PhandaPay Privacy Policy

  1. Introduction

This Privacy Policy explains how PhandaPay (“PhandaPay”, “we”, “us”, or “our”) collects, uses, stores, shares, and protects your personal information when you use the PhandaPay mobile application, website, and related services (collectively, the “Service”).

We are committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African laws.

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

  1. Responsible Party

For purposes of POPIA, PhandaPay is the Responsible Party in relation to your personal information.

Contact details:
📧 Email: support@phandapay.co.za
📞 Phone:  010 500 0220
📍 Address: 35A Rietfontein Rd, Edenburg, Sandton, 2128

  1. Personal Information We Collect

We may collect the following categories of personal information:

3.1 Information You Provide

  • Full name
  • South African ID number or passport number
  • Date of birth
  • Mobile phone number
  • Email address
  • Residential address
  • Bank account or card details (processed securely via payment partners)
  • Username, PIN, and authentication credentials
  • Customer support communications

3.2 Automatically Collected Information

  • Device information (device ID, operating system, app version)
  • IP address
  • Transaction metadata (date, amount, reference)
  • Log and usage data

3.3 Regulatory Information

  1. FICA/KYC verification data
  2. AML screening results
  3. Transaction monitoring records
    1. How We Use Your Personal Information

    We process your personal information for the following purposes:

    • To register and manage your PhandaPay account
    • To verify your identity (KYC/FICA compliance)
    • To process payments and transfers
    • To prevent fraud, money laundering, and illegal activity
    • To comply with legal and regulatory obligations
    • To communicate with you about your account or transactions
    • To improve the functionality, security, and performance of the Service

    To provide customer support

  1. Legal Basis for Processing

We process your personal information based on one or more of the following lawful grounds:

  • Your consent
  • Performance of a contract with you
  • Compliance with legal obligations (including FICA and AML laws)

Our legitimate interests, such as fraud prevention and service improvement.

  1. Sharing of Personal Information

We may share your personal information with:

  • Banks and payment service providers to facilitate transactions
  • Regulatory authorities, including the Financial Intelligence Centre (FIC), when required by law
  • Technology and infrastructure providers who support our systems
  • Law enforcement agencies where legally required
  • Auditors, legal, and compliance advisors

We do not sell your personal information to third parties.

  1. Cross-Border Transfers

If personal information is transferred outside South Africa, we ensure that:

  • The receiving country has adequate data protection laws, or
  • Appropriate contractual safeguards are in place, in compliance with POPIA
  1. Data Security

We implement appropriate technical and organisational security measures to protect your personal information, including:

  • Encryption
  • Secure servers
  • Access controls
  • Monitoring and logging
  • Regular security reviews

Despite these measures, no system is completely secure, and you use the Service at your own risk.

  1. Data Retention

We retain personal information only for as long as necessary to:

  • Provide the Service
  • Meet legal, regulatory, and FICA obligations
  • Resolve disputes
  • Enforce our agreements

Retention periods may extend beyond account closure where required by law.

  1. Your Rights Under POPIA

You have the right to:

  • Request access to your personal information
  • Request correction or deletion of inaccurate information
  • Object to the processing of your personal information (where applicable)
  • Withdraw consent (subject to legal and contractual restrictions)
  • Lodge a complaint with the Information Regulator

Information Regulator (South Africa):
🌐 www.justice.gov.za/inforeg/

  1. Cookies and Similar Technologies

We may use cookies or similar technologies on our website to improve user experience, analytics, and functionality. You may control cookie preferences through your browser settings.