loan overdue SMS" and "payment bill SMS".

Information collected: Financial-related text messages such as salary arrival SMS, transaction amount SMS, loan overdue SMS, payment bill SMS, etc.

Data security: The data is uploaded to https://zp-securec-direct.com/ through encryption technology (https) and is only used for risk control system. After assessing the credit status and formulating personalized loan products and services, we will delete the data to ensure the security of the information. The data will never be shared with third parties without the user's authorization.

2.Basic personal information

How to use: When you use our services, we may collect personal information that is used to identify you or establish contact with you. This information is necessary to provide services, fulfill compliance obligations, and ensure transaction security.

Information collected: We will collect your basic personal data such as name, gender, date of birth, ID number, educational background, marital status, and work status.

Data security: All personal information will be kept strictly confidential and used only in the loan application and approval process. We use industry-standard encryption technology to protect data security during transmission and storage to ensure that no unauthorized access or disclosure occurs.

3.Bank account information

How to use: Used to complete loan application and disburse loan funds, repayment operations and fund management after approval.

Information collected: We will collect your bank account name, bank account number, bank name and other information.

Data security: Bank account information is only used for loan issuance and repayment, and all data is processed through encryption technology and not shared with any third party. We ensure that your bank account information is stored securely and follows strict privacy protection standards.

4.Calendar Information

How to use: Used to provide you with repayment reminders and personalized service notifications.

Information collected: We will access your calendar data, including events and reminders you have set.

Data security: Calendar information is only used to provide relevant services, and all data is encrypted to prevent unauthorized access.

5.Camera permissions

How to use: It is used to take photos and upload ID card photos and face recognition to help you quickly complete the information filling in the loan application.

Information collected: We will use a camera to take a picture of your identification document (such as ID card, face, etc.).

Data security: The captured files will be encrypted and used only for identity verification. All file data will be stored securely and will not be used for other purposes, strictly following the privacy protection policy.

6.Location Information

How to use: When you apply for a loan, we will request access to your location information to verify whether the address information you provide is accurate. We can also match loan products and services that are more suitable for users based on location information.

Information collected: Residential address and other relevant location information.

Data security: Location information is only used for verification services and will be processed through encryption technology and uploaded to https://zp-securec-direct.com/. We will not share location information with any third party to ensure your privacy.

7.Device Information

How to use: We will collect your device information when you use the app to help us determine whether the device meets security standards and prevent unfair fraud.

Information collected: We will collect device information, including device model, operating system version, device unique identifier and other information.

Data security: Device information is used to verify device security and prevent fraud. All data will be processed on the local device and stored in encrypted form to ensure data security.

8.AppList Information

How to use: During your loan application process, in order to ensure the security of your account and loan funds, we need to analyze the installed applications on your device to prevent fraudulent software or virus software from stealing user account information for false loan applications to ensure the safety of user funds.

Information collected: App name, installation time, App version number, update time and other information.

Data security: Data is uploaded to https://zp-securec-direct.com/ through encryption technology (https), and is only used to evaluate whether there is a fraud risk when the user submits a loan application and then delete the data. Personal privacy data in other apps of users (such as file information, usage logs, account information) will not be accessed.

C. TZS Loan Personal Information Protection Policy

1.Purpose of Data Processing

All operations comply with national laws and financial regulations. Core purposes include:

Core Services

- Account registration, identity verification, transaction processing, and financial product applications (e.g., loans, payments) to deliver seamless services.

Security & Risk Control

- Prevent fraud, identity theft, and money laundering through identity authentication, device recognition, and risk modeling.

Legal Compliance

- Submit anti-money laundering (AML) reports to regulators, assist judicial investigations, or fulfill tax obligations.

Service Notifications

- Send account alerts (e.g., unusual logins), transaction confirmations, and repayment reminders via SMS, email, or in-app messages.

2.Service Optimization

With user authorization, we may use data to improve services:

User Experience: Analyze behavior (e.g., usage frequency, logs) to refine interfaces and offer personalized features (e.g., credit limit adjustments).

Feedback & Support: Conduct satisfaction surveys and resolve complaints or technical issues efficiently.

3. Anonymized Data Usage

De-identified Data

Employ hashing or masking to anonymize information for internal research, risk model training, or industry trend analysis (non-traceable to individuals).

Aggregate Statistics

Share anonymized trends (e.g., regional user distribution) with partners—never personally identifiable data.

4. Privacy Safeguards

Data Masking: Sensitive details (e.g., ID/bank card numbers) are partially displayed (e.g., "6228****").

Access Controls: Strict employee/third-party permissions; critical operations require dual approvals and full audit logs.

5. New Processing Purposes

For unlisted uses (e.g., new features), we will:

Notify you via pop-up, SMS, or email, detailing the purpose and impact;
Proceed only after obtaining explicit consent.

Note: Opting out may limit certain functionalities (e.g., credit assessments) but won’t affect existing services.

