Privacy Policy

Last Updated: May 6, 2026

Your privacy matters. Learn how LendSmart protects your personal and financial information.

πŸ“‘ Table of Contents

1. Introduction

LendSmart ("we," "us," "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our intelligent lending platform, including our website, client portal, business portal, and related services (collectively, the "Platform").

By using LendSmart, you consent to the data practices described in this policy. We comply with Rwanda's Law No. 058/2021 on Personal Data Protection and applicable international standards.

πŸ”’ Our Commitment: We never sell your personal data to third parties. Your trust is our most valuable asset.

2. Information We Collect

A. Information You Provide Directly

  • Identity Data: Full name, date of birth, national ID number, passport details, and government-issued identification.
  • Contact Data: Email address, phone number, physical address, and emergency contact information.
  • Financial Data: Bank account details, mobile money account information, income sources, employment details, credit history, and existing debt obligations.
  • Application Data: Loan purpose, business registration documents (for business clients), tax identification numbers, financial statements, and collateral information.
  • Communication Data: Messages sent to support, chat history, dispute filings, and survey responses.

B. Information Collected Automatically

  • Usage Data: IP address, device type, browser version, operating system, access times, pages viewed, features used, and navigation paths.
  • Transaction Data: Loan applications, approval decisions, payment history, repayment schedules, and account activity logs.
  • Location Data: Approximate location derived from IP address (for fraud detection and compliance).
  • AI Interaction Data: Anonymized data from our AI-powered credit assessment and fraud detection systems.

C. Information from Third Parties

  • Credit Reference Bureaus: Credit scores, existing loan information, and repayment history.
  • Mobile Money Providers: Transaction verification and payment confirmation (MTN, Airtel).
  • Government Databases: Identity verification where required (National ID Agency, RRA).
  • Employers/Banks: Income verification for loan applications (with your consent).

3. How We Use Your Information

Purpose Description Legal Basis
Loan Processing Evaluate applications, determine creditworthiness, approve loans, disburse funds Contract performance
Account Management Create and maintain accounts, process payments, manage repayment schedules Contract performance
Fraud Prevention Detect and prevent fraudulent applications, identity theft, money laundering Legal obligation / Legitimate interests
AI Services Credit scoring algorithms, risk assessment, automated decision-making Legitimate interests
Communications Send payment reminders, approval notifications, policy updates, marketing (with consent) Contract performance / Consent
Legal Compliance Report to regulators, respond to court orders, comply with tax laws Legal obligation

4. Legal Basis for Processing

Under Rwandan data protection law, we rely on the following legal bases:

  • Contract Performance: Processing necessary to provide loan services, process payments, and manage your account.
  • Legal Obligation: Processing required for compliance with financial regulations, anti-money laundering laws, and court orders.
  • Legitimate Interests: Fraud prevention, platform security, business analytics, and AI model improvement.
  • Consent: Marketing communications, optional data sharing, and certain AI processing features.

5. Data Sharing & Disclosure

We do not sell your personal data. We may share your information with:

Recipient Purpose Safeguards
Credit Reference Bureaus Reporting and checking credit history Data protection agreements
Mobile Money Operators (MTN, Airtel) Processing payments and disbursements Encrypted transmission
Service Providers Cloud hosting, analytics, customer support tools Data processing agreements
Regulators (BNR, RRA, NCSA) Compliance reporting, audits, legal requests Legal obligation
Collection Agencies Debt recovery (defaulted loans only) Limited to necessary data

6. Data Retention

  • Active Accounts: Data retained for duration of account plus 5 years for financial audit and regulatory compliance.
  • Closed Accounts: Personal data anonymized or deleted within 90 days, except:
    • Transaction records: retained for 7 years (BNR requirement)
    • Loan records with outstanding balances: retained until fully repaid plus 3 years
    • Dispute-related data: retained until resolution plus 2 years
  • AI Model Training: Anonymized data retained for model improvement (cannot be traced to individuals).

7. Data Security

We implement enterprise-grade security measures:

  • Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication for sensitive roles
  • Monitoring: 24/7 intrusion detection, fraud monitoring systems
  • Backups: Daily encrypted backups with offsite storage
  • Audits: Regular security assessments and penetration testing
⚠️ Important: While we implement strong security, no system is 100% secure. In the event of a data breach, we will notify affected users and the National Cyber Security Authority within 72 hours.

8. Your Rights

πŸ”

Right to Access

Request a copy of all personal data we hold about you.

✏️

Right to Rectification

Correct inaccurate or incomplete data.

πŸ—‘οΈ

Right to Erasure

Request deletion of your data (subject to legal retention).

⏸️

Right to Restrict Processing

Limit how we use your data.

πŸ“₯

Right to Data Portability

Receive your data in a structured format (CSV, JSON).

🚫

Right to Object

Opt out of AI-based decisions or automated processing.

To exercise any right, contact our Data Protection Officer at dpo@lendsmart.rw. We respond within 30 days.

9. Children's Privacy

LendSmart is not intended for individuals under 18. We do not knowingly collect data from minors. If we discover such data, we will delete it immediately.

10. International Data Transfers

Your data is primarily stored on servers in Rwanda. For services requiring international processing (e.g., cloud analytics), we ensure appropriate safeguards including Standard Contractual Clauses and data processing agreements that comply with Rwandan law.

11. Cookies & Tracking Technologies

  • Essential Cookies: Required for authentication and platform functionality (cannot be disabled).
  • Analytics Cookies: Help us improve the platform (optional, consent required).
  • Preference Cookies: Remember your settings (optional).

You can manage cookie preferences via your browser settings or our cookie consent banner.

12. Third-Party Links

Our Platform may contain links to external websites (e.g., payment gateways, partner sites). We are not responsible for their privacy practices. Please review their policies separately.

13. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices or legal requirements. Material changes will be notified via email and platform notification. Continued use after changes constitutes acceptance.

14. Contact Information

Data Protection Officer (DPO)
LendSmart Headquarters
KG 13 Avenue 22, Kigali, Rwanda

Email: info@lendsmart.rw
Phone: +250 791904002

↑ Back to Top