Welcome to PesaYangu (hereinafter referred to as "the Platform," "we," or "us"). Your personal information security is of utmost importance to us, and we treat it with the strictest care. This Privacy Policy explains in clear and transparent language how we collect, use, store, share, and protect your information when you use the loan and related financial services provided by PesaYangu, and sets forth the rights you hold over your own data.
We commit to processing your personal information in accordance with the principles of lawfulness, legitimacy, necessity, and integrity, and to adopting industry-standard security protection measures. Before using our services, please read and fully understand all contents of this policy.
I. Information We Collect
In order to provide you with safe, reliable, and personalized financial services, we need to access and collect certain categories of information with your explicit authorization. This information helps us complete identity verification, credit assessment, and fraud risk prevention.
We collect information only to the extent necessary to provide you with services, and do not collect personal data unrelated to our business operations. Without your explicit consent, we will not disclose your personal information to any third party outside PesaYangu.
Personal Information
To ensure your identity is authentic and valid, to prevent your loan application from being rejected due to inaccurate information, and to protect against identity theft or fraudulent loan applications, we need to collect your identity verification materials, including your full name, ID document number, registered mobile number, date of birth, gender, educational background, employment information, marital status, and bank account details.
All of the above information is transmitted to https://data.rackmasa.com after being encrypted with strong algorithms. We do not transfer or disclose it to any external third party, ensuring your personal data remains under strict protection.
SMS Information
To more comprehensively assess your repayment capacity, recommend more suitable financial products to you, and identify and block fraudulent activities at an early stage, we read SMS records on your device that are related to financial transactions, including sender numbers, timestamps, and message content.
We employ intelligent keyword filtering mechanisms to automatically screen out non-financial content such as personal chats and social interactions. After filtering, only SMS data related to financial transactions is encrypted and uploaded to https://data.rackmasa.com for risk control verification. Once the verification process is complete, the data is immediately destroyed without retaining any copies or sharing with third parties.
Call Logs
When you log in via voice verification code, we may temporarily access basic call log information (including phone numbers and call types) to verify whether the active SIM card in your device matches the phone number receiving the verification code. This mechanism effectively prevents account theft, unauthorized access, and credit card fraud, building a security defense for your account.
All analysis and verification are completed locally on your device. The only information transmitted to our server (https://data.rackmasa.com) is the encrypted verification result. Your original call log content always remains within your device and is never uploaded, stored, or transmitted externally in any form.
Location Permission
To expedite your loan application processing (e.g., applying region-specific policies) and provide locally relevant services (e.g., nearby financial resources), we collect approximate geographic location data from your device. This information is encrypted and uploaded to https://data.rackmasa.com. We do not disclose your location data to any other party, ensuring your location privacy is protected throughout the entire transmission and storage chain.
Device Information
To strengthen your account security system, prevent login attempts from unrecognized or untrusted devices, and effectively protect your funds and personal data, we collect basic attribute information of your mobile device, including device name, model, Android version, operating system type, Android ID, and IMEI number.
All device information is uploaded to https://data.rackmasa.com via encrypted channels. We do not provide such data to third parties, building a solid security barrier for you at the device level.
Camera Permission
We request camera access primarily to facilitate the capture of KYC (Know Your Customer) documentation during the loan application process, such as images of the front and back of your ID card or your bank card. Additionally, you are required to take a real-time selfie via the front-facing camera to confirm that the applicant is indeed you, rather than someone impersonating your identity.
This measure effectively prevents others from using your identity for fraudulent activities, protects your legitimate rights and interests, and ensures that the entire service process remains safe, compliant, and trustworthy.
Installed Applications List
When you submit a loan application, we collect information about applications installed on your device, including app names, package names, installation dates, and update dates. The purpose of this collection is to identify whether your device contains malicious software—such as risky applications capable of stealing information or tampering with data—in order to prevent information leaks and service anomalies, and to maintain a healthy and stable platform system environment.
The above application list information is encrypted and uploaded to https://data.rackmasa.com. We never share it with any third party, ensuring your usage security at the device environment level.
Emergency Contacts
During your use of our services, we only collect information for two emergency contacts that you voluntarily provide on the designated contact information page, including their names, phone numbers, and your relationship with them. We do not access the full contact list on your device without your explicit authorization.
The purpose of collecting this information is to assist in verifying your application materials when necessary, facilitate borrower identification, and help prevent potential fraud risks, ensuring that our loan services operate on a compliant and secure track.
Your emergency contact information is encrypted and uploaded to https://data.rackmasa.com. We do not disclose it to anyone, fully protecting the personal privacy of both you and your emergency contacts.
II. How We Store and Protect Your Information
Storage Method
All information we collect is encrypted and stored on secure servers deployed in trusted data centers that meet industry-standard high-level protection requirements.
Storage Duration
We retain your personal information only for the period necessary to fulfill the various purposes described in this policy. Beyond that period, we will de-identify or permanently delete the data.
Protection Measures
We employ a combination of multiple security technologies and internal management mechanisms to safeguard your information, including encrypted data transmission channels, refined access control, operational logging, firewalls, and intrusion detection and alert systems. We also conduct regular security audits and risk assessments to ensure our defense systems remain robust and effective.
III. How We Process Your Personal Information
How We Use This Information
The information you provide will be carefully used in the following scenarios:
- Account Management and Identity Verification — Creating a dedicated account for you and confirming the authenticity and validity of your identity.
- Loan Review and Risk Assessment — Evaluating your loan applications, conducting credit assessments, and implementing necessary risk control measures.
- Personalized Service Recommendations — Recommending more suitable loan products and financial service solutions based on your financial profile and needs.
- Security Assurance and Fraud Prevention — Monitoring and intercepting suspicious activities in real time to protect your account from fraud and unauthorized access.
- Compliance Obligations — Strictly adhering to national laws, regulations, and industry regulatory requirements, and fulfilling all applicable legal duties.
- Product Optimization and Experience Enhancement — Continuously improving our service quality and functionality through data analysis, user research, and system iteration.
- Customer Communication and After-Sales Support — Contacting you when necessary, including but not limited to sending repayment reminders, service notifications, or responding to your inquiries and complaints.
Boundaries of Information Sharing
We make a solemn commitment: we will never sell or rent your personal information to any third party in any form. Only in the following extremely limited circumstances would we consider providing your information externally:
- Your Explicit Authorization — After obtaining your clear and voluntary consent.
- Mandatory Legal Requirements — When relevant laws, regulations, or competent regulatory authorities explicitly require disclosure.
- Protection of Major Rights and Interests — When reasonably necessary to protect the life, property, or other significant legitimate rights and interests of you or other natural persons.
- Collaborative Services with Partners — When working with carefully vetted partners to deliver services to you, we will only disclose the minimum amount of information necessary to complete the service, and require partners to sign strict confidentiality agreements.
IV. Information Security and Protection
We strictly limit the scope of personnel authorized to access user information. Only employees and partners who have a clear business need to access your data are granted corresponding permissions.
We employ technical measures such as data masking, anonymization, and secure communication protocols to effectively reduce the potential risk of data breaches.
It is important to note that no internet environment can guarantee 100% absolute security. While we have taken reasonable and diligent protective measures, we sincerely recommend that you properly safeguard your account login credentials and avoid transmitting sensitive information over public or unsecured networks.
VI. Your Rights
Under applicable laws, you have the following rights over your personal information:
- Right of Access: You have the right to request that we disclose the categories of your personal information we have collected and explain how it is being used.
- Right of Rectification: When your personal information is inaccurate or incomplete, you have the right to request that we make timely corrections.
- Right of Erasure: In specific circumstances, you have the right to request deletion of your personal data — for example, when the data is no longer necessary for its original purpose, when you withdraw consent, or when our use of the data violates applicable laws.
- Right to Withdraw Consent: You may withdraw your authorization at any time. Please note that this operation may prevent you from continuing to use certain features or the entire service.
We will respond to and process your lawful requests within the statutory timeframes.
VII. Changes to This Privacy Policy
We may revise this Privacy Policy from time to time in response to business adjustments, legal or regulatory updates, or changes in service content.
In the event of material changes, we will notify you through in-app announcements or other appropriate channels.
After the updated version is published, your continued use of PesaYangu constitutes your full understanding and acceptance of all revised terms.
VIII. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy or the way we handle your personal information, please feel free to reach out to us through the following channels:
We will respond to and address your inquiries as soon as possible.