Privacy Policy

Vikoba is a digital savings-circle platform operated by TukiTech Limited, a company registered in Tanzania. This Privacy Policy explains how we collect, use, store, and share information about you when you use the Vikoba mobile application and website (collectively, the "Service").

Our registered address is Dar es Salaam, Tanzania. You can contact us at privacy@vikoba.co.tz with any privacy-related questions.

Account information: When you register, we collect your full name, phone number, email address, national ID number (for KYC verification), and a profile photo if you choose to provide one.

Financial information: We record contribution amounts, payout amounts, mobile money account identifiers (e.g. M-Pesa number), and transaction references. We do not store full mobile money credentials or PINs.

Group data: We collect information about groups you create or join, including group names, member lists, contribution schedules, and payout histories.

Device and usage data: We collect device identifiers, operating system version, app version, IP address, and anonymised usage events (e.g. screens visited, features used) to improve the Service.

Communications: If you contact our support team, we retain the content of those communications.

To provide the Service: We use your information to operate your account, manage group memberships, process and record contributions and payouts, and facilitate mobile money transactions via our payment partners.

Identity verification: We use national ID data and the associated document verification service to perform KYC checks required by applicable law and to reduce fraud.

Notifications: We use your phone number and device token to send contribution reminders, payout confirmations, and important account alerts.

Improvement: We use aggregated and anonymised usage data to understand how the Service is used and to develop new features.

Legal obligations: We may process your data to comply with obligations under Tanzanian law, including reporting requirements imposed by the Bank of Tanzania or other regulators.

With group members: Your name and contribution/payout status are visible to all members of your savings groups. This transparency is fundamental to the tontine model and is a condition of participating in a Vikoba group.

Mobile money providers: To execute payments, we share your phone number and transaction amount with your selected mobile money provider (Vodacom/M-Pesa, Tigo, Airtel).

KYC partner: We share document images and personal details with our identity verification partner to complete the KYC process. This partner is contractually bound to process data only for verification purposes.

Infrastructure providers: Our data is hosted on servers operated by Hetzner AG (Germany/Finland). Hetzner processes data under GDPR-compliant data processing agreements.

We do not sell your personal data to third parties for marketing purposes.

Account data: Retained for the duration of your account plus 7 years after account closure, as required by Tanzanian financial record-keeping regulations.

Transaction records: Retained for 10 years from the date of the transaction.

Usage logs: Anonymised after 90 days and fully deleted after 2 years.

You may request deletion of your account data at any time. Where data must be retained for legal or regulatory reasons, we will inform you of the minimum retention period.

You have the right to: (a) access a copy of the personal data we hold about you; (b) correct inaccurate data; (c) request deletion of data we are not legally required to retain; (d) object to certain processing; (e) receive your data in a portable format.

To exercise any of these rights, email privacy@vikoba.co.tz. We will respond within 30 days. We may ask you to verify your identity before fulfilling a request.

We use TLS 1.3 for all data in transit and AES-256 encryption for data at rest. Access to personal data is restricted to employees who need it to perform their duties, under role-based access controls.

Despite these measures, no system is completely secure. If you believe your account has been compromised, contact us immediately at security@vikoba.co.tz.

The Vikoba website uses essential cookies for session management. We use Plausible Analytics, a privacy-preserving analytics tool that does not use cookies and does not collect personal identifiers.

The Vikoba mobile app does not use cookies.

The Service is not directed at persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has created an account, please contact us and we will delete the account promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the app and update the 'Last updated' date below. Continued use of the Service after the effective date constitutes acceptance of the revised policy.

For privacy-related questions or complaints: privacy@vikoba.co.tz

For security disclosures: security@vikoba.co.tz

For general inquiries: hello@vikoba.co.tz

TukiTech Limited, Dar es Salaam, Tanzania.