Privacy Policy

Introduction

KeedPay is a financial services mobile application provided by Keed Ghana LTD ("Keed", "we", "us" or "our"). We value your privacy and are committed to protecting your personal information. This Privacy Policy explains what data we collect from users of the KeedPay app ("you" or "your"), how we use and share that data, and your rights regarding your personal information. This Policy is intended to comply with applicable Ghanaian laws, including the Data Protection Act, 2012 (Act 843), and will be updated as our services evolve. By using KeedPay, you agree to the collection and use of your information as described in this Policy.

Data Controller

The Data Controller of your personal information collected while you use KeedPay is Keed Ghana LTD of KGL House, 134 Ndabaningi Sithole Road, Labone, Accra, Ghana.

Information We Collect

In order to provide our services efficiently and in compliance with the law, we collect some personal information. This information is necessary for us to deliver our services to you. If you do not provide the requested information, we may be unable to provide you with some or all of our services.

We only collect personal information that is necessary for providing our services and complying with the law. The types of information we may collect include:

• Personal Identification Data: Your phone number and identity details obtained through our Know Your Customer (KYC) process. During registration or when a corporate partner disburses funds to you, we verify your identity with Ghana's National Identification Authority (NIA). This may include your full name, date of birth, Ghana Card number or other national ID details, and any other information needed to confirm your identity.
• Contact Information: Besides your phone number, we may collect additional contact details such as your email address or residential address if needed for account verification or communication (e.g. if you provide these during support requests or future feature updates).
• Financial and Transaction Data: Information about the transactions you perform using KeedPay. For example, we record when you receive funds from a merchant, your account balance, any top-ups you make from your mobile money or bank account, bill payments or purchases you initiate (such as airtime, utilities, or digital tickets), and withdrawals to your own mobile money account. We also maintain records of fees paid and transaction history for compliance and customer service.
• Device and Usage Information: When you use the KeedPay app, we may automatically collect certain technical information for security and analytics. This can include device identifiers, device type, operating system, app version, IP address, and timestamps of app usage. We may also log app events (such as login times, transaction submissions, errors or crashes) to monitor the performance of our services. This information helps us secure your account and improve our platform's user experience.
• Compliance-Related Data: As a regulated financial service, we might collect additional data for anti-money laundering (AML) and fraud prevention. This includes records required by law such as verification documents (for example, copies or references of your Ghana Card or other ID if needed), and records of communications or confirmations to meet regulatory requirements. We also keep logs of user consents and preferences (e.g., if you opt-in or opt-out of certain features or communications).

We do not collect any information not needed for providing our service. For instance, we do not track your phone's contact list, we do not access your personal messages, and we do not use any hidden identifiers for advertising purposes. KeedPay does not show third-party ads, so your data is not collected for advertising profiles.

How We Collect Your Information

We obtain personal data about you in the following ways:

• Directly from You: When you download the KeedPay app and register, you provide your phone number and undergo our onboarding process. You may input or confirm personal details during registration or later (for example, entering a One-Time Password sent to your phone to verify your number). If we introduce additional features (like adding an email or profile info), any data you enter in the app is collected by us for the stated purposes.
• Through Automated NIA KYC Verification: If you are receiving a disbursement and are not yet registered, the app (or a link we provide) will prompt you to complete a KYC verification. We integrate with the National Identification Authority (NIA) systems to retrieve and validate your identity information using your Ghana Card or other national ID. With your consent, we use your ID number (or biometric verification as applicable) to pull your basic data from the NIA database to auto-fill your registration. This ensures a quick and accurate onboarding. We only retrieve necessary information (such as name, date of birth, etc.) and do not store any biometric data from NIA – only the identity confirmation and details needed for your account.
• From Corporate "Merchant" Partners: Our service allows businesses ("merchants") to disburse funds to individuals via KeedPay. If a merchant initiates a payment to your phone number through our API or platform, we collect that phone number and transaction amount from the merchant to process the disbursement. If you are not yet a registered user, we will use the provided phone number to invite you to join KeedPay to claim your funds. The merchant may also provide a reference or reason for the payment (e.g., "loan payout" or "prize winnings"), which we record as part of the transaction details. Please note, beyond necessary transaction details, merchants do not provide us with additional personal information about you – they rely on your phone number for disbursement. Any further personal data needed for your account comes from you and the KYC process, not from the merchant.
• Through Your Use of the App: As you use KeedPay, our systems automatically collect usage and device data as described above (see "Device and Usage Information"). This is done through in-app telemetry and analytics tools to help us keep the service secure and efficient. For example, our app might use a trusted third-party analytics service to collect crash reports or performance metrics. These tools may use device identifiers or anonymized data, but they do not collect personal details like your name or financial info. We do not use any analytics that profile you for advertising; all usage data is solely for improving our service reliability and user experience.
• Cookies and Similar Technologies: While KeedPay is primarily a mobile app, if you use our website or any web portal we provide, we may use cookies or similar technologies. Cookies are small text files stored on your browser to remember information. For example, if our website has a login area for merchants or a support chat, cookies might be used to keep you logged in or to remember preferences. We do not use cookies for advertising. Any cookies we use are for functionality (e.g., session management) or basic analytics on our website usage. You can control cookies through your browser settings, but core features (like logging into a portal) may require them. (For app usage, cookies are not used; instead, the app uses secure storage on your device for things like remembering that you are logged in, which you can clear by logging out.)

How We Use Your Information

We use the collected information to provide and improve the KeedPay services, in accordance with Ghanaian law and with your privacy in mind. Specifically, we may use your personal data for the following purposes:

• Providing the KeedPay Service: We use your personal and financial information to create and manage your KeedPay account, including verifying your identity (KYC) and allowing you to access the app. For example, your phone number is used as your primary account identifier and for sending verification OTPs. Your identity details (from NIA) ensure that each account is linked to a real individual as required by law. We also use your information to process the transactions you request – such as crediting your account when a merchant disburses funds to you, facilitating your top-ups from your mobile money or bank, executing your withdrawal requests back to your own mobile money account, and completing payments you make (for example, paying a utility bill, purchasing airtime, or buying a digital ticket). Without this information, we cannot perform the core functions of our service.
• Notifications and Communication: We use your contact information to send you important transaction alerts and account notifications. This includes confirmations when you receive funds, receipts for payments you make, one-time passwords (OTP) for verification, security alerts (e.g., if a new device logs into your account), or notifications of any changes affecting your account (like updates required for KYC). These are transactional or service-related messages which you cannot opt out of because they are essential for using KeedPay safely. Additionally, if you have agreed or if permitted by law, we may send promotional communications about new features, offers, or products related to KeedPay. For instance, we might inform you of new services (such as when we introduce a new bill payment option or a loyalty reward program). We will always comply with Ghana's regulations on electronic communications; if we ever send marketing messages, we will provide a clear option to opt out or unsubscribe from future promotional communications. (Opting out of promotions will not affect your receipt of essential transactional notifications.)
• Customer Support: If you contact us for help (via email, in-app chat, or phone), we will use your information to assist you. This may include accessing your account details and transaction history to resolve any issues, and using your contact info to communicate back with you. We keep records of support interactions (such as complaint details or support tickets) to track issues and improve our customer service.
• Compliance and Legal Obligations: We process and retain your data as needed to comply with applicable laws and regulatory requirements. Keed Ghana LTD operates under an Enhanced Payment Service Provider (PSP) license issued by the Bank of Ghana. This means we are required to implement strict anti-money laundering (AML), combating the financing of terrorism (CFT), and customer due diligence measures. Your information (like KYC details and transaction records) will be used to meet these obligations – for example, verifying your identity against government databases, monitoring transactions for any suspicious activity, and reporting to regulatory authorities (such as the Financial Intelligence Centre or Bank of Ghana) if required by law. We may also use your data to enforce our terms and to protect our rights or the rights of other users. For instance, if we detect possible fraud or misuse of the app, we will use relevant data to investigate and take appropriate action (which could include suspending the account and informing law enforcement if necessary).
• Service Improvement and Research: We may analyze usage trends and feedback to improve KeedPay. For example, we might review how users navigate the app or which features are most used, in order to enhance functionality and user experience. Any analysis for this purpose will typically use aggregated or anonymized data whenever possible (so it does not identify you personally). If we ever use your personal data for broader research or analytics, we will ensure it's done in compliance with privacy laws – often this means data will be de-identified. Our goal is to make the app more useful and reliable while respecting your privacy.
• New Features and Offerings: As we expand our services, we may use your data in new but related ways. For example, if we integrate new payment services, we might use your account information to enable those features for you. Rest assured that if any new use of data is substantially different or unrelated to the purposes we collected it for, we will seek your consent or provide notice as required by law. We aim to ensure any new product or feature is accompanied by appropriate privacy safeguards and transparency.

