We collect only the information necessary to help you manage community contributions. We never sell your personal data to third parties. Your money stays between you and your community — we just help you track it.
Welcome to Tshelo ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").
By using Tshelo, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.
| Data type | Examples | Purpose |
|---|---|---|
| Account info | Name, phone number, email | Account creation & identification |
| Mobile money | Provider selection, phone number | Payment display to contributors |
| Fund info | Names, purposes, target amounts | Service functionality |
| Contributions | Amounts, dates, member details | Tracking contributions |
| Expenses | Descriptions, amounts, receipts | Tracking expenses |
| Communications | Messages, notes, thank-yous | In-app communication |
| Data type | Examples | Purpose |
|---|---|---|
| Device info | Device type, OS, app version | Service optimisation |
| Usage data | Features used, time spent | Improving the Service |
| SMS data | Mobile money confirmations only | Auto-detect payments |
| Log data | IP address, browser type | Security & troubleshooting |
When you purchase Tokens or use premium features, we collect:
We do not store full payment card numbers or mobile money PINs. Payment processing is handled by third-party providers.
We use the information we collect to:
When you join or create a fund, certain information is visible to other members:
This transparency is a core feature of Tshelo, designed to build trust within your community groups.
| Provider type | Purpose | Data shared |
|---|---|---|
| Cloud hosting | Store data securely | All data (encrypted) |
| Payment processors | Token purchases | Transaction data |
| SMS providers | Notifications | Phone number, message |
| Analytics | Understand usage | Anonymised data |
| AI services | Receipt scanning | Receipt images |
We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Receipt scanning. We process receipt images to extract vendor names, amounts, dates, and categories. Receipt images may be stored temporarily for processing. We do not share your receipt images with third parties except our AI service providers.
SMS payment detection. With your permission, we read SMS messages from mobile money providers. We use pattern matching and AI to identify payment confirmations. We only process messages from recognised providers (Orange Money, MyZaka, Smega). Personal messages are never read or stored.
Trust Score calculation. We use automated algorithms to calculate Trust Scores. Scores are based on objective factors (verification status, fund history). No human reviews individual Trust Scores.
We implement appropriate technical and organisational measures to protect your personal information:
| Measure | Description |
|---|---|
| Encryption | Data encrypted in transit (TLS) and at rest |
| Access controls | Limited employee access, role-based permissions |
| Monitoring | Systems monitored for suspicious activity |
| Secure development | Security built into development process |
| Regular audits | Periodic security assessments |
However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
| Data type | Retention period | Reason |
|---|---|---|
| Active account data | While account is active | Service provision |
| Contribution records | 7 years after fund closes | Financial record-keeping laws |
| Expense records & receipts | 7 years after fund closes | Audit trail requirements |
| Token purchase history | 7 years | Tax and financial compliance |
| Deleted account data | 90 days then permanently deleted | Recovery period |
| Support communications | 3 years | Service improvement |
| AI training data | Indefinitely (anonymised only) | Model improvement |
| SMS processing logs | 30 days | Troubleshooting |
When you delete your account:
| Right | Description | How to exercise |
|---|---|---|
| Access | See what data we have about you | Settings → Download My Data |
| Correction | Fix inaccurate data | Edit in app or contact us |
| Deletion | Request deletion of your data | Settings → Delete Account |
| Portability | Get your data in a usable format | Settings → Download My Data |
| Withdraw consent | Stop marketing, SMS reading | Settings → Privacy |
| Opt-out | Non-essential communications | Unsubscribe link or Settings |
Our app may request permission to:
These permissions are optional. You can disable them at any time through your device settings, though this may limit certain features.
If you are located in South Africa, you have additional rights under the Protection of Personal Information Act (POPIA):
Information Regulator contact: www.inforegulator.org.za
If you are located in Kenya, you have rights under the Data Protection Act, 2019:
Office of the Data Protection Commissioner: www.odpc.go.ke
We comply with applicable data protection requirements in these jurisdictions and respect your rights to:
Contact us for specific information about your rights in your jurisdiction.
Your information may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place:
Tshelo is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.
We may update this Privacy Policy from time to time. We will notify you of any material changes by:
Your continued use of the Service after changes constitutes acceptance of the updated policy.
Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Email: tshelo@data-sentinels.com
Tshelo is a product of Data Sentinels (Pty) Ltd, Gaborone, Botswana.