Genuka Pay – Privacy Policy

Last updated: March 2026

This Privacy Policy describes how Genuka Pay collects, processes, and protects personal data in accordance with applicable data protection regulations, including Law No. 2024/017 of December 23, 2024 relating to the protection of personal data.

Article 1 – Data Controller

Genuka Pay acts as the data controller for personal data collected through its platform.

Article 2 – Types of Data Collected

Genuka Pay may collect the following categories of data:

Identification Data

  • full name
  • phone number
  • email address

Technical Data

  • IP address
  • device information
  • browser type
  • operating system

Transaction Data

  • payment details
  • transaction history
  • transaction identifiers

Verification Data

  • identity documents where required for compliance purposes

Article 3 – Legal Basis for Processing

Personal data may be processed for the following purposes:

  • account creation and management
  • transaction processing
  • fraud detection and prevention
  • regulatory compliance
  • customer support
  • service improvement

Processing may be based on user consent, contractual necessity, or legal obligations.

Article 4 – Data Sharing

As a technical facilitator, Genuka Pay may share personal data with:

Licensed Payment Partners:

  • licensed payment providers (Orange Money, MTN Mobile Money, etc.)
  • financial institutions for transaction processing

Security and Compliance Services:

  • fraud prevention services
  • regulatory authorities where required by law

Important Note

Genuka Pay only shares data with these third parties to the extent strictly necessary to facilitate transactions through our licensed payment partners.

All partners receiving such data are required to maintain appropriate security and confidentiality standards.

Important

Your data is never sold to third parties.

Article 5 – Data Security and Protection

Genuka Pay implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, in accordance with Law No. 2024/017 of December 23, 2024.

5.1 Authentication and Access Control

Two-Factor Authentication (2FA)

Genuka Pay implements two-factor authentication for all administrator and sensitive accounts:

  • Mandatory 2FA for all staff members
  • TOTP Authentication (Time-based One-Time Password) via authenticator apps
  • Secure recovery codes in case of 2FA device loss
  • Logging of all authentication attempts

Role-Based Access Control (RBAC)

  • Least privilege principle: each user only has access to strictly necessary data
  • Multi-level authentication based on data sensitivity
  • Secure sessions with automatic expiration
  • Access logging for sensitive data access

5.2 Encryption and Technical Protection

Data Encryption

  • TLS 1.3 encryption for all communications in transit
  • AES-256 encryption for sensitive data at rest
  • Cryptographic hashing of passwords (bcrypt/argon2)
  • Secure tokens for API sessions

Secure Infrastructure

  • Secure server hosting with valid SSL/TLS certificates
  • Application firewall to filter malicious connections
  • Continuous monitoring for intrusion attempts
  • Automatic security updates for security patches

Protection Against Common Attacks

  • CSRF protection (Cross-Site Request Forgery)
  • XSS validation (Cross-Site Scripting)
  • SQL Injection prevention via parameterized queries
  • Rate limiting to prevent brute force attacks

5.3 Data Protection Officer

In accordance with regulations, Genuka Pay has designated a Data Protection Officer (DPO) 🚼

DPO Roles:

  • Contact point for regulatory authorities and users
  • Compliance monitoring with data protection laws
  • Advisory on data protection obligations
  • Management of user rights requests
  • Coordination in case of data breaches

DPO Contact: dpo.pay@genuka.com

5.4 Organizational Measures

Staff Training

  • Mandatory training on data protection for all employees
  • Continuous awareness of security threats (phishing, social engineering)
  • Documented procedures for security incident management

Vendor Management

  • Strict auditing of all technical partners
  • Confidentiality agreements with data protection clauses
  • Regular assessment of vendor compliance

Business Continuity Plan

  • Encrypted backups of critical data
  • Recovery procedures for major incidents
  • Regular testing of business continuity plans

Article 6 – Data Retention

Personal data is retained only for the duration necessary to fulfill the purposes described in this policy or to comply with legal obligations.

Article 7 – User Rights

Under applicable data protection laws, users may have the right to:

  • access their personal data
  • request correction of inaccurate data
  • request deletion of personal data where legally permissible
  • withdraw consent for certain processing activities

Requests may be submitted to the contact address below.

Article 8 – International Data Transfers

Where personal data is transferred outside the user's jurisdiction, Genuka Pay will ensure that appropriate safeguards are implemented to protect such data.

Article 9 – Cookies and Analytics

Genuka Pay may use cookies and analytics tools to enhance user experience and improve platform performance.

Users may control cookie settings through their browser preferences.

Article 10 – Personal Data Breaches

In the event of a personal data breach, Genuka Pay commits to:

Prompt Notification

  • Notify competent authorities within legal deadlines (maximum 72 hours)
  • Inform affected individuals without undue delay in case of high risk
  • Transparency on the breach nature and measures taken

Management Process

  1. Identification of the breach and risk assessment
  2. Containment of the breach to limit impact
  3. Investigation to determine causes and extent
  4. Notification to authorities and affected individuals
  5. Remediation to prevent future breaches

Preventive Measures

  • Regular security audits to identify vulnerabilities
  • Periodic penetration testing
  • Technology watch on emerging threats
  • Continuous updates of security measures

In Case of Breach

If you suspect a data breach, immediately contact our DPO: dpo.pay@genuka.com

Article 11 – Updates to this Policy

This Privacy Policy may be updated periodically to reflect changes in regulations or platform functionality.

Article 12 – Contact

For questions related to privacy or data protection, contact: