Tuma Loan Privacy Policy

1. Introduction

a) About Us

Tuma Loan is a mobile lending application operated by FUTURIS TECH LIMITED [Registration No: PVT-EY13PPP3]. We are committed to providing fast and convenient personal loan services to residents of Kenya.
FUTURIS TECH LIMITED is a legally registered company in Kenya.
This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our mobile application (the "App"), our official website (http://www.futurisltd.com), or related services (collectively, the "Services").
We strictly adhere to the Kenya Data Protection Act (2019), the Digital Credit Providers Regulations, and the Google Play Financial Services Policy, ensuring transparent, lawful, and user-first privacy practices.

b) Purpose of This Policy

This Privacy Policy aims to clearly and transparently explain how we handle your personal data. Our commitment is to data minimization, transparency, and user control as required by the Google Play Store policies.

c) Scope

This policy applies to all data collected through the Tuma Loan App, the website (http://www.futurisltd.com), and related services. It does not cover information collected offline.

d) User Consent

By using our Services, you agree to the terms of this Privacy Policy. If you do not agree, you may still access non-core functions, but you will not be able to access identity-authenticated core services. We ensure informed consent through clear notices and opt-in mechanisms, in compliance with Google Play's user consent requirements.

2. Data Collection & Permissions

To provide loan services, verify identity, and comply with Kenya's KYC and AML regulations, we collect the following data:

a) SMS Permission

Purpose:

• To detect legitimate financial transaction alerts (such as bank messages and mobile money notifications) that help us verify your income level, assess creditworthiness, and prevent fraud.

What We Collect:

• We only analyze SMS messages that match predefined financial keywords or patterns (such as bank transaction alerts, salary notifications, and mobile money receipts).
• Non-financial SMS messages are never accessed, read, analyzed, stored, or transmitted.

How it works:

• ● When you grant SMS permission, the App first performs an on-device keyword pattern check.
• ● Only SMS messages that match our financial keyword rules are selected.
• ● If a message matches the financial pattern, only the relevant financial content is securely transmitted via HTTPS (TLS 1.3) to our server (https://data.tumaloans.com) for credit and fraud risk evaluation.
• ● Messages not matching financial keywords are ignored and never leave your device.
• ● We do not upload full SMS inbox content, personal messages, OTPs, or private conversations.

Your Choice and Control:

• ● Before SMS permission is requested, the App shows a clear and prominent disclosure explaining what data will be scanned, what will be uploaded, and why.
• ● You may choose “Disagree” and continue using basic App features such as viewing loan terms.
• ●You may revoke SMS permission at any time through Android Settings.
• ● Please note: Without SMS permission, we may not be able to verify your income or complete credit assessment, which may limit loan approval.

b) Location

This feature requires Android location permission.

We use your approximate location to:

• ● Confirm you are within Kenya, ensuring we only offer regulated services where we are licensed.
• ● Help our risk engine assign region-specific loan terms and fraud detection rules.

How it works:

• ● Location is retrieved only while the app is in the foreground (no background tracking).
• ●We only collect your approximate location.
• ● Data is encrypted in transit and auto-deleted after 90 days.

Your Control:

• ● You can grant or deny location permission when prompted.
• ●Denial may limit our ability to confirm your eligibility, but you can still browse the App.
• ● You may revoke this permission at any time via device settings.

c) APP List

Purpose:

• ● To detect apps that may indicate financial activity or potential fraud. This helps improve credit evaluation and security.

How it works:

• ● App name, whether pre-installed, version code, first install time, last update time are collected.
• ● Parsed data is sent once over HTTPS to our server (https://data.tumaloans.com) and deleted after 90 days.
• ●We only scan a predefined whitelist/blacklist of known apps.
• ● Non-financial app data is ignored and never stored.
• ● Data is encrypted during transmission.

Your Control:

• ● You may deny this permission; however, doing so may reduce risk-assessment accuracy and could affect loan approval.
• ● You may revoke this permission at any time via device settings.
• ● App list data is used strictly for credit and fraud assessment, and is never used for advertising, profiling, or marketing purposes.

d) Emergency Contacts

Purpose:

• ● To verify your identity and assess your loan eligibility.

How it works:

• ● You manually input two emergency contacts (name, relationship, phone number).
• ● We never access your contact list or address book.
• ● This data is used for verification and will not be shared with third parties without your permission.

e) Identity Information

• Your name, national ID number, date of birth, mobile number, and other valid ID details will be used to verify your identity and assess your loan eligibility.

