Legal

Privacy Policy

How we collect, use, store, and protect your personal information.

Last updated: January 1, 2026

Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Info
  4. Data Sharing
  5. Storage & Security
  6. Data Retention
  7. Your Rights
  8. Children's Privacy
  9. Third-Party Links
  10. Changes
  11. Contact Us

1. Introduction

GlobiPay ("we", "us", "our"), operated by Globiz, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Platform").

By using GlobiPay, you consent to the data practices described in this policy. If you do not agree with the terms, please do not access or use the Platform.

2. Information We Collect

We collect information in the following ways:

a) Information You Provide

  • Account information: name, email address, and profile photo (via Google or Apple sign-in)
  • Payment information: M-Pesa phone number, bank account details, card information (processed via secure payment gateways — we do not store full card numbers)
  • Transaction data: escrow deal details, event ticket purchases, contribution pool activity
  • KYC documents: national ID, passport, or other government-issued identification when required for verification
  • Communications: messages, feedback, and support requests you send us

b) Information Collected Automatically

  • Device information: device type, operating system, unique device identifiers
  • Usage data: features accessed, pages viewed, session duration, app interactions
  • Location data: general location based on IP address (we do not collect precise GPS location without consent)
  • Log data: server logs, error reports, and performance metrics

3. How We Use Your Information

We use your personal data to:

  • Create and manage your GlobiPay account
  • Process escrow transactions, event ticket purchases, and contribution pool payments
  • Facilitate M-Pesa STK Push and card payments
  • Verify your identity for regulatory compliance (KYC/AML)
  • Send transaction confirmations, receipts, and important service notifications
  • Detect and prevent fraud, money laundering, and unauthorised activity
  • Improve our Platform, develop new features, and analyse usage patterns
  • Respond to your support requests and communications
  • Comply with legal obligations and regulatory requirements

4. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

  • Payment Partners: Safaricom (M-Pesa) — only the data necessary to complete your transactions
  • Service Providers: Firebase (authentication, cloud storage), hosting providers, and analytics tools that help us operate the Platform
  • Legal Authorities: When required by law, court order, or government regulation, or to protect our rights, safety, and property
  • Transaction Counterparties: Limited information shared with other users as necessary to complete escrow deals or contribution pools (e.g., name displayed to transaction partner)

5. Data Storage & Security

Your data is stored on secure servers with the following protections:

  • End-to-end encryption for data in transit (TLS/SSL)
  • Encryption at rest for sensitive data stored in our databases
  • Firebase Authentication for secure identity management
  • Regular security audits and vulnerability assessments
  • Access controls limiting data access to authorised personnel only

While we implement industry-standard security measures, no system is 100% secure. We encourage users to use strong, unique passwords and keep their devices secure.

6. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specific retention periods:

  • Account data: retained while your account is active, deleted within 90 days of account deletion request
  • Transaction records: retained for 7 years as required by financial regulations
  • KYC documents: retained for the duration of the business relationship plus 5 years
  • Usage analytics: aggregated and anonymised data may be retained indefinitely

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a machine-readable format
  • Objection: Object to certain processing activities
  • Withdraw Consent: Withdraw consent at any time where processing is based on consent

To exercise your rights, contact us at globiz2025@gmail.com.

8. Children's Privacy

GlobiPay is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we discover that we have collected data from a child under 18, we will delete it promptly.

9. Third-Party Links

Our Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing personal information.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated through the app or via email. The "Last updated" date at the top reflects the most recent revision.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, contact us at: