Privacy Policy

Update Date: May 21, 2026

Contents

  1. Introduction
  2. Definitions
  3. How We Collect Your Personal Data
  4. Categories of Personal Data We Collect
  5. How We Use Your Personal Data
  6. How We Share Your Personal Data
  7. Third-Party Service Providers
  8. Retention of Your Personal Data
  9. Transfer of Your Personal Data
  10. Security of Your Personal Data
  11. Privacy of Minors
  12. Your Rights
  13. Links to Other Websites
  14. Changes to This Privacy Policy
  15. Contact Us

1. Introduction

This Privacy Policy explains how CASHIFY LIMITED (“Company”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects personal data when you use the Sunlit Loan mobile application, website, or related services (collectively, the “Service”).

Sunlit Loan is a digital lending service intended for eligible users in Uganda. We use personal data to provide loan application, identity verification, credit assessment, fraud prevention, account management, repayment support, customer service, and legal compliance services.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with this Privacy Policy, you should not use the Service.

This Privacy Policy is prepared with reference to applicable data protection and privacy laws, including the Uganda Data Protection and Privacy Act, 2019 and related regulations, and the General Data Protection Regulation (GDPR) where applicable.

2. Definitions

For the purposes of this Privacy Policy:

  • “You” means the individual accessing or using the Service.
  • “Account” means a unique account created for you to access the Service.
  • “Application” means the Sunlit Loan mobile application provided by CASHIFY LIMITED.
  • “Website” means the website operated by CASHIFY LIMITED and accessible at https://www.cashifylimited.com/.
  • “Company”, “we”, “us”, or “our” means CASHIFY LIMITED.
  • “Personal Data” means any information relating to an identified or identifiable person.
  • “Usage Data” means data collected automatically when you use the Service, such as app activity, diagnostic logs, and technical information.
  • “Device” means a mobile phone, tablet, or other device used to access the Service.
  • “Service Provider” means a third-party company or individual that processes data on our behalf to help us provide, secure, analyze, or improve the Service.
  • “Country” means Uganda.

3. How We Collect Your Personal Data

We collect personal data in the following ways:

3.1 Data You Provide Directly

We collect information that you provide when you register, apply for a loan, complete identity verification, update your account, contact customer support, or use other features of the Service.

This may include your name, phone number, date of birth, gender, nationality, identification information, occupation, income information, marital status, education information, emergency contact information, loan application information, repayment information, and customer support information.

3.2 Data Collected Automatically

When you use the Service, we may automatically collect limited technical and usage information necessary for account security, fraud prevention, service reliability, analytics, and troubleshooting.

This may include IP address, device model, operating system version, app version, network type, device language, login environment, crash logs, performance logs, and basic app operation logs.

3.3 Data Collected With Your Permission

Some features require your permission before we can access certain data or device functions. Depending on your use of the Service, we may request permission for camera access, user-selected images, approximate location, and push notifications.

You may manage or revoke permissions through your device settings. Please note that disabling certain permissions may limit some features of the Service, such as identity verification, fraud prevention, loan application review, or customer support.

3.4 Data From Authorized Third Parties

Where permitted by applicable law and with your authorization where required, we may receive information from identity verification providers, payment partners, credit reference bureaus, fraud prevention service providers, financial institutions, regulatory authorities, or other authorized sources.

This information may be used for identity verification, credit assessment, fraud prevention, repayment processing, dispute resolution, and legal compliance.

4. Categories of Personal Data We Collect

4.1 Account and Identity Information

We may collect your name, phone number, date of birth, gender, nationality, identification document information, identity verification result, account credentials, and account status.

We use this information to create and manage your account, verify your identity, assess eligibility, prevent fraud, and comply with legal obligations.

4.2 Loan Application and Financial Information

We may collect information related to your loan application, including employment or occupation information, income information, loan amount, loan term, repayment schedule, repayment status, payment channel information, credit assessment results, and loan history with us.

We use this information to process loan applications, assess affordability and credit risk, manage loan disbursement and repayment, prevent over-indebtedness, resolve disputes, and comply with applicable laws.

4.3 Emergency Contact Information

We do not access, scan, upload, or collect your device address book or full contact list.

When you apply for a loan, we may ask you to manually provide emergency contact information, including the contact’s name, phone number, relationship to you, and your confirmation that you have obtained the contact’s permission to provide this information.

