Nsimbi Impact Privacy Policy

Last updated: January 2026

This Privacy Policy describes how personal data is collected, used, shared, and protected when you use Nsimbi Impact’s platforms. Any updates to this policy will be published on this page.

1. Who collects and processes personal data?

1.1 Nsimbi Impact as Data Controller

Nsimbi Impact Limited (“Nsimbi”, “we”, “us”, or “our”), together with its affiliates and implementing partners, provides inclusive financial services to women-led micro and small enterprises. Nsimbi acts as a data controller (or “data fiduciary”) with respect to the personal data of users, applicants, partners, personnel, directors, and shareholders (collectively, “data subjects”). In some cases, Nsimbi may act as a joint controller with partner organizations.

1.2 Nsimbi Impact as Data Processor

Nsimbi may partner with entrepreneur support organizations (ESOs), financial institutions, or platform partners to provide embedded or integrated financial services. In such cases, Nsimbi may act as a data processor, processing personal data according to the instructions of the partner data controller.

1.3 Nsimbi Platforms

Nsimbi provides services through:

  • The Nsimbi Impact mobile application
  • Nsimbi websites
  • SMS, USSD, or voice-enabled channels where applicable

1.4 Service Providers

Nsimbi engages trusted third-party service providers to support our operations, including:

  • Financial service providers such as banks, mobile money operators, and payment processors
  • Messaging and communication providers (SMS, email, voice services)
  • Identity verification, fraud prevention, and credit assessment services
  • Cloud hosting, data storage, analytics, and security providers
  • Customer support, collections, and professional service providers (legal, audit, advisory)

1.5 Partners

Nsimbi partners with organizations to deliver financial and business support services, including:

  • Entrepreneur support organizations (ESOs)
  • Financial institutions and payment service providers
  • Market access platforms and business service providers

1.6 Legal and Regulatory Disclosures

We may disclose personal data where required to:

  • Credit reference bureaus
  • Regulatory authorities, courts, or law enforcement agencies
  • Tax and supervisory authorities
  • Protect Nsimbi’s legal rights, users, or the public

In the event of a merger, restructuring, or asset transfer, personal data may be transferred in accordance with applicable law.

2. What personal data do we collect?

2.1 User and Applicant Data

  • Identification data (name, ID number, date of birth)
  • Contact information (phone number, email, address)
  • Business information (business name, sector, revenue indicators)
  • Financial and transaction data
  • Mobile money or payment history (where permitted)
  • Device and usage data
  • Communication records
  • Third-party data from partners or public sources

2.2 Personnel and Internal Stakeholders

  • Identification and contact data
  • Background and reference data
  • Payroll, tax, and benefits information
  • Performance and compliance data

2.3 Vendors and Service Providers

We process contact and professional information of vendor representatives for contract management and operations.

2.4 Website and App Usage Data

  • IP address and device identifiers
  • Browser and operating system data
  • App interactions, page views, and session data

3. Why do we process personal data?

3.1 Legal and Regulatory Obligations

  • Conduct Know-Your-Customer (KYC) and identity verification
  • Perform credit assessment and risk monitoring
  • Comply with anti-money laundering and counter-terrorism financing laws
  • Submit required data to credit reference bureaus
  • Comply with lawful requests from regulators and authorities

3.2 Contractual Necessity

  • Evaluate applications for financial services
  • Manage user accounts and transactions
  • Communicate with users regarding services, repayments, and support
  • Operate, secure, and improve our platforms

3.3 Legitimate Interests

  • Improve products and user experience
  • Prevent fraud and misuse
  • Conduct analytics and impact measurement
  • Communicate relevant service updates and offers

3.4 Consent

  • Use of voice, images, or testimonials
  • Participation in research or pilot programs

Consent may be withdrawn at any time, subject to legal and contractual limits.

3.5 Research and Impact Evaluation

Nsimbi may conduct or partner on research to evaluate financial inclusion outcomes. Any published research uses anonymized or aggregated data.

4. How long do we retain data?

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal and regulatory requirements. Where retention is no longer required, data is securely deleted or anonymized.

5. Where is data processed?

Nsimbi primarily operates in Uganda, with plans to expand to other emerging markets. Data may be processed and stored in secure cloud environments located in Uganda and other jurisdictions where Nsimbi or its service providers operate, subject to applicable data protection laws. Appropriate safeguards, including encryption and access controls, are applied.

6. Your rights as a data subject

  • Access your personal data
  • Correct or update inaccurate data
  • Object to or restrict processing
  • Request deletion of data
  • Request data portability
  • Object to automated decision-making

Requests can be submitted to: privacy@nsimbiimpact.com

7. How we protect personal data

  • Encryption of data in transit and at rest
  • Role-based access controls
  • Regular security monitoring and audits
  • Staff training on data protection and confidentiality

8. Changes to this policy

We may update this Privacy Policy periodically. Updates will be published on this page with a revised “Last updated” date.

9. Contact us

Nsimbi Impact
Email: privacy@nsimbiimpact.com
Website: https://nsimbiimpact.com
Location: Kampala, Uganda