Privacy Policy

Effective: 07 September 2025

We respect your privacy and comply with the Kenya Data Protection Act, 2019 and Google Play policies. FxEmpesa Kenya facilitates user-initiated transfers between M-Pesa (Safaricom) and Deriv trading accounts. FxEmpesa is not affiliated with or endorsed by Safaricom (M-Pesa) or Deriv.

1. Information We Collect

• Personal identifiers: full name, email, phone number, country.
• Account identifiers: Deriv login ID/token (when you link), FxEmpesa user ID.
• Transaction data: amounts, currency, exchange rate, timestamps, status, relevant M-Pesa reference/shortcode and Deriv account references.
• Device & usage: app version, OS, IP (approximate), logs for fraud prevention, security and diagnostics.

2. How We Use Information (Purposes & Legal Bases)

• Provide the service (Contract): process your requested M-Pesa ⇄ Deriv transfers; show balances and history; handle support.
• Security & fraud prevention (Legitimate interests): detect abuse, protect accounts, ensure service reliability.
• Compliance (Legal obligation): meet AML/KYC, tax and financial-record requirements.
• Product improvement (Legitimate interests): diagnostics and quality monitoring.

3. Data Sharing

We do not sell your data or share with advertisers. We share only as needed to provide the service or comply with law:

• Safaricom (M-Pesa): to execute mobile-money transactions you initiate (e.g., name or phone number as registered with M-Pesa, transaction amount, references).
• Deriv: to execute transfers to/from your Deriv account you initiate (e.g., Deriv login ID, amounts, references required by Deriv).
• Service providers (secure hosting, payments, communications): strictly limited to performing services on our behalf under confidentiality obligations.
• Regulators/law enforcement: when legally required.

4. Security

We use encryption in transit, token-based authentication, and secure storage. Passwords and tokens are never stored in plain text. You are responsible for safeguarding your device and credentials.

5. International Transfers

Some partners (e.g., Deriv) may process data outside Kenya. Where applicable, we use contractual safeguards to protect your information.

6. Retention

Account and transactional records are retained for as long as you maintain an account and as required by law (typically up to 7 years for financial/AML compliance). After retention periods, data is securely deleted or anonymized.

7. Your Rights

You may request access, correction, portability, objection, or deletion subject to legal limits. Contact: support@fxempesakenya.com.

8. Account Deletion

• In-app: Profile → Account → Delete account (irreversible). We will deactivate immediately and permanently delete eligible data within 30 days.
• Web fallback: fxempesakenya.com/delete-account to submit a verified deletion request.
• Legal holds: Some records (e.g., transaction ledgers) may be retained for statutory AML/financial obligations for up to 7 years.

9. Children

Services are for users aged 18+ only. We do not knowingly collect data from minors.

10. Changes

We may update this policy periodically. Material changes will be highlighted here and may be announced in-app.

← Back to Home