3. Data Usage

a) Purpose of Using Personal Data

Purpose of Using Personal Data:

• Identity Verification: To meet KYC and AML regulatory requirements.
• Credit Assessment: To determine your loan eligibility.
• Risk Management: Emergency contacts are used for fraud prevention and risk evaluation.
• Loan Management: To process, disburse, and manage your loan.
• Customer Support: To respond to inquiries, complaints, or disputes.
• Legal Compliance: To meet obligations under the Kenya Data Protection Act and CBK regulations.

4. Data Sharing & Disclosure

a) Data Sharing with Third Parties

• Credit Bureaus: Identity data may be shared with Kenyan CRBs for credit scoring, in accordance with the Data Protection Act.
• Legal Authorities: When legally required.
• Debt Collectors: In the case of loan default, your identity information may be shared with licensed collection agencies.All data sharing requires either your explicit consent (via in-app notice) or a legal obligation, and is strictly limited to necessary information.

Additional Clarification:

• Data transmitted from your device (SMS, app list, or location) is used exclusively for credit assessment, fraud prevention, and regulatory compliance.
• We do not sell your data or share it for advertising or marketing purposes.

b) Secure Data Transmission

All shared data is transmitted via HTTPS with TLS 1.3 encryption.

5. Data Security

a) Technical Safeguards

• Encryption: TLS 1.3 for data transmission; AES-256 for data storage on our secure servers.
• Access Control: Only authorized personnel can access data, bound by strict confidentiality agreements. Operation logs are retained for 180 days.
• Server Security: Firewalls, intrusion detection systems, and regular security audits protect our servers.
• App Security: Secure coding practices and regular updates address potential vulnerabilities.

b) No Cookies or Trackers

Our App and website do not use cookies, trackers, or similar technologies, in compliance with Google Play's privacy standards.

6. Data Retention & Deletion

a) Data Retention

• Identity Information: Retained while the account is active, and for 7 years after account closure as required by CBK regulations.
• Emergency Contacts: Retained during the loan lifecycle and deleted within 90 days after repayment, unless otherwise required by law.

b) Data Deletion

• You can request data deletion via the App or by emailing support@tumaloans.com.
• Verification of identity is required for deletion requests.
• Outstanding loans or unpaid fees must be settled first.
• Once deleted, the same phone number cannot be used for re-registration to prevent fraud.
• Deletion is completed within 15 business days, and the data is permanently removed from our servers, unless legally required to retain.
• Deletion does not remove your obligation to repay any outstanding loans.

7. User Rights & Control

a) Core Data Rights

• Access your personal data.
• Correct inaccurate or incomplete data.
• Delete unnecessary personal data (subject to retention rules).
• Restrict data processing to specific purposes.
• Data Portability: Receive your data in a structured format.
• Withdraw Consent: You may withdraw consent to processing (may impact service access).

b) How to Exercise Your Rights

Send a request via email to support@tumaloans.com, including identity verification details. We will respond within 15 business days.

c) Permission Control

The Tuma Loan app may request certain Android permissions, including:

• SMS permission (to read financial messages for credit assessment)
• Location permission (to confirm you are in Kenya)
• App list access (to detect high-risk or financial apps)You can grant or deny these permissions when prompted, or change them later in your device’s app settings.

Revoking permissions may limit or prevent certain verification or risk assessment features, but will not block access to non-core functions.

8. Children's Privacy

a) Age Restriction

Tuma Loan services are strictly for users aged 18 and above.
Minors are not allowed to register or apply for loans.
Our KYC process verifies age using national IDs to ensure compliance with Kenyan law and Google Play policies.

We do not knowingly collect or process personal data of individuals under 18 years of age.

9. Data Protection Officer (DPO)

a) Role & Responsibilities

• Ensuring compliance with the Kenya Data Protection Act and related laws.
• Handling user inquiries, complaints, and rights requests.
• Liaising with the Office of the Data Protection Commissioner.
• Reviewing our data protection practices regularly.Contact: dpo@tumaloans.com We will respond within 15 business days.

10. Contact Us

• Company: FUTURIS TECH LIMITED
• Email: support@tumaloans.com
• Data Protection Officer: dpo@tumaloans.com
• Address: Old Mutual House,Kimathi Street, CBD, Nairobi
• Working Hours: Monday to Friday, 9:00 AM to 6:00 PM

11. Policy Updates

a) Notification of Updates

We may update this policy due to legal, regulatory, or service changes. Updates will be announced via the App, our website (http://www.futurisltd.com/), or email, and will take effect upon publication.

b) Continued Use

Continued use of our Services after a policy update means you accept the revised policy. If you disagree, you may stop using core services or access only non-data-interactive features.