Privacy Policy

1. Introduction

Welcome to Tshelo ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application and website (collectively, the "Service").

By using Tshelo, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

Data Type	Examples	Purpose
Account Info	Name, phone number, email	Account creation & identification
Mobile Money	Provider selection, phone number	Payment display to contributors
Fund Info	Names, purposes, target amounts	Service functionality
Contributions	Amounts, dates, member details	Tracking contributions
Expenses	Descriptions, amounts, receipts	Tracking expenses
Communications	Messages, notes, thank-yous	In-app communication

2.2 Information Collected Automatically

Data Type	Examples	Purpose
Device Info	Device type, OS, app version	Service optimization
Usage Data	Features used, time spent	Improving the Service
SMS Data	Mobile money confirmations only	Auto-detect payments
Log Data	IP address, browser type	Security & troubleshooting

2.3 Information Related to Premium Features

When you purchase Tokens or use premium features, we collect:

• Transaction details (amount, date, payment method)
• Token balance and usage history
• Feature usage patterns for premium services

We do NOT store full payment card numbers or mobile money PINs. Payment processing is handled by third-party providers.

3. How We Use Your Information

We use the information we collect to:

• Create and manage your Tshelo account
• Process and track contributions within your funds
• Detect mobile money payments and automatically update contribution records
• Generate reports and export fund summaries
• Send notifications about fund activity
• Calculate and display Trust Scores on profiles
• Process Token purchases and maintain your Token balance
• Facilitate communication between fund members
• Provide customer support
• Improve and optimize our Service
• Train and improve our AI models (using anonymized data only)
• Detect and prevent fraud or abuse
• Comply with legal obligations

4. How We Share Your Information

4.1 With Other Fund Members

When you join or create a fund, certain information is visible to other members:

• Your name and profile information
• Your contribution amounts and dates
• Your role (organizer or contributor)
• Messages and reactions you post

This transparency is a core feature of Tshelo, designed to build trust within your community groups.

4.2 With Service Providers

Provider Type	Purpose	Data Shared
Cloud hosting	Store data securely	All data (encrypted)
Payment processors	Token purchases	Transaction data
SMS providers	Notifications	Phone number, message
Analytics	Understand usage	Anonymized data
AI services	Receipt scanning	Receipt images

4.3 We Do NOT

4.4 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

5. AI and Automated Processing

5.1 How We Use AI

Receipt Scanning:

• We process receipt images to extract vendor names, amounts, dates, and categories
• Receipt images may be stored temporarily for processing
• We do not share your receipt images with third parties except our AI service providers

SMS Payment Detection:

• With your permission, we read SMS messages from mobile money providers
• We use pattern matching and AI to identify payment confirmations
• We only process messages from recognized providers (Orange Money, MyZaka, Smega)
• Personal messages are never read or stored

Trust Score Calculation:

• We use automated algorithms to calculate Trust Scores
• Scores are based on objective factors (verification status, fund history)
• No human reviews individual Trust Scores

5.2 Your Rights Regarding Automated Processing

• You can request human review of any automated decision that affects you
• You can opt out of AI-powered features (though this limits functionality)
• You can request deletion of data used in AI processing

5.3 AI Training

• We may use anonymized, aggregated data to improve our AI models
• Your personal information is never used in identifiable form for AI training
• Receipt images used for training have all personal information removed

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

Measure	Description
Encryption	Data encrypted in transit (TLS) and at rest
Access Controls	Limited employee access, role-based permissions
Monitoring	Systems monitored for suspicious activity
Secure Development	Security built into development process
Regular Audits	Periodic security assessments

However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

7. Data Retention

Data Type	Retention Period	Reason
Active account data	While account is active	Service provision
Contribution records	7 years after fund closes	Financial record-keeping laws
Expense records & receipts	7 years after fund closes	Audit trail requirements
Token purchase history	7 years	Tax and financial compliance
Deleted account data	90 days then permanently deleted	Recovery period
Support communications	3 years	Service improvement
AI training data	Indefinitely (anonymized only)	Model improvement
SMS processing logs	30 days	Troubleshooting

Data Deletion

When you delete your account:

• Profile information is deleted within 90 days
• Your contributions in others' funds remain (attributed to "Deleted User")
• Funds you created may be transferred to a co-organizer or closed
• Some data may be retained for legal compliance

8. Your Rights and Choices

Right	Description	How to Exercise
Access	See what data we have about you	Settings → Download My Data
Correction	Fix inaccurate data	Edit in app or contact us
Deletion	Request deletion of your data	Settings → Delete Account
Portability	Get your data in a usable format	Settings → Download My Data
Withdraw Consent	Stop marketing, SMS reading	Settings → Privacy
Opt-Out	Non-essential communications	Unsubscribe link or Settings

9. SMS and Notification Permissions

Our app may request permission to:

• Read SMS Messages: To automatically detect incoming mobile money payment confirmations. We only read messages from recognized mobile money providers (Orange Money, MyZaka, Smega) and do not access personal messages.
• Send Notifications: To alert you about new contributions, fund invitations, and reminders.

These permissions are optional. You can disable them at any time through your device settings, though this may limit certain features.

10. Country-Specific Privacy Rights

10.1 South Africa (POPIA Compliance)

If you are located in South Africa, you have additional rights under the Protection of Personal Information Act (POPIA):

• Right to be notified when your personal information is collected
• Right to access your personal information
• Right to request correction of inaccurate information
• Right to request deletion of your personal information
• Right to object to processing of your personal information
• Right to submit a complaint to the Information Regulator

10.2 Kenya (Data Protection Act 2019)

If you are located in Kenya, you have rights under the Data Protection Act, 2019:

• Right to be informed of the use of your personal data
• Right to access your personal data
• Right to object to processing
• Right to correction of false or misleading data
• Right to deletion of false or misleading data

10.3 Zimbabwe, Ghana, Nigeria, Uganda

We comply with applicable data protection requirements in these jurisdictions and respect your rights to:

• Access your personal data
• Request correction or deletion
• Object to certain processing activities

Contact us for specific information about your rights in your jurisdiction.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. When we transfer data internationally, we ensure appropriate safeguards are in place:

• Standard contractual clauses where required
• Data processing agreements with all service providers
• Encryption of data in transit and at rest

12. Children's Privacy

Tshelo is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending you a notification through the app or email for significant changes

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

📧 Email: [email protected]

Tshelo is a product of Data Sentinels (Pty) Ltd
Gaborone, Botswana