We will never use your personal information for purposes that are not disclosed to you or that are not permitted under Ghanaian law. We do not sell your personal data to anyone. Any use of your data will be for legitimate business purposes consistent with providing you the KeedPay service, improving it, or meeting our legal and contractual obligations to you. If we need to process your data for a purpose that requires your consent (and is not otherwise covered by law or this Policy), we will obtain your consent prior to such processing, and you have the right to withdraw that consent at any time.

Sharing of Your Information

Keed Ghana LTD treats your personal information with care and confidentiality. We do not share your data with third parties for their own marketing or commercial uses. However, in order to deliver our services and fulfill legal requirements, we may share your information in the following contexts:

• With Service Providers (Data Processors): We employ trusted third-party companies and individuals to help us provide the KeedPay service. This includes, for example: cloud hosting providers (to securely store data and run our application), SMS gateway services (to send verification codes and transaction alerts to your phone), payment processors or banking partners (to facilitate top-ups and withdrawals via mobile money or bank transfers), and KYC/identity verification partners such as the National Identification Authority (to verify your ID details). These service providers only receive the information necessary for them to perform their specific functions. We require that they protect your information and use it solely for the purpose of providing services to us. They are not permitted to disclose or use your data for any other purpose, and they must implement adequate security measures in line with Act 843 and our own policies.
• With Corporate Merchants (Limited Information): If you are receiving a payment from a merchant through KeedPay, that merchant will obviously know the details of the transaction they initiated (such as your phone number, name if you provided it to them, the amount, and reason for payment). However, we do not additionally share your personal data with merchants beyond what they provided or what is necessary to complete the transaction. For example, if a merchant disburses funds to you, we may confirm to the merchant whether the payment was successful and whether you have claimed the funds (or if it's pending because you haven't registered yet). We do not send merchants your private data like your full ID information or other transaction history in your account, unless you explicitly consent or it's required to resolve a dispute you raised. Any data that a merchant has about you (such as your phone number or why they are paying you) is subject to that merchant's own privacy practices. We advise you to review the privacy policies of merchants who pay you, as Keed is not responsible for how those businesses handle information they collected independently of our app.
• Within Our Corporate Group: We may share your data with our affiliates and subsidiaries when necessary for business administration, to develop new services, or to facilitate the specific services you use. Any internal sharing still abides by this Privacy Policy – our affiliates and subsidiaries will afford your data the same level of protection and only use it for the reasons it was collected. If in the future we undergo a corporate restructuring or if KeedPay's operations are transferred to a new company (e.g., merger or acquisition), we will ensure the new entity continues to protect your data, and we will notify you of any change in data handling or ownership as required by law.
• For Legal Compliance and Protection: We may disclose your information to third parties when required by law or lawful order. This includes responding to court orders, subpoenas, or lawful requests by government authorities (such as law enforcement, regulators, or the Data Protection Commission). For example, if the Bank of Ghana or Financial Intelligence Centre requests certain customer information as part of regulatory audits or investigations, we are obliged to provide it. We will only share what is legally necessary and will object to overbroad requests if appropriate. Additionally, we may share information if we believe in good faith that such disclosure is necessary to protect our rights, investigate fraud, enforce our Terms and Conditions, or protect you or others from harm. This might include sharing information with law enforcement or relevant institutions if a user is suspected of fraud, money laundering, or other illegal activities affecting our platform.
• With Your Consent: In situations other than those above, if there is ever a need to share your personal information with a third party, we will notify you and obtain your consent before doing so. For instance, if we launch a new feature in partnership with a third party that requires sharing some of your data, we will let you know and give you the choice to use that feature (and thus agree to the data sharing) or not. You are in control of whether we share your data in such contexts.

