1. Introduction

Mocowrys is committed to protecting your privacy and complying with the General Data Protection Regulation where it applies.

2. Legal Basis for Processing

We process personal data under these legal bases:

Consent: You have given consent for specific processing.
Contract: Processing is needed to provide account, payment, market, and settlement services.
Legal Obligation: Processing is needed to meet legal, tax, audit, payment, or regulatory obligations.
Legitimate Interest: Processing supports security, fraud prevention, support, analytics, and platform operation.

3. Your GDPR Rights

Under GDPR, you may have rights to access, rectify, erase, restrict, transfer, or object to processing of personal data, subject to legal limits and retention obligations.

4. Data We Collect

We may collect and process the following categories of personal data:

Account identifiers, email addresses, phone numbers, and authentication records
Payment provider references, deposit records, withdrawal records, and callback status
KES balance, ledger, trade, position, settlement, and audit records
Usage, device, analytics, cookie, and preference data
Communications with support or operations teams

5. Data Retention

We retain personal data only as long as needed for service operation, legal compliance, fraud prevention, disputes, audit, tax, payment reconciliation, and agreement enforcement.

6. International Data Transfers

Data may be processed outside the European Economic Area. Where required, we use appropriate safeguards such as standard contractual clauses, adequacy decisions, or other GDPR-recognized transfer mechanisms.

7. Data Security

We use technical and organizational safeguards including encryption, access controls, monitoring, backups, security reviews, and incident response procedures.

8. Data Breach Notification

Where required, we will notify affected users and relevant supervisory authorities of qualifying personal data breaches within applicable deadlines.

9. Children's Data

Our platform is not directed at children under 16. We do not knowingly collect personal data from children under 16.

10. Exercising Your Rights

To exercise GDPR rights, contact our Data Protection Officer:

Email: [email protected]

Subject: GDPR Rights Request

We will respond within one month where required. Complex requests may require additional time.

11. Supervisory Authority

You may lodge a complaint with your local data protection supervisory authority if you believe we have not complied with GDPR requirements.

12. Data Protection Officer

You can contact our DPO at: