Skip to main content
New Card Issuing API v3 is now live — build branded card programs in minutes. Explore the docs →
Developers
Login Get Started
Legal

Privacy Policy

How Fyatu collects, uses, and protects your personal information.

Last updated: 2025-06-01

1. Introduction

Fyatu (“we,” “us,” “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, including our Website (https://fyatu.com), Mobile Application, and all related Services.

This policy applies to all Fyatu entities: FYATU FINANCIAL TECHNOLOGIES LIMITED TZ (Tanzania), FYATU SARL (DR Congo), and FYATU FINANCIAL TECHNOLOGIES (Ivory Coast). By using our Services, you consent to the practices described herein.

2. Information We Collect

From Individual Users

During Registration and KYC verification, we collect:

  • Full name, date of birth, nationality
  • Email address and phone number
  • Government-issued identification document (ID card or passport)
  • Selfie photo for biometric identity verification

From Business Users

In addition to the above for authorized representatives, we collect:

  • Company name, registration number, and country of incorporation
  • Certificate of incorporation and business license
  • Bank statements
  • Details of directors and ultimate beneficial owners (UBOs)

Financial Data

Through your use of our Services, we collect:

  • Transaction history (card payments, transfers, top-ups, withdrawals)
  • Wallet balances and funding sources
  • Virtual card details and usage patterns
  • Mobile Money operator details (Airtel Money, M-Pesa, MTN, Orange Money)
  • Stablecoin wallet addresses (USDT, USDC) used for deposits and withdrawals
  • eWallet provider details (Binance, Skrill, Payoneer, Revolut, PayPal, Volet, Wise)

Technical Data

We automatically collect when you access our platform:

  • Device type, operating system, browser version
  • IP address and approximate geolocation
  • Usage patterns, session duration, and feature interactions
  • Cookies and similar tracking technologies (see our Cookie Policy)
  • Mobile device identifiers and push notification tokens

3. How We Use Your Information

  • Provide Services — Process transactions, issue Virtual Cards, execute money transfers, top up airtime, deliver eSIMs, and manage your Wallet
  • Verify identity — Conduct KYC checks through our third-party verification providers, prevent fraud, and comply with AML regulations
  • Process payments — Facilitate deposits and withdrawals through Mobile Money, Stablecoins, and eWallet providers
  • Communicate — Send transaction confirmations, security alerts, service updates, and support responses
  • Comply with law — Meet regulatory obligations in Tanzania, DR Congo, Ivory Coast, and other applicable jurisdictions
  • Manage risk — Detect suspicious activity, prevent unauthorized access, and enforce our Terms of Service
  • Improve our platform — Analyze usage patterns, troubleshoot issues, and develop new features
  • Marketing — Send promotional content about new features and offers (only with your consent; you may opt out anytime)

4. Who We Share Your Data With

We share your data only as necessary to provide our Services or comply with legal obligations:

  • KYC Verification Providers — Third-party identity verification services that process your ID documents and selfie to confirm your identity
  • Card Issuing Partners (BIN Sponsors) — Licensed financial institutions authorized by Visa and Mastercard who issue Virtual Cards on our behalf and process card transactions
  • Payment Processors — Services that facilitate Mobile Money transactions, stablecoin transfers, and eWallet deposits/withdrawals
  • Regulatory and Law Enforcement Authorities — When required by law, regulation, court order, or to prevent financial crime

We do not sell your personal information. We do not share your data with advertisers or unrelated third parties.

5. Data Security

We implement the following measures to protect your information:

  • Encryption — Data in transit is encrypted using TLS; sensitive data at rest is encrypted
  • Access controls — Strict role-based access to customer data with multi-factor authentication for staff
  • Monitoring — Continuous security monitoring and intrusion detection
  • Audits — Regular security assessments and vulnerability testing
  • Card data — Virtual Card data is handled in compliance with Payment Card Industry (PCI DSS) standards through our BIN Sponsor partners

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Data Retention

We retain your information for as long as your Account is active. After Account closure, all data is retained for a minimum of 5 years in accordance with our AML Policy and applicable anti-money laundering regulations in our operating jurisdictions (Tanzania, DR Congo, Ivory Coast). After the 5-year retention period, your data is permanently deleted.

7. Data Deletion and Your Rights

Requesting Data Deletion

You may request deletion of your data at any time by contacting [email protected]. Due to AML regulatory requirements, all customer data is retained for 5 years following Account closure. After the retention period expires, your data is permanently deleted. We will confirm receipt of your request and inform you of the applicable deletion timeline.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate or incomplete data
  • Objection — Object to processing of your data for specific purposes
  • Portability — Request your data in a structured, machine-readable format
  • Withdraw consent — Withdraw consent for marketing communications at any time
  • Restriction — Request limitation of processing in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. International Transfers

Your data may be transferred to and processed in countries other than your own, including Tanzania, DR Congo, Ivory Coast, and countries where our KYC providers, payment processors, and card issuing partners operate.

When transferring data internationally, we ensure appropriate safeguards are in place through contractual protections with our service providers.

9. Cookies and Tracking

We use cookies and similar technologies to operate our Website, remember your preferences, and analyze usage. For full details, see our Cookie Policy.

You can manage cookie preferences through your browser settings. Blocking essential cookies may affect the functionality of our Services.

10. Children’s Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that we have collected data from a person under 18, we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification at least 30 days before taking effect. Continued use of our Services after the effective date constitutes acceptance of the updated policy.

12. Contact

For privacy-related inquiries or to exercise your data rights: