Data Governance
Plain-English summary of our Data Governance Model Card.
1. What this page is
We process personal and financial data to help borrowers apply for credit, learn business skills, and connect with regulated lenders. This page explains what we collect, how we protect it, and the rights you have under Tanzanian and international law. The full technical document is the Data Governance Model Card linked at the bottom.
2. What we collect
Your name, ID, phone, email, address, loan-application details, learning progress, voice recordings (with consent), and how you use the app. We collect only what we need for the service or what the law requires.
3. How we protect it
Encryption everywhere (TLS 1.3 in transit, AES-256-GCM at rest), strict access rules per role, four-eye approval for any cross-organization query, and an immutable audit trail that cannot be edited after the fact.
4. Cross-organization roll-ups (the Crawford concern)
When we combine data across organizations for platform-wide analytics, we strip names, phones, and IDs first. We only show patterns where at least 5 people share the same characteristics (k-anonymity). You can object to your data being included in these aggregates at any time using the button below.
5. Your rights (PDPA, EU AI Act)
You can ask to see your data, correct it, delete it, take it with you in machine-readable form, or object to any decision a machine made about you. We answer within 30 days (or 7 for human review of automated decisions).
6. Where your data lives
Frankfurt (primary) and Mumbai (failover for low latency to Tanzania). Subprocessors include Supabase, Vercel, Anthropic, OpenAI, ElevenLabs, Stripe, Twilio, and Africa's Talking. The full list is in the Model Card.
Exercise your rights
These buttons send a request to our Data Protection Officer. You must be signed in to your borrower account for the request to be valid.
Live transparency report (JSON)
Full Model Card: /Docs/DATA-GOVERNANCE-MODEL-CARD.md
Contact: dpo@litfin-credit.com