BP

BioPay

Privacy policy
Back to BioPay

Effective date: April 1, 2026

Privacy Policy

BioPay helps users identify the correct payee profile, construct a payment-ready Mobile Money route, and launch that flow through the appropriate surface. This policy applies across the BioPay Flutter client, backend services, and the installable web PWA hosted on biopay.ikanisa.com.

1. Information we collect

BioPay may collect profile information, linked MoMo numbers or merchant codes, audit trail data, installation events, device and browser capability telemetry, and support messages that users intentionally submit through the product.

For biometric matching, BioPay is designed around embeddings and controlled backend access rather than raw image retention in the production matching flow.

2. How BioPay uses information

We use collected information to enroll payees, generate quick-pay routes, secure sessions, investigate misuse, improve uptime, and keep the PWA reliable across offline and low-connectivity conditions.

PWA-specific events such as install prompt results, offline queue replay, and notification opt-in are used to improve installability and support operations, never to sell personal data.

3. Browser storage and offline data

The PWA stores non-sensitive quick-pay shortcuts and queued support or engagement events in browser IndexedDB so the app keeps working offline. BioPay does not intentionally store sensitive access tokens or biometric templates in browser localStorage.

Cached app shell files are managed by a service worker and can be cleared by uninstalling the PWA, deleting site data, or using browser settings.

4. Sharing and processors

We may use infrastructure providers for hosting, database, authentication, messaging, and monitoring. We do not sell personal data. We may disclose limited information where required by law, to protect users, or to secure the platform.

5. Security

BioPay relies on encrypted transport, authenticated backend access, role-aware administration, row-level security, structured logging, and production headers including CSP, HSTS, X-Frame-Options, nosniff, and Permissions-Policy on the PWA static server.

6. Retention and your rights

We retain account, enrollment, and operational records only for as long as needed to deliver the service, comply with legal obligations, resolve disputes, and protect BioPay from abuse.

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or obtain a copy of your data. Contact [email protected] to make a request.