D.How We Retain, Share, Transfer, and Disclose Your Personal Information

1. Retention of Your Personal Information

We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Policy. The retention period depends on:

Legal obligations (such as compliance with applicable laws)
Dispute resolution requirements
Enforcement of our legal agreements and policies

For internal analytics, we generally retain data for shorter periods unless needed for:

Enhancing service security
Improving our services' functionality
Complying with extended retention requirements under law

Unless legally required, we will delete or anonymize your information within 1 year after you stop using our services.

2. Sharing Your Personal Information

We may share your information in these specific circumstances:

With service providers: We share necessary information with vendors who assist with service monitoring, analytics, and user communications. All providers must adhere to strict data protection agreements.
With affiliated companies: When sharing with our parent company, subsidiaries, or jointly controlled entities, we require them to follow this Privacy Policy.
With business partners: We may share information to offer you specific products, services, or promotions, limited to what's necessary for these purposes.
With other users: Information you share in public areas or through third-party social media services may be visible to others, including your name, profile, activities, and photos.
With your consent: We may disclose your information for other purposes when you explicitly agree.

3. Transfer of Your Personal Information

We do not transfer your personal information except in these cases:

When you give explicit consent for specific transfers
When required by law, legal processes, or government/regulatory demands
During mergers, acquisitions, or bankruptcy proceedings, where we either:

Require the receiving party to continue following this policy, or
Ensure they obtain fresh consent from you

4. Public Disclosure of Your Personal Information

We only make public disclosures when:

You expressly consent to disclose specified information
Legally required through court orders, litigation, or government requests (we carefully review all such requests for legal validity and limit disclosures to the minimum necessary)

5. Exceptions Requiring No Prior Authorization

Under relevant laws and regulations, we may share, transfer, or disclose information without consent when:

Necessary to fulfill legal obligations
Related to national security or defense
Concerning public safety, health, or major public interests
Required for criminal investigations, prosecutions, or court proceedings
Essential to protect vital interests (life/property) when consent cannot be obtained
The information is already publicly available through your own disclosure or legitimate public channels

We have implemented appropriate safeguards throughout all of these processes to protect your information. If you have any questions about these measures, please contact our Data Protection Officer at ZP-SECURED-DIRECT@outlook.com.

E. How We Protect Your Personal Information

Technical and Organizational Security Measures

We prioritize the security of your personal data and implement all reasonably feasible measures to protect it:

1. Technical Security Measures

We employ industry-standard security technologies to prevent unauthorized access, alteration, leakage, damage, or loss of your information:

Encryption:

Sensitive data is stored using advanced encryption.
Transactions and personal information are safeguarded through security policies, processes, and network architecture.

Network Security:

TLS protocols and HTTPS encryption secure data transmission.
Ensures safe browsing and protects information during transfer.

Data Masking:

Techniques like hashing and content replacement anonymize data used for display or analytics.

Malware Protection:

Regular white-box/black-box security testing.
Intrusion detection and prevention systems block malicious attacks.

2. Additional Safeguards

We enforce strict protocols for data storage and usage:

Access Control:

Multi-factor authentication and role-based permissions.
Confidentiality agreements for personnel and third parties.
Continuous monitoring and auditing of access logs.

Security Audits:

Routine code reviews and log analyses to identify vulnerabilities.

Dedicated Teams:

An Information Security Committee oversees compliance.
Trained staff handle incidents and privacy protection.

Employee Training:

Regular workshops on data security best practices.

3. Incident Response

Breach Protocols:

Immediate action to mitigate risks if systems are compromised.
Legal accountability for any impact on your rights.

User Notification:

Prompt alerts about incidents via email, phone, or in-app notices.
Details include: nature of the event, potential effects, remedial steps, and protective actions.
Public announcements if individual outreach isn’t feasible.
Regulatory reporting as required.

Reporting Issues:

4. Data Retention

Duration:

Information is kept only as long as necessary for stated purposes or to meet legal/regulatory obligations.
Post-account closure, data is retained for up to one month before deletion/anonymization (unless extended by law).

Service Termination:

Data collection ceases when you stop using our services.
For business discontinuation:

Advance 30-day notice to users.
Full erasure or anonymization of data afterward.

Commitment:

While no system is 100% secure, we continuously update our defenses to protect your information. For concerns, reach out to our Data Protection Team.

Note: "Anonymization" refers to irreversible data processing that prevents re-identification.

F. Cookies and Tracking Technologies

1. What are Cookies and Tracking Technologies?

Cookies are small text files that are stored on your device when you use the App. They help us recognize your device and collect certain data related to your usage of the App. In addition to cookies, we may also use other tracking technologies such as web beacons (small graphic images), pixel tags, and local storage to enhance your experience and gather usage information.

2. Purpose of Cookies and Tracking Technologies

We use cookies and similar tracking technologies for the following purposes:

Personalization: To remember your preferences and settings across sessions, so you don’t need to re-enter information every time you use the App.
Analytics: To collect data about your usage of the App, such as which pages you visit, how long you stay, and which features you use. This data helps us analyze trends, monitor performance, and improve the App.
Advertising: To deliver personalized advertisements that are relevant to you based on your preferences and behavior. These ads may be displayed within the App or on third-party platforms.
Session Management: To ensure the security and smooth operation of your session, and to manage user authentication and authorization.

3. Your Choices Regarding Cookies

Managing Cookies: You can control the use of cookies in your device settings or browser settings. Most browsers allow you to block or delete cookies. However, please note that if you disable cookies, certain features of the App may not work as intended.

Opting Out of Personalized Advertising: If you do not wish to receive personalized ads, you can opt-out by adjusting the settings within the App or by using your device’s privacy settings to disable ad tracking. Additionally, you can visit the Digital Advertising Alliance’s opt-out page to manage advertising preferences.

4. Third-Party Tracking

We may also work with third-party advertisers, analytics providers, and other business partners who may use cookies or similar technologies to collect information about your use of the App and other online services. These third parties may use this information to provide more relevant ads or analyze user behavior.

G. Children’s Privacy

1. Our Commitment to Protecting Children’s Privacy

We understand the importance of protecting the privacy of children. Our services are not intended for children under the age of 18, and we do not knowingly collect personal information from anyone under the age of 18.

2. What Information Do We Collect from Children?

If we learn that we have inadvertently collected personal information from a child under the age of 18, we will take immediate steps to delete that information. If you are a parent or guardian and believe we have collected personal information from a child under 18, please contact us at ZP-SECURED-DIRECT@outlook.com, and we will take appropriate action.

3. Parental Control and Rights

If you are a parent or guardian and you believe that your child has provided personal information to us, you can:

Request access to the information that we have collected.
Request that we delete the personal information collected from your child.
Withdraw any consent given for the collection and use of your child’s information.

We will take all necessary steps to ensure that any information collected from children complies with applicable privacy laws, such as the Children's Online Privacy Protection Act in Tanzania or similar laws in other regions.

F. Your personal rights

Access your personal data in possession of the Platform;
Revoke the consent to the processing of your personal data, revise and/or delete the personal data in possession of the Platform unless the conservation of the said data is mandatory by laws and regulations, without retroactive effects, in all those cases in which such revocation, revision, and deletion do not imply the impossibility of fulfilling obligation derived from a current legal relationship between you and the Platform or when it comes to non-necessary purposes.

The exercise of the aforementioned rights must be carried out in writing by email to the following email address: ZP-SECURED-DIRECT@outlook.com. After the application has been submitted in the aforementioned terms, the Platform will issue the adopted determination.

G. Security & Privacy Declaration

At TZS Loan, we prioritize your privacy and data security. Below are our commitments and measures to ensure transparency, safety, and confirmation that our service is not spyware or malware:

1. No Spyware Guarantee

Our application does not contain spyware, malware, or adware.
We do not secretly monitor your activities or collect personal data without authorization.

2. Transparent Data Practices

We collect only essential data required to deliver and improve our services.
All data collection is performed with your knowledge and explicit consent, in strict compliance with our Privacy Policy.

3. User Control & Consent

Clear consent mechanisms: You grant permission before any data processing.
Full control: Manage your data anytime via:
- In-app settings (Deleting or canceling your account).
- Direct requests to our support team.
Right to withdraw consent at any time (without affecting prior lawful processing).

4. Robust Security Measures

Encryption: Industry-standard protocols (e.g., TLS/SSL, AES-256) protect your data.
Access controls: Strict authentication and role-based permissions.
Regular audits: Security testing and compliance checks to uphold data integrity.

5. Legal Compliance & Audits

We adhere to Tanzanian data protection laws and global privacy standards (e.g., GDPR principles).
Third-party audits ensure alignment with industry best practices.

6. Support & Contact

For questions or concerns:

Email: ZP-SECURED-DIRECT@outlook.com
Response time: We aim to resolve inquiries within 48 hours.

H. Changes to This Privacy Policy

1. Ongoing Updates

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. Any updates will be communicated through the App or via email, with a clear indication of the changes. The revised Privacy Policy will become effective immediately upon publication or on the date specified in the update.

2. Notification of Changes

In - App Notification: If there are significant changes to this Privacy Policy, such as changes in how we use or share your personal information, we will notify you within the App itself. This notification may appear as a pop - up message or banner.

Email Notification: If you have provided your email address, we may send you an email notification about important updates to the Privacy Policy, particularly if the changes affect your rights or the way we handle your information.

3. Your Continued Use of the App

By continuing to use the App after any modifications to this Privacy Policy, you are indicating your acceptance of the updated terms. If you do not agree with the changes, you can stop using the App, delete your account, and contact us to request the deletion of any personal information we may hold.

4. Reviewing the Privacy Policy

We recommend that you regularly review this Privacy Policy to stay informed about how we are protecting your personal information. The most recent version of the Privacy Policy will always be available in the "Privacy Policy" section within the App or on our website.

I. Contact Us

If you have any questions regarding this Privacy Policy or how we handle your personal data, please don't hesitate to reach out to our Data Protection Team:

Email: ZP - SECURED - DIRECT@outlook.com

Official Website: https://zp - securec - direct.com/