Privacy Policy - YSLA Management System

This Privacy Policy explains how YSLA Management System (“we”, “us”, or “the System”) collects, uses, stores, and protects personal information when you use our web portal, mobile services, USSD channels, and related savings and loan management tools for member groups, associations, and cooperatives in Uganda.

By registering as a member, group leader, or staff user, or by using any part of the System, you agree to the practices described in this policy. If you do not agree, please do not use the System.

1. Who we are

The System is operated to support financial cooperative associations (FCAs), savings groups, and their members. It is used by administrators, field staff, group leaders, and individual members to manage group savings, loans, meetings, and member records.

2. Information we collect

We may collect the following categories of personal information:

Identity and contact details: full name, username, phone number, email address, gender, and date of birth.
Identification: National ID number (NIN), and images of national ID documents where uploaded.
Location data: district, county, subcounty, parish, and village, as required for group and regulatory records.
Financial information: savings balances, deposits, withdrawals, loan applications, repayments, transaction history, and related account statements.
Group and association data: group membership, leader assignments, meeting attendance, and roles within the group.
Account and security data: login credentials (stored in encrypted form), session information, last login time, and authentication tokens for mobile access.
Technical and usage data: device and browser information, IP address, mobile app activity logs, USSD session records, and error reports used to maintain and improve the System.
Communications: support tickets, feedback, notifications preferences (SMS, email), and audit logs of administrative actions.

3. How we use your information

We use personal information to:

Create and manage user, member, leader, and staff accounts.
Process savings, loans, and other financial transactions within your group or association.
Generate statements, reports, and records required for group governance and accountability.
Verify identity and prevent fraud, unauthorized access, or misuse of the System.
Send service-related messages, including loan reminders, group updates, and security alerts (where you have enabled notifications).
Provide customer support and respond to inquiries or complaints.
Comply with applicable laws, cooperative rules, and legitimate requests from authorized regulators or partners.
Improve system performance, security, and user experience through logs and analytics.

4. Legal basis for processing

We process your data based on:

Your consent when you register and accept this policy.
Performance of our services and your membership in a savings group or cooperative.
Legitimate interests such as security, fraud prevention, and system administration.
Legal obligations where retention or disclosure is required by law.

5. How we share information

We do not sell your personal information. We may share data only with:

Your group or association: leaders, treasurers, and authorized staff who need access to manage group activities.
System administrators and FCA staff who operate the platform under strict access controls.
Service providers such as hosting, SMS, or payment partners, under confidentiality obligations and only as needed to deliver services.
Regulators, courts, or law enforcement when required by applicable Ugandan law or a valid legal process.

6. Data retention

We retain personal and financial records for as long as your account is active and for a reasonable period afterward to meet legal, audit, and cooperative record-keeping requirements. When data is no longer needed, we take steps to delete or anonymize it, unless the law requires longer retention.

7. Data security

We implement appropriate technical and organizational measures to protect your information, including password hashing, access controls, and activity logging. No method of transmission over the internet is completely secure; you are responsible for keeping your login credentials confidential and reporting suspected unauthorized access promptly.

8. Your rights

Subject to applicable law, you may have the right to:

Access a copy of the personal information we hold about you.
Request correction of inaccurate or incomplete data.
Request deletion of your data where there is no lawful reason to retain it.
Object to or restrict certain processing, where applicable.
Withdraw consent for optional communications such as marketing messages.

To exercise these rights, contact us using the details in Section 11. We may need to verify your identity before responding.

9. Children’s privacy

The System is intended for adults participating in registered savings groups and cooperatives. We do not knowingly collect personal information from children under 18 without appropriate parental or guardian consent and group authorization.

10. Changes to this policy

We may update this Privacy Policy from time to time. The “Effective date” at the top of this page will indicate when changes take effect. Continued use of the System after updates constitutes acceptance of the revised policy. Material changes may also be communicated through the portal or your group leader.

11. Contact us

For privacy questions, data access requests, or complaints, please contact:

System: YSLA Management System
Otherwise: your group administrator or system support