Privacy Policy

Last updated: June 16, 2026

DetectPay ("we", "us", or "our") operates the DetectPay mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect your information when you use our App.

1. Information We Collect

We collect the following types of information:

• Account information: Your phone number and name when you register.
• Location data: Your approximate GPS location is used to find nearby merchants. We do not store your location on our servers — it is only used in the moment to show you nearby merchants.
• Payment data: Transaction amounts, M-PESA receipt numbers, and merchant identifiers. We do not store your M-PESA PIN or full payment credentials.
• Device information: Device type and operating system version for app compatibility.
• Usage data: App interactions such as screens visited and features used, to improve the App.

2. How We Use Your Information

• To process M-PESA payments to merchants near you.
• To show you verified merchants in your vicinity.
• To send payment confirmation notifications.
• To handle complaints and support requests.
• To comply with applicable Kenyan laws and Safaricom Daraja API requirements.

3. Location Data

The App requests access to your device's location (GPS) to detect nearby merchants. Location is used only in real time and is never stored on our servers. You can deny location permission, but the merchant discovery feature will not work without it. QR code scanning works without location permission.

4. M-PESA Payments

Payments are processed through Safaricom's M-PESA Daraja API. When you make a payment, an STK push is sent to your phone number. You enter your M-PESA PIN directly on your phone — DetectPay never sees or stores your PIN. Transaction records (amount, receipt number, merchant) are stored to provide you with payment history.

5. Data Sharing

We do not sell your personal data. We share data only with:

• Safaricom: To process M-PESA payments via the Daraja API.
• Supabase: Our database and backend provider, hosted in the EU.
• Firebase (Google): For push notifications and app analytics.

6. Data Retention

Transaction records are retained for 7 years as required by Kenyan financial regulations. You may request deletion of your account and personal data by contacting us at support@detectpay.co.ke. Transaction records required by law cannot be deleted.

7. Security

We use industry-standard security measures including TLS encryption for all data in transit, certificate pinning in the App, and row-level security on our database. No method of transmission over the internet is 100% secure, but we take all reasonable steps to protect your data.

8. Children's Privacy

DetectPay is not intended for users under the age of 18. We do not knowingly collect data from children.

9. Your Rights

You have the right to access, correct, or delete your personal data. To exercise these rights, contact us at support@detectpay.co.ke.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes via the App. Continued use of the App after changes means you accept the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, contact us at:

support@detectpay.co.ke
DetectPay, Nairobi, Kenya