No Sale of Personal Data: We want to reiterate that we do not sell or rent your personal information to anyone. Ghanaian law actually prohibits the sale of personal data and we take this seriously. Your information is used only for legitimate service purposes as described. We may share anonymized or aggregated information (which can no longer identify you) publicly or with partners – for example, publishing trends about app usage or number of transactions (without any personal details). But in such cases, there is no personal data included.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this Privacy Policy, and to comply with our legal and regulatory obligations. How long we keep specific data depends on the type of information and the reasons we collected it:

• Account and KYC Information: We will keep your basic account information (like name, contact, KYC details) for as long as you maintain an active KeedPay account. Even if you stop using the app, as long as your account is open, we retain your data so you can log in again and so that we can comply with regulatory monitoring. If you choose to close your account or if it has been inactive for a long period, we will initiate the process of closing it (subject to any remaining balance or pending transactions). After account closure, we may retain certain information for a defined period required by law. For instance, financial regulations and anti-money laundering laws in Ghana may require us to keep records of customer identification and transactions for a number of years (at least 5 years in respect of anti-money laundering laws) after the end of the customer relationship. During this retention period, your data will be securely stored and isolated from active use, and only accessed if needed for audits, legal obligations, or resolving disputes. Once that retention period expires, or if the data is no longer needed for any legal/business purpose, we will delete or irreversibly anonymize it.
• Transaction Records: Transaction histories (payments, receipts, withdrawals) are generally kept for the life of the account and for the legally mandated retention period thereafter. This is necessary for financial reporting, reconciliations, and to resolve any future queries you or authorities might have about specific transactions. Even if you delete the app or stop using the service, we maintain these records as required. We protect these records and restrict access to them to authorized personnel only.
• Communications and Support Logs: If you contacted customer support or if there are records of communications (like consent given, changes made upon your request, or complaints lodged), we retain those records as long as needed to serve you and demonstrate compliance. For example, if you raised a dispute about a transaction, we keep the correspondence until the issue is fully resolved and then for any additional time required by law (in case of regulatory reviews).
• Technical Logs: Logs and analytics data are retained for shorter periods unless they are being used for security analysis. For example, basic app log data might be kept for a few months to assist in troubleshooting and improving the app, then either deleted or aggregated. Security-related logs (like records of device sign-ins or failed login attempts) may be kept longer to monitor unauthorized access attempts and ensure account safety.
• Deletion of Data: When we delete personal data, we ensure it is removed from our active databases and systems. We may retain copies in secure backup storage for a short duration (due to routine backup processes), but have processes to eventually purge or encrypt those too. We delete data securely using industry-standard methods so that it cannot be recovered or read. Where data must be retained for legal reasons, we will cease active use of that data and ensure it's only kept for compliance purposes.

In summary, we strive not to keep your personal information longer than necessary. We also follow the principle of not retaining personal data indefinitely without justification in accordance with Act 843. If you believe we are holding onto any of your information longer than we should, please contact us (see Contact Us below) and we will review and address your request in line with legal requirements.

Data Security

We take the security of your personal information very seriously. KeedPay uses a combination of technical and organizational security measures to protect your data against unauthorized access, loss, theft, or alteration. These include:

• Encryption: Sensitive data transmitted between your device and our servers is encrypted using industry-standard protocols (such as HTTPS/TLS). This means that when you enter personal or financial information in the app, it is securely transmitted. We also encrypt certain sensitive data at rest on our servers or databases. For example, passwords/PINs are stored in hashed form (not in plain text), and any sensitive personal identifiers are stored with encryption or tokenization where feasible.
• Access Controls: We restrict access to personal data strictly to authorized personnel at Keed Ghana LTD who need it to perform their job duties (for example, customer support agents accessing your account info when you have an issue, or compliance officers reviewing transactions). All staff undergo background checks and are trained on confidentiality and data protection requirements. We maintain internal policies to prevent unauthorized insider access or sharing of data. Our systems also employ authentication and session controls to ensure that each user only accesses their own account data – for instance, the app uses secure login/PIN or biometric locks so that only you can access your account on your device.
• Security Testing and Monitoring: We regularly test our systems for vulnerabilities. Our engineering team employs firewalls and intrusion detection systems to guard the network where user data is stored. We receive real-time alerts on suspicious activities and have measures to block fraudulent transactions or unauthorized login attempts (for example, if a login occurs on a new device, we might prompt for extra verification). We also keep our app and backend software up to date with the latest security patches. Furthermore, as a financial service provider, we must adhere to Bank of Ghana's cybersecurity and data protection guidelines – including periodic audits and compliance checks.
• Third-Party Security: When we use third-party service providers (like cloud or payment processors), we choose reputable firms and impose contractual obligations on them to protect your data. We assess their security measures and ensure they comply with standards required by Ghanaian regulators Act 843. If any service provider experiences a data breach affecting KeedPay user data, they are required to notify us immediately so we can in turn inform regulators and users as needed.
• Your Responsibility: While we work hard to secure our systems, it is also important that you take steps to protect your account. Never share your KeedPay PIN or any login verification codes with anyone. Be cautious of phishing attempts – our staff will never ask for your password or OTP via phone or SMS. Only use the official KeedPay app and keep your device secure (use a phone lock, and avoid installing untrusted apps that could compromise security). If you suspect that your KeedPay account or personal data has been compromised (for example, your phone is lost/stolen or you notice unauthorized transactions), please contact us immediately so we can help secure your account.

Despite our robust security measures, no system is 100% impenetrable. In the unlikely event of a data breach that poses a risk to your rights or privacy, we will follow Ghanaian law requirements to inform the Data Protection Commission and notify affected users as soon as reasonably possible, along with information on steps we are taking to mitigate the impact. We are committed to transparency and protecting our users.

Your Rights

Under Ghanaian data protection laws, you have certain rights regarding your personal data that we hold. We uphold these rights and have processes to enable you to exercise them. Your key rights include:

• Access: You have the right to request information about the personal data we hold about you and to obtain a copy of that data. This means you can ask us to confirm what information we have collected, how we have used it, who we have shared it with, and how long we intend to keep it. You will be required to provide proof of your identity in order for us to provide you with the requested information. Where your identity has been sufficiently determined, we will provide you with this information, except in rare cases where we are permitted by law to withhold data (for example, if releasing it would violate someone else's privacy or a legal obligation). Typically, your basic account information and transaction history are available to you directly in the KeedPay app. For any additional details or a full data access request, you can contact us (see Contact Us section) and we will guide you through the process.
• Correction (Rectification): We strive to keep your personal data accurate and up to date. If you discover that any information we hold about you is incorrect, incomplete, or outdated (for example, your name is misspelled or your contact number changed), you have the right to request a correction. Some details (like your phone number or email) you might be able to update directly in-app. For other details retrieved via NIA (like your official name or date of birth), you may need to provide updated documentation, and we will assist in updating our records accordingly. There is no charge for correcting your data, and we aim to do it promptly as required by law.
• Deletion: In certain circumstances, you can request that we delete your personal data. For example, if you decide to close your KeedPay account and we no longer have any legitimate reason or legal obligation to keep your data, you can ask that we erase the personal information associated with your account. We will delete what we can, but please note that we cannot delete all data immediately in all cases – if we are required by law to retain certain records (such as KYC and transaction history for the mandated period), we must uphold those requirements. However, we will inform you of what data can and cannot be deleted at the time of your request. Any data that we must keep for legal reasons will be isolated and protected and only used for those reasons.
• Objection to Processing: You have the right to object to certain types of processing of your personal data. For instance, if you believe we are processing information in a way that causes you unwarranted harm or distress, you may raise an objection in writing, and we will review whether such processing can be ceased. In accordance with the Data Protection Act, we will only send direct marketing communications with your prior consent, which may be obtained during the onboarding process. You will also have the option to opt out of receiving such communications at any time, after which we will stop using your data for that purpose. KeedPay does not engage in automated decision-making that significantly affects users; all such decisions, including those related to account reviews, are subject to human oversight.
• Rights in Relation to Automated Decision-Taking: If you believe an automated process is unfairly affecting you, you can request human review.
• Withdrawal of Consent: In cases where our processing of your data is based on your consent (as opposed to other legal bases like contract or legal obligation), you have the right to withdraw that consent at any time. For example, if you consented to receive marketing notifications, you can later withdraw that consent by changing your app settings or contacting us. Withdrawing consent will not affect the lawfulness of any processing we already did while we had your consent, and it will not affect processing done under other lawful bases.

Contact Us

If you have any questions about this Privacy Policy, or if you wish to exercise any of your rights described above, please contact us:

Email: privacy@keedpay.com

Address: Keed Ghana Limited, KGL House, 134 Ndabaningi Sithole Road, Labone, Accra, Ghana

You may also contact the Ghana Data Protection Commission if you believe your data protection rights have been infringed.