Privacy Policy

LendRate Africa

Effective Date: 1st May 2026

Website: lendrate.africa

Contact: info@lendrate.africa

1. Introduction

LendRate Africa (“LendRate,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you access or use our website, platform, dashboards, SME financing workflows, investor services, transaction assessment tools, opportunity listing processes, payment workflows, escrow or custody arrangements, settlement, reconciliation, reporting, and related services.

This Policy is intended to comply with the Kenya Data Protection Act, 2019, which provides rights to data subjects and obligations for data controllers and processors. The Office of the Data Protection Commissioner recognises rights including the right to be informed, access personal data, object to processing, request correction, and request deletion of false or misleading data. (ODPC)

By using lendrate.africa or any LendRate service, you agree to the practices described in this Privacy Policy.

2. Who This Policy Applies To

This Policy applies to:

  • SMEs, business owners, directors, staff, and authorised representatives using LendRate to request or manage LPO financing.
  • Investors, capital providers, and authorised representatives using LendRate to review, fund, or monitor investment opportunities.
  • Banking, payment, escrow, custody, settlement, verification, and other approved service partners supporting platform workflows.
  • Visitors to lendrate.africa.
  • Administrators, support users, and authorised platform users.
  • Any person whose data is submitted through the platform by an authorised user, including buyer, customer, director, shareholder, employee, supplier, or transaction-related contact information.

3. Information We Collect

We may collect the following categories of information.

3.1 Account and Identity Information

This may include:

  • Full name.
  • Email address.
  • Phone number.
  • National ID, passport, registration details, or other identification information where required.
  • Business name, trading name, business registration number, tax PIN, and related business information.
  • Contact person details.
  • User role, permissions, and organisation affiliation.
  • Login, access, and account activity information.

3.2 SME and Financing Information

For SME onboarding, transaction assessment, financing review, repayment tracking, and platform management, we may collect:

  • Business details.
  • Director, shareholder, or beneficial ownership information.
  • KYC and KYB documents.
  • Financial profile information.
  • Purchase order, LPO, contract, invoice, or buyer-related information.
  • Financing request details.
  • Transaction structure and expected repayment information.
  • Repayment records.
  • Communication history.
  • Risk assessment information.
  • Supporting documents submitted during onboarding, transaction review, or financing processing.

3.3 Investor Information

For investor onboarding, account management, capital allocation, transaction tracking, reporting, and support, we may collect:

  • Personal or organisation details.
  • KYC, KYB, or verification documents.
  • Account, wallet, settlement, or payment information.
  • Investment preferences.
  • Funding history.
  • Transaction history.
  • Payment confirmation details.
  • Reporting and reconciliation records.
  • Communication and support history.

3.4 Partner, Platform, and Administrative Information

For banking, payment, escrow, custody, settlement, verification, operational, or administrative partners using or supporting LendRate workflows, we may collect:

  • Organisation details.
  • Staff user information.
  • User roles, permissions, and access rights.
  • Platform configuration details.
  • Transaction, settlement, reconciliation, and reporting records.
  • Subscription, billing, or service fee information where applicable.
  • Support, activity, audit, and security logs.

3.5 Payment, Escrow, Custody, Settlement, and Transaction Information

We may collect or process payment-related and transaction-related information directly or through approved third-party service providers, including:

  • Payment reference numbers.
  • Transaction status.
  • Amount paid, funded, settled, repaid, or reconciled.
  • Payment method.
  • Date and time of transaction.
  • Account, wallet, escrow, custody, or settlement references.
  • Reconciliation and reporting records.
  • Subscription or service fee records.

We do not intend to store full card details or sensitive payment credentials unless expressly disclosed and handled through a compliant payment provider.

3.6 Technical and Usage Data

When you use the platform, we may collect:

  • IP address.
  • Browser type.
  • Device information.
  • Login timestamps.
  • Pages visited.
  • Session activity.
  • Error logs.
  • Security and access logs.
  • Cookies or similar tracking data.
  • Platform usage and performance information.

3.7 Communications

We may collect information when you contact us by email, phone, support forms, chat, or other communication channels.

This may include your name, contact details, message content, attachments, support requests, feedback, complaints, and related communication history.

4. How We Collect Information

We collect information:

  • Directly from you during registration, login, verification, onboarding, payment, support, or platform use.
  • From SMEs, investors, authorised organisation representatives, buyers, partners, or other users who submit information through the platform.
  • From third-party service providers, including payment processors, escrow or custody partners, banking partners, email providers, verification providers, hosting providers, analytics tools, and security tools.
  • Automatically through cookies, logs, and platform activity tracking.
  • From publicly available sources where lawful and relevant.
  • From legal, regulatory, audit, or compliance sources where necessary for platform operations, risk management, or legal compliance.

5. Why We Use Your Information

We process personal data for the following purposes:

  • To create and manage user accounts.
  • To verify identity, business ownership, account ownership, and user authority.
  • To onboard SMEs, investors, partners, administrators, and authorised organisation users.
  • To assess SME financing requests linked to confirmed purchase orders, LPOs, contracts, invoices, or related business transactions.
  • To support opportunity listing, transaction structuring, capital allocation, repayment tracking, settlement, reconciliation, and reporting workflows.
  • To process payments and reconcile transactions.
  • To support escrow, custody, banking, settlement, and payment partner workflows where applicable.
  • To send OTPs, verification codes, security alerts, and service notifications.
  • To provide customer support.
  • To manage dashboards, SME records, investor records, partner records, transaction records, and platform workflows.
  • To detect fraud, misuse, unauthorised access, money laundering, security threats, and prohibited activity.
  • To comply with legal, regulatory, tax, audit, accounting, and reporting obligations.
  • To improve platform performance, usability, reliability, security, and user experience.
  • To enforce our Terms of Service, agreements, policies, and platform rules.
  • To send important operational communications.

Where automated decision-making or profiling significantly affects a user, applicable data protection law may give data subjects protections, including the ability to request reconsideration in certain circumstances.

6. Legal Basis for Processing

We may process personal data based on one or more of the following legal grounds:

  • Your consent.
  • Performance of a contract with you.
  • Compliance with a legal obligation.
  • Our legitimate business interests.
  • Protection of vital interests.
  • Performance of a task carried out in the public interest, where applicable.
  • Establishment, exercise, or defence of legal claims.

7. Sharing of Information

We may share your information with:

  • SMEs, investors, or authorised representatives where required for platform workflows.
  • Banking, payment, escrow, custody, settlement, or reconciliation partners.
  • Payment processors.
  • Email and notification providers.
  • Hosting, cloud, and infrastructure providers.
  • KYC, KYB, identity verification, fraud prevention, or risk assessment providers.
  • Legal, audit, accounting, tax, and compliance advisers.
  • Regulators, law enforcement, courts, or government authorities where required by law.
  • Business partners where necessary to deliver services and where appropriate safeguards are in place.
  • Buyers, customers, suppliers, or transaction counterparties where required to verify or support a financing transaction, subject to applicable law and platform controls.

We do not sell personal data to third parties.

Where we share personal data, we take reasonable steps to ensure that the information is shared only for legitimate purposes and subject to appropriate confidentiality, security, and data protection safeguards.

8. Data Security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include:

  • Password hashing.
  • Access controls.
  • Role-based permissions.
  • OTP or multi-factor verification.
  • Audit logs.
  • Encryption where appropriate.
  • Secure hosting practices.
  • Security monitoring.
  • Regular review of platform access and permissions.
  • Internal controls for handling sensitive transaction and account information.

However, no digital system is completely secure. Users are responsible for keeping their login credentials confidential and notifying us immediately of suspected unauthorised access, fraud, or account compromise.

9. Data Retention

We retain personal data only for as long as necessary for the purposes described in this Policy, including:

  • Account management.
  • Service delivery.
  • Transaction processing.
  • Settlement, reconciliation, and reporting.
  • Legal and regulatory compliance.
  • Tax, accounting, audit, and dispute resolution.
  • Fraud prevention and security monitoring.
  • Enforcement of agreements.
  • Record-keeping for financing, investment, payment, escrow, custody, or partner workflows.

Where data is no longer required, we will delete, anonymise, archive, or securely dispose of it in accordance with applicable law and internal retention procedures.

10. Your Rights

Subject to applicable law, you may have the right to:

  • Be informed about how your data is used.
  • Access your personal data.
  • Request correction of inaccurate or incomplete data.
  • Request deletion of your data where legally permitted.
  • Object to processing of your data.
  • Restrict processing in certain circumstances.
  • Withdraw consent where processing is based on consent.
  • Object to certain automated decisions.
  • Request data portability where applicable.
  • Lodge a complaint with the Office of the Data Protection Commissioner.

To exercise your rights, contact us using the details provided in Section 17.

We may need to verify your identity before responding to a data request. Some requests may be limited by legal, regulatory, contractual, audit, tax, security, fraud prevention, or transaction record-keeping obligations.

11. Cookies and Tracking Technologies

We may use cookies and similar technologies to:

  • Keep users logged in.
  • Improve platform performance.
  • Understand usage patterns.
  • Secure user sessions.
  • Remember user preferences.
  • Support analytics and troubleshooting.
  • Improve website and platform functionality.

You may disable cookies through your browser settings, but some parts of the platform may not function properly.

12. International Data Transfers

Some service providers may process or store data outside Kenya.

Where we transfer personal data outside Kenya, we will take reasonable steps to ensure appropriate safeguards are in place in accordance with applicable data protection laws.

13. Children’s Privacy

LendRate Africa is not intended for use by children.

Users must be at least 18 years old or otherwise legally capable of entering into binding agreements. We do not knowingly collect personal data from children.

14. Data Breach Notification

Where a data breach occurs, we will assess the risk and take appropriate action, including notifying affected users and/or the Office of the Data Protection Commissioner where required by law.

15. Third-Party Links and Services

Our website or platform may contain links to third-party websites, payment providers, verification services, banking partners, escrow or custody partners, or other partner platforms.

We are not responsible for the privacy practices, content, security, or policies of third parties. We encourage users to review the privacy policies of any third-party services they access.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The updated version will be posted on lendrate.africa with a revised effective date. Continued use of the platform after changes means you accept the updated Policy.

17. Contact Us

For questions, privacy requests, or complaints, contact us at:

LendRate Africa

Email: info@lendrate.africa

Website: lendrate.africa