We use emergency contact information only for account verification, fraud prevention, responsible lending, repayment communication when you are unreachable, dispute resolution, and legal compliance. We do not use emergency contact information for advertising or marketing, and we do not sell this information to third parties.

4.4 Device and Technical Information

We collect limited device and technical information necessary to protect your account, prevent fraud, assess device risk, maintain service reliability, and provide technical support.

This may include device model, operating system version, app version, IP address, network type, device language, device security status, login environment, crash logs, performance logs, and basic operation logs.

For the iOS version of Sunlit Loan, we do not collect IMEI, IMSI, Apple device serial number, call logs, SMS content, or your full contact list.

4.5 Camera and User-Selected Images

We may request access to your camera when you choose to take a photo of your identity document, complete identity verification, perform liveness verification, or submit a customer support request.

We do not record or capture images without your active initiation.

We do not scan or access your full photo library. If you choose to upload an image from your device, we only receive the specific image you select. Images are used only for identity verification, fraud prevention, customer support, dispute resolution, and legal compliance. We do not use these images for advertising or unrelated profiling.

4.6 Approximate Location

With your permission, we may collect approximate location information, such as city-level or region-level location, to confirm service availability, support fraud prevention, detect abnormal login or application patterns, assist KYC and AML controls, and comply with applicable financial or legal obligations.

We do not collect precise location unless it is necessary, clearly disclosed, and separately authorized by you.

4.7 Usage Data and Diagnostics

We may collect usage data and diagnostic information, such as pages or screens viewed, feature usage, time and date of activity, app errors, crash logs, and performance data.

We use this information to maintain and improve the Service, detect abnormal activity, troubleshoot technical issues, prevent fraud, and ensure service stability.

4.8 Communications and Customer Support Data

When you contact us, we may collect your communication content, support request details, phone number, email address, screenshots or images you choose to provide, and related records.

We use this information to respond to your requests, resolve issues, verify your account, improve our service, and maintain records of customer support interactions.

5. How We Use Your Personal Data

We may use your personal data for the following purposes:

  1. To create, verify, and manage your account.
  2. To process loan applications and assess eligibility.
  3. To verify your identity and prevent impersonation.
  4. To conduct credit assessment, affordability checks, fraud prevention, and risk control.
  5. To disburse loans, manage repayments, process payment records, and provide repayment support.
  6. To communicate with you about account activity, loan status, repayment reminders, service updates, security alerts, and customer support matters.
  7. To contact your emergency contact only where necessary, such as when you are unreachable, where repayment communication is required, where fraud is suspected, or where permitted by applicable law.
  8. To maintain, secure, monitor, analyze, troubleshoot, and improve the service.
  9. To comply with legal, regulatory, accounting, tax, AML, KYC, credit reporting, dispute resolution, and law enforcement obligations.
  10. To investigate suspicious activity, enforce our agreements, and protect the rights, safety, and property of users, the Company, and the public.
  11. To send promotional communications only where permitted by law and where you have not opted out.

We do not sell your personal data.

6. How We Share Your Personal Data

We may share your personal data only where necessary and lawful, including in the following situations:

6.1 With Service Providers

We may share personal data with trusted service providers that help us provide identity verification, fraud prevention, credit assessment, payment processing, customer support, cloud hosting, analytics, crash diagnostics, communication, and technical services.

These service providers are required to process personal data only for authorized purposes, protect the data, and not use it for unrelated purposes.

6.2 With Credit Reference Bureaus, Financial Institutions, and Authorized Partners

Where permitted by applicable law and with your authorization where required, we may share relevant identity, loan application, repayment, credit performance, and fraud prevention information with licensed credit reference bureaus, financial institutions, payment partners, fraud prevention service providers, or other authorized partners.

This sharing may be used for credit assessment, responsible lending, fraud prevention, repayment processing, dispute resolution, regulatory reporting, and legal compliance.

6.3 With Regulators, Courts, and Law Enforcement Authorities

We may disclose personal data where required by law, regulation, court order, lawful government request, or regulatory obligation.

6.4 For Business Transactions

If the Company is involved in a merger, acquisition, financing, restructuring, sale of assets, or similar business transaction, personal data may be transferred as part of that transaction. We will take reasonable steps to ensure that your personal data remains protected.

We may share your personal data for other purposes where you have given your consent.

