Data Governance
Privacy Policy
Mayicard handles financial and personal information with care because savings, loans, identity, and account access require institutional discipline. This document explains how Four One Financial Services manages privacy, account access, and regulatory compliance.
1. Who controls the data
Four One Financial Services, based in Kampala, Uganda, acts as the primary data controller for the Mayicard platform. However, when Mayicard is deployed as a B2B SaaS for specific SACCOs or MFIs, those respective institutions act as the data controllers for their specific members' financial data, while Mayicard acts as the data processor.
2. What personal data is collected
To provide secure financial services, we collect:
- Identity Data: Full name, National ID details, and Date of Birth.
- Contact Data: Registered phone number (essential for USSD and Mobile Money interactions).
- Financial Data: Savings balances, loan requests, amortisation schedules, and Mobile Money transaction references.
- Technical Data: Device identifiers, IP addresses, and USSD session logs for fraud prevention.
3. Why the data is processed
Data is processed strictly to maintain the integrity of the double-entry ledger. This includes authenticating users (via App or *217*120#), processing deposits and withdrawals, calculating interest and fines, and preventing fraudulent account takeovers.
5. Data retention policy
To comply with Tier 4 microfinance regulations in Uganda, transactional records and core ledger entries must be retained for auditing purposes even if a user closes their account. Marketing and non-essential personal profile data will be permanently deleted upon request via our Account Deletion portal.
