Privacy Policy

SaccoSuite provides management software for SACCOs, Credit Unions, microfinance institutions, and their members. This Privacy Policy explains how information is handled when you visit our website, use the SaccoSuite web platform or mobile application, or communicate with us through support and contact channels.

SaccoSuite is operated by the SaccoSuite/Pivosoft team. We provide the technology used by customer SACCOs and financial organisations to manage their services. Depending on the context, the organisation you belong to may decide why and how member information is processed, while SaccoSuite processes that information to provide and secure the service.

We may receive information:

• Directly from you when you register, sign in, complete a form, upload a document, or contact support.
• From authorised staff or administrators of the SACCO or organisation that manages your account.
• When records are created or generated through use of the platform and mobile app.
• Automatically for authentication, security, diagnostics, service reliability, and improvement.
• Through website contact, support, and demo request channels.

• Provide, maintain, and support SaccoSuite services.
• Authenticate users and manage authorised access.
• Manage member accounts and process savings, loans, shares, fixed deposits, repayments, and transactions.
• Support identity and KYC verification processes.
• Deliver service notifications, reminders, alerts, and support responses.
• Maintain audit records, improve security, and prevent fraud, misuse, or unauthorised access.
• Meet legal, regulatory, contractual, accounting, and reporting obligations.
• Diagnose faults and improve website, platform, and mobile app performance.

Depending on the service, country, and relationship involved, information may be processed to provide contracted services to a SACCO or organisation, on that organisation's instructions, with consent where required, for legitimate operational and security interests, or to meet legal and regulatory obligations.

We may disclose relevant information to the following parties when necessary for the purposes described in this policy:

• The SACCO or organisation that manages your account and its authorised staff.
• Hosting, cloud infrastructure, backup, email, SMS, notification, support, analytics, and error-monitoring providers where used.
• Professional advisers, auditors, regulators, courts, or law-enforcement authorities where legally required.
• A successor organisation as part of a lawful merger, acquisition, restructuring, or transfer of the service, subject to appropriate safeguards.

SaccoSuite does not sell personal information and does not share it with unrelated third parties for their own direct marketing purposes.

Customer SACCOs and organisations are responsible for the member and operational information they enter, collect, and manage in SaccoSuite. They are responsible for providing appropriate notices, obtaining required permissions or consent, keeping records accurate, assigning authorised access, and responding to member requests where they control the data. Members may need to contact their SACCO first about records managed by that organisation.

We use reasonable technical and organisational safeguards designed to protect information. These may include access controls, authentication, tenant data isolation, secure development and storage practices, backups, monitoring, and audit logs where applicable. Access is limited according to roles and operational need.

While we take reasonable steps to protect information, no method of transmission or storage is completely secure. Users and organisations must also protect credentials, devices, integrations, and authorised access.

Information is retained for as long as needed to provide the service, maintain security and audit history, resolve disputes, and meet financial, contractual, legal, or regulatory obligations. Retention periods can differ by record type and customer requirements. Organisations may request correction, export, or deletion subject to applicable law, contractual obligations, backup cycles, and system integrity requirements.

Subject to applicable law, you may have rights to access your personal information, request correction or deletion, withdraw consent where processing relies on consent, or object to or restrict certain processing.

For member records, contact your SACCO or organisation first because it usually controls those records. You may also contact SaccoSuite for privacy questions or help directing a request. We may need to verify your identity before acting on a request, and some records may need to be retained by law.

SaccoSuite is not intended for independent use by children below the age required by applicable law. SACCOs and organisations should not submit children's information unless it is legally authorised, necessary for a permitted service, and handled with appropriate consent and safeguards.

Our website and web platform may use cookies or similar technologies for essential functionality, authentication, security, preferences, performance, and user experience. We may also use analytics or error-monitoring tools where enabled. Browser settings can restrict some cookies, but disabling essential storage may prevent parts of the service from working correctly.

The website, platform, or mobile app may link to third-party websites or services. Their privacy practices are governed by their own policies, and SaccoSuite is not responsible for content or privacy practices outside services we control.

Hosting, communications, support, or other service providers may process information in countries other than the one where a user or organisation is located. Where required, we and our customers use appropriate contractual, technical, or organisational safeguards for those transfers.

We may update this Privacy Policy when our services, legal requirements, or privacy practices change. The effective date at the top of this page will be revised when an update is published. Material changes may also be communicated through the service or other appropriate channels.