7. Third-Party Service Providers

We may use trusted third-party service providers to support the operation of the Service. These providers may include identity verification providers, payment service providers, credit assessment and fraud prevention providers, cloud hosting providers, analytics providers, crash diagnostics providers, communication service providers, and customer support tools.

We are responsible for ensuring that third-party service providers process personal data in accordance with applicable data protection requirements and only for the purposes described in this Privacy Policy.

We do not authorize third-party service providers to sell your personal data or use it for unrelated advertising purposes.

8. Retention of Your Personal Data

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by applicable law.

Different categories of data may be retained for different periods:

  • Account, loan contract, repayment, and transaction records may be retained for as long as necessary to manage your account, perform the loan contract, comply with financial, accounting, tax, AML, credit reporting, regulatory, and dispute resolution obligations.
  • Identity verification and KYC records may be retained for as long as required for legal compliance, fraud prevention, regulatory audit, and dispute resolution.
  • Device risk records and security logs are generally retained for a limited period unless needed for fraud investigation, account security, legal claims, or regulatory compliance.
  • Usage data and diagnostic logs are generally retained for a short period unless needed for security, troubleshooting, fraud prevention, service improvement, or legal compliance.
  • Customer support records and user-selected images are retained only for as long as necessary to resolve the relevant request, verify identity, handle disputes, comply with legal obligations, or protect against fraud.

When personal data is no longer required, we will delete, anonymize, or securely archive it in accordance with applicable law and our internal data retention procedures.

9. Transfer of Your Personal Data

Your personal data may be processed at our operating offices, on secure servers, or by service providers located in Uganda or other jurisdictions where our service providers operate.

Where personal data is transferred outside Uganda or your place of residence, we will take reasonable steps to ensure that appropriate safeguards are in place, including contractual, technical, and organizational measures designed to protect your personal data in accordance with this Privacy Policy and applicable law.

10. Security of Your Personal Data

We use reasonable technical, administrative, and organizational measures to protect personal data against unauthorized access, disclosure, alteration, loss, misuse, or destruction.

These measures may include encryption during transmission, secure server storage, access controls, permission management, logging, internal review procedures, and data minimization.

However, no method of transmission over the Internet or method of electronic storage is completely secure. While we take reasonable steps to protect your personal data, we cannot guarantee absolute security.

11. Privacy of Minors

The Service is not intended for individuals under the age of 18.

We do not knowingly collect personal data from anyone under the age of 18. If we become aware that we have collected personal data from a minor without appropriate legal basis, we will take steps to delete such information.

If you believe that a minor has provided personal data to us, please contact us using the contact details provided in this Privacy Policy.

12. Your Rights

Subject to applicable law, you may have the following rights in relation to your personal data:

  1. The right to request access to your personal data.
  2. The right to request correction of inaccurate or incomplete personal data.
  3. The right to request deletion of your personal data, subject to legal, contractual, regulatory, fraud prevention, and dispute resolution requirements.
  4. The right to object to certain processing activities.
  5. The right to request restriction of processing.
  6. The right to request transfer of your personal data in a structured, commonly used, machine-readable format, where applicable.
  7. The right to withdraw consent where processing is based on consent.
  8. The right to raise a complaint with the relevant data protection authority where applicable.

Please note that we may not always be able to comply with a deletion or restriction request where we are required to retain or process the data for legal compliance, loan contract performance, fraud prevention, regulatory reporting, dispute resolution, or enforcement of our rights.

To exercise your rights, please contact us using the contact details in Section 15. We may need to verify your identity before responding to your request.

We will respond to legitimate requests within a reasonable period and in accordance with applicable law.

The Service may contain links to websites or services that are not operated by us. If you click a third-party link, you will be directed to that third party’s website or service.

We are not responsible for the content, privacy policies, or practices of third-party websites or services. We recommend that you review the privacy policy of every website or service you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

When we make changes, we will update the “Update Date” at the top of this Privacy Policy. Where required by law or where the changes are material, we may notify you by email, in-app notice, website notice, or other appropriate means.

Your continued use of the Service after the updated Privacy Policy becomes effective means that you acknowledge the updated Privacy Policy.

15. Contact Us

If you have any questions, requests, complaints, or concerns about this Privacy Policy or our handling of your personal data, please contact us:

Company: CASHIFY LIMITED

App: Sunlit Loan

Email: help@cashifylimited.com

Customer Service Phone: 0707218266 / 0707218195

Website: https://www.cashifylimited.com/