MacraPay Privacy Policy

1. Introduction

MacraPay, operated by Macra Systems, located at 1st Floor, Venus Complex, along Northern Bypass, Nairobi, Kenya, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our website (https://macrapay.com), mobile applications, or related payment processing services (collectively, the "Services"). By using our Services, you consent to the practices described in this policy.

As a PCI-DSS Level 1 compliant platform licensed by the Central Bank of Kenya, we prioritize the security and confidentiality of your data. Questions about this policy can be directed to privacy@macrapay.com.

2. Data We Collect

We collect the following types of data:

• Personal Information: Name, email address, phone number, business details, and identification documents provided during account registration or verification.
• Financial Information: Payment details, such as mobile money account numbers, bank account details, or credit/debit card information (processed securely via PCI-DSS compliant systems).
• Transaction Data: Details of payments processed, including amounts, dates, recipient information, and transaction IDs.
• Usage Data: Information about how you interact with our Services, such as IP address, device type, browser, pages visited, and analytics dashboard activity.
• Communication Data: Correspondence with our support team or inquiries submitted via email, phone, or our website.

3. How We Use Your Data

We use your data to:

• Provide and improve our Services, including processing payments, facilitating withdrawals, and generating analytics reports.
• Verify your identity and comply with anti-money laundering (AML) and know-your-customer (KYC) regulations.
• Communicate with you regarding account updates, transaction confirmations, or support inquiries.
• Analyze usage patterns to enhance user experience and optimize our platform.
• Send promotional offers or updates about MacraPay, where permitted and with your consent (you may opt out at any time).
• Ensure compliance with legal and regulatory obligations.

4. Data Sharing

We may share your data with:

• Service Providers: Third-party vendors who assist with payment processing, analytics, or customer support, all of whom are bound by confidentiality agreements.
• Financial Institutions: Banks, mobile money providers (e.g., M-Pesa), or card networks (e.g., Visa, Mastercard) to process transactions.
• Regulatory Authorities: As required by law, such as for AML, tax reporting, or Central Bank of Kenya compliance.
• Legal Processes: In response to court orders, subpoenas, or to protect our rights, property, or safety.

We do not sell your personal data to third parties for marketing purposes.

5. Data Security

MacraPay employs industry-standard security measures, including 256-bit SSL encryption and PCI-DSS Level 1 compliance, to protect your data. However, no system is completely secure, and we cannot guarantee absolute security. You are responsible for safeguarding your account credentials and reporting any security concerns to privacy@macrapay.com.

6. Your Rights

Subject to applicable laws (e.g., Kenya’s Data Protection Act), you have the right to:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Deletion: Request deletion of your data, subject to legal retention requirements.
• Restriction: Limit how we process your data in certain circumstances.
• Objection: Object to processing for marketing or other purposes.
• Data Portability: Receive your data in a structured, machine-readable format.

To exercise these rights, contact privacy@macrapay.com. We will respond within 30 days, subject to verification of your identity.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and deliver personalized content. Cookies may include:

• Essential Cookies: Necessary for the operation of our Services.
• Analytics Cookies: Track site performance and user behavior.
• Marketing Cookies: Deliver tailored advertisements, with your consent.

You can manage cookie preferences via your browser settings or our cookie consent tool on the website.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law (e.g., for AML or tax compliance). Transaction data may be retained for up to 7 years to meet regulatory requirements. Inactive accounts may be deleted after 12 months, subject to legal obligations.

9. Third-Party Services

Our Services may include links to third-party websites or services (e.g., M-Pesa, Visa). We are not responsible for their privacy practices. Please review their privacy policies before sharing data.

10. International Data Transfers

As a global payment platform, we may transfer data to countries outside Kenya (e.g., for card payment processing). We ensure such transfers comply with applicable data protection laws, using safeguards like standard contractual clauses or PCI-DSS compliance.

11. Children’s Privacy

Our Services are not intended for individuals under 18. We do not knowingly collect data from children. If you believe a child’s data has been collected, contact us at privacy@macrapay.com to request deletion.

12. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Updates will be posted on our website, and significant changes will be communicated via email or through the Services with at least 14 days’ notice. Continued use of the Services constitutes acceptance of the updated policy.

13. Contact Information

For questions or concerns about this Privacy Policy, contact us at:

• Email: privacy@macrapay.com
• Address: Macra Systems, 1st Floor, Venus Complex, along Northern Bypass, Nairobi, Kenya
• Phone: Available via https://macrapay.com