Privacy Policy

Last updated: 1 March 2026

1. Introduction

Kavod Technologies (Pty) Ltd ("we", "us", "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and the General Data Protection Regulation (GDPR) where applicable. This Privacy Policy explains how we collect, use, store, and share your information when you use the Karat Dollar platform and services.

2. Information We Collect

2.1 Information You Provide

  • Identity Information: Full name, date of birth, South African ID number or passport number, nationality;
  • Contact Information: Email address, phone number, physical address;
  • Financial Information: Bank account details, card details (tokenised), income information for credit assessments;
  • KYC Documents: Identity documents, proof of address, selfie photographs for identity verification;
  • Biometric Data: Facial recognition data and palm print data (only if you opt in to biometric payments).

2.2 Information We Collect Automatically

  • Device Information: Device type, operating system, browser, unique device identifiers;
  • Usage Data: Pages visited, features used, transaction history, session duration;
  • Location Data: IP address, approximate location (for fraud prevention and regulatory compliance);
  • Log Data: Server logs, error reports, API request data.

3. How We Use Your Information

We process your personal information for the following purposes:

  • Account Management: Creating and managing your KAD account, verifying your identity;
  • Service Delivery: Processing payments, transfers, BNPL applications, insurance policies, and other financial services;
  • Regulatory Compliance: Fulfilling FICA/KYC obligations, AML screening, tax reporting, and regulatory reporting to FSCA, SARB, and FIC;
  • Credit Assessment: Evaluating BNPL eligibility using our AI credit scoring model;
  • Fraud Prevention: Detecting and preventing fraudulent transactions using our AI fraud detection system (97.8% detection rate);
  • Communication: Sending transaction confirmations, security alerts, product updates, and marketing communications (with your consent);
  • Product Improvement: Analysing usage patterns to improve our services.

4. Legal Basis for Processing

Under POPIA, we process your information based on:

  • Consent: For marketing communications and biometric data collection;
  • Contract: To provide the services you have requested;
  • Legal Obligation: To comply with FICA, AML regulations, and tax requirements;
  • Legitimate Interest: For fraud prevention, security, and service improvement.

5. Information Sharing

We share your information only with:

  • Payment Processors: Paystack, Stripe, Ozow, Flutterwave, and M-Pesa for payment processing;
  • KYC Providers: Identity verification service providers;
  • Insurance Underwriters: For micro-insurance policy administration and claims;
  • Credit Bureaus: For BNPL credit reporting (TransUnion, Experian, XDS);
  • Regulators: FSCA, SARB, FIC, and foreign regulatory bodies as required by law;
  • Custodians: Rand Refinery, Anglo Platinum, and LME-approved warehouses (reserve data only, not personal data);
  • Cross-Border Partners: Licensed MTOs for international transfers.

We do not sell your personal information to third parties.

6. Data Retention

We retain your personal information for:

  • Active accounts: For the duration of your account plus 5 years after closure;
  • Transaction records: 7 years (as required by FICA and tax legislation);
  • KYC documents: 5 years after the end of the business relationship;
  • Marketing consent records: Until you withdraw consent.

7. Data Security

We protect your information using:

  • AES-256 encryption at rest and TLS 1.3 in transit;
  • PCI DSS Level 1 certified payment infrastructure;
  • ISO 27001 certified information security management;
  • Multi-factor authentication and biometric access controls;
  • 24/7 security monitoring and incident response.

8. Your Rights Under POPIA

You have the right to:

  • Access: Request a copy of your personal information;
  • Correction: Request correction of inaccurate information;
  • Deletion: Request deletion of your information (subject to legal retention requirements);
  • Objection: Object to processing for direct marketing;
  • Restriction: Request restriction of processing in certain circumstances;
  • Portability: Request your data in a machine-readable format;
  • Complaint: Lodge a complaint with the Information Regulator of South Africa.

9. International Transfers

Your data may be transferred to countries where we operate (Nigeria, Kenya, Ghana, Tanzania, Uganda, Zimbabwe, Rwanda, Ethiopia, Malawi, United Kingdom). We ensure adequate protection through binding corporate rules and standard contractual clauses.

10. Children's Privacy

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it promptly.

11. Information Officer

Our designated Information Officer can be contacted at:

  • Email: privacy@karatdollar.com
  • Address: Kavod Technologies (Pty) Ltd, Cape Town, Western Cape, South Africa

12. Changes to This Policy

We will notify you of material changes to this Policy via email or in-app notification at least 30 days before they take effect.