Privacy Policy

This Privacy Policy explains how Mightyfin collects, uses, stores, shares, and protects personal data from website visitors, applicants, customers, authorised representatives, guarantors, next of kin, business contacts, and users of our digital services.

It applies when you use our website, customer platform, loan application flows, wallet services, payment services, support channels, verification flows, or other Mightyfin services.

This policy is intended to support compliance with Zambia's Data Protection Act No. 3 of 2021 and other applicable Zambian laws governing financial services, consumer protection, fraud prevention, anti-money laundering, records, tax, and lawful disclosure.

The Data Protection Act recognises personal data, sensitive personal data, consent, data-subject rights, data-controller obligations, and rules for collection, use, storage, disclosure, and protection of personal data. Mightyfin treats customer identity, biometric verification, financial, wallet, transaction, and affordability data as high-risk information requiring appropriate safeguards.

We may collect identity and contact data such as names, NRC or other identity numbers, date of birth, gender, phone number, email address, residential address, province, town, and profile photo.

We may collect financial, employment, business, affordability, wallet, repayment, payment-method, transaction, device, log, communication, document, biometric verification, fraud-prevention, and compliance information where required for our services.

We collect data directly from you when you sign up, apply, upload documents, verify identity, use wallet features, make payments, contact support, or update your profile.

We may also receive data from verification providers, payment providers, employers or contacts you nominate, business records, compliance databases, credit or affordability sources, public records, and service providers acting on our instructions.

We process personal data to create and manage accounts, verify identity, assess loan applications, conduct affordability and risk checks, provide wallet and payment services, administer loans, process repayments, prevent fraud, comply with legal obligations, resolve complaints, and communicate with you.

We may use data to improve services, maintain system security, generate audit records, perform analytics, and meet regulatory, tax, accounting, anti-money laundering, sanctions-screening, and record-keeping requirements.

Where consent is required, we ask for a clear affirmative action such as ticking a checkbox before account registration or loan application submission. You may withdraw consent by contacting us, but withdrawal does not affect processing already performed lawfully or processing required for legal, contractual, compliance, fraud-prevention, or debt-recovery purposes.

We may also process data where necessary to perform a contract, take steps before entering into a contract, comply with law, protect legitimate business interests, protect customers and the platform from fraud, or establish, exercise, or defend legal claims.

We keep consent evidence such as consent text version, timestamps, platform logs, and submission context where reasonably necessary to evidence lawful processing and defend against disputes.

We may share data with identity verification providers, payment processors, banks, mobile money operators, credit or affordability partners, communications providers, hosting and technology providers, professional advisers, collection or recovery partners, insurers, auditors, regulators, law enforcement, courts, and other parties where permitted or required by law.

We require service providers to process personal data only for authorised purposes and to apply appropriate safeguards.

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, including loan administration, wallet and transaction records, audit logs, dispute handling, compliance, accounting, tax, fraud prevention, and legal obligations.

When data is no longer required, we delete, anonymise, archive, or restrict it in line with operational and legal requirements.

We use administrative, technical, and organisational safeguards designed to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. These include access controls, authentication, audit records, encryption where appropriate, secure hosting, and monitoring.

No digital service is completely risk-free. You must keep your device, PIN, OTPs, email, phone number, and login details secure.

Subject to applicable law, you may request access to your personal data, correction of inaccurate data, deletion where lawful, restriction or objection to certain processing, withdrawal of consent, and information about how your data is processed.

We may need to verify your identity before responding and may retain information where required by law, contract, compliance obligations, fraud prevention, dispute resolution, or legitimate business records.

Some technology, hosting, verification, payment, or support providers may process data outside Zambia. Where this occurs, we aim to use lawful transfer mechanisms and appropriate safeguards for the nature of the data and processing.

Mightyfin may use automated or semi-automated checks to support identity verification, fraud screening, affordability checks, risk scoring, application routing, repayment monitoring, and transaction monitoring.

Automated checks do not remove your right to contact us, correct inaccurate information, provide supporting evidence, or request human review where required by applicable law or our internal procedures.

Our services are intended for adults who can lawfully enter financial agreements. We do not knowingly provide credit products to children.

We may update this Privacy Policy to reflect legal, regulatory, product, security, or operational changes. The latest version posted on this website applies from its effective date.