Privacy & Data Protection
What data Danipa Pay collects, how it's protected, your rights, and how account deletion works.
5 min read
Overview
Your privacy matters. This guide explains what data Danipa Pay holds, why we hold it, how it's protected, and what you can do about it. For the full legal text, see Danipa's privacy policy.
What we collect
Identity and account
| Data | Why |
|---|---|
| Full name, date of birth, country | Identity verification and regulatory compliance |
| Phone number | Login, MFA, mobile money linking |
| Receipts, MFA, account recovery | |
| Profile photo | Optional — for personalization |
KYC documents
KYC documents are uploaded into the identity service when you complete or upgrade your verification:
- Government-issued ID (Ghana Card, passport, driver's licence depending on country and tier)
- Selfie or liveness check
- Proof of address (for the higher tiers)
Transactions
| Data | Why |
|---|---|
| Amounts, currencies, recipients, references | Settlement and dispute resolution |
| Payment method and provider | Routing through the correct rails |
| IP address and device info | Fraud detection, step-up MFA decisions |
Device and usage
| Data | Why |
|---|---|
| Device model, OS, app version | Compatibility, support |
| Push tokens | Delivering push notifications |
| Crash and error logs | Bug fixes |
We don't track location unless you actively use a feature that needs it (such as finding a Danipa agent near you).
How we protect your data
- In transit: all client-to-server traffic uses TLS.
- At rest: PII fields are encrypted in the database; KYC documents live in encrypted, access-controlled storage.
- Access: support and ops staff use role-based access. KYC reviews are restricted to the verification team.
- Auditing: every access to KYC documents is logged.
- Step-up MFA: sensitive actions (account deletion, MFA changes, high-value transfers) require a second factor — see Security & Account Settings.
We do not sell your data, run advertising on your data, or share your transaction history with third parties for commercial purposes.
Account deletion
You can ask Danipa Pay to delete your account from inside the mobile app.
How it works
- Open Profile → Security → Delete account (the exact entry point may vary by app version).
- Re-authenticate with step-up MFA (passkey, TOTP, or SMS code).
- Danipa shows you the country-specific retention policy that applies to you (see below).
- Confirm. Your account moves to a scheduled-deletion state and you receive a one-time cancel link by email.
30-day grace window
For 30 days after you confirm, the deletion is reversible:
- Your account is locked from new transactions but the data is intact.
- You can cancel deletion from inside the app, or by clicking the email cancel link.
- After 30 days, the deletion runs automatically.
What gets deleted
When the grace period ends, Danipa Pay:
- Anonymises your user profile PII (name, email, phone, address replaced with deterministic placeholders).
- Hard-deletes leaf data: saved recipients, MFA enrolments, devices, push tokens, payment-method mappings, and your wallet plus its dependent rows.
- Deletes your identity-provider account (Keycloak).
- Writes a deleted-account audit row so the deletion itself is provable.
What's retained, and why
Financial regulations in every Danipa-supported country require some records to be kept after account closure:
| Country | Regulator | Retention |
|---|---|---|
| Canada | FINTRAC | 5 years |
| United States | FinCEN | 5 years |
| Ghana | Bank of Ghana Act 1044 | 5 years |
What stays during the retention period:
- Transaction records, with your name anonymised — needed for AML and tax reporting.
- KYC documents, with their status flipped to ARCHIVED. They are not used for any new processing.
After the retention period, the remaining records are also purged.
Some accounts can't auto-delete
If your account has open disputes, scheduled deletions, or other state that needs a human review, the in-app flow redirects you to support. The team will guide you through closure manually.
Your other rights
Access and correction
- Edit basic info in the mobile app under Profile → Personal info.
- Correct KYC details by re-submitting documents from Profile → KYC verification (see KYC Verification).
- For a copy of all data Danipa holds about you, contact privacy support — see below.
Notification opt-out
You control which notifications reach you and through which channels in Profile → Notifications. Promotional notifications can be turned off entirely. Critical security notifications must keep at least one channel enabled — see Notifications & Alerts.
Data portability
Your transaction record is exportable at any time as a per-currency PDF or CSV via the Wallet → Statements screen — see Receipts & Statements.
Cookies and the web
If you use any Danipa web app (help center, checkout pages, merchant dashboard, developer portal), only essential cookies are used by default — those required for login, security, and language preference. We do not run advertising cookies.
Children's privacy
Danipa Pay is not intended for users under 18. We don't knowingly collect data from minors; if we discover a minor's account, we close it and delete the data.
Contact
For privacy-related questions or data-rights requests:
- In-app: Profile → Help & Support — request a privacy review.
- Email: privacy@danipa.com.
- Mail: Danipa Business Systems Inc., Kitchener, Ontario, Canada.
Changes to this policy
If we change how we handle your data in a meaningful way you'll get an in-app notification and an email at least 30 days before it takes effect, and you'll have the option to close your account if you disagree.