iS iSACCO Member App
  • Terms
  • Privacy
  • Data safety
  • Delete account
  • Support
Official information

Legal, privacy and support information

This page explains how the iSACCO Member App works, the rules that apply when you use it, how personal data is handled and how to obtain support or request account deletion.

Provider: Shahi Service Limited Last updated: 10 July 2026 Jurisdiction: Kenya
About Terms Privacy Data safety Delete account Support
Section 1

About iSACCO

iSACCO is a secure digital channel through which members of participating savings and credit co-operative societies can access services offered by their SACCO.

Available services depend on the participating SACCO and may include:

  • Viewing savings, deposits, share capital and other balances.
  • Viewing loans, repayment information and transaction statements.
  • Submitting membership, loan or service requests.
  • Making or confirming payments through supported payment providers.
  • Receiving account, transaction and service notifications.
Your SACCO provides the financial services. Shahi Service Limited provides and supports the technology platform. Membership decisions, loan approvals, interest, fees and financial records remain subject to your SACCO's bylaws, policies and official records.
Section 2

Terms of Use

Acceptance

By accessing or using iSACCO, you agree to these Terms of Use. Do not use the app if you do not agree with them.

Eligibility

You may use iSACCO only where you are a registered member, applicant, authorised representative or other permitted user of a participating SACCO. You must provide accurate information and use only an account you are authorised to access.

Account security

  • Keep your password, PIN and one-time password confidential.
  • Protect your device with a screen lock and current security updates.
  • Report suspected unauthorised access immediately.
  • Do not allow another person to use your account.

SACCO services and records

Your SACCO determines eligibility, limits, approvals, pricing and service rules. Information displayed in the app is obtained from SACCO and integrated service records. Where a genuine discrepancy occurs, it must be investigated against the SACCO's authorised records.

Payments

Where payment services are available, you authorise the transmission of the details needed to initiate, confirm and reconcile the transaction. Payment requests may be delayed or fail because of mobile networks, banks, payment providers, maintenance or incorrect details.

Acceptable use

You must not:

  • Use iSACCO for fraud, impersonation or any unlawful activity.
  • Attempt to access another member's account or restricted systems.
  • Interfere with security controls, availability or app operation.
  • Introduce malware, automate abusive requests or manipulate records.
  • Copy, reverse engineer or misuse the platform except where permitted by law.

Availability and suspension

Access may be interrupted for maintenance, security, network failure, compliance requirements or circumstances outside reasonable control. Access may also be limited or suspended where misuse, fraud or a security risk is reasonably suspected.

Liability

Nothing in these Terms excludes liability that cannot lawfully be excluded. Subject to applicable law, Shahi Service Limited is not liable for indirect loss, third-party network failure, member error, or a SACCO decision made under the SACCO's own policies.

Governing law

These Terms are governed by the laws of the Republic of Kenya. SACCO products and services may also be governed by the SACCO's bylaws, member agreements and applicable regulatory requirements.

Section 3

Privacy and Data Protection Notice

Who is responsible for your data?

For member accounts and SACCO financial services, the participating SACCO normally determines why and how personal data is used. Shahi Service Limited operates the iSACCO technology platform and processes data for the SACCO. Shahi Service Limited may separately determine limited processing needed for platform security, technical support and legal compliance.

Information processed

  • Identity and contact information: name, member number, National ID details, phone number, email address and other membership information provided by you or your SACCO.
  • Financial and SACCO records: savings, deposits, shares, loans, repayments, statements, applications and transaction history.
  • Security information: login activity, IP address, device and session identifiers, audit logs and records used to detect fraud or unauthorised access.
  • Technical information: app version, operating system, device type, diagnostics and crash information where enabled.
  • Support information: messages, documents and other details submitted when requesting help.

Why information is used

  • To identify and authenticate users.
  • To provide SACCO account and transaction services.
  • To process requests, payments, applications and notifications.
  • To secure accounts, prevent fraud and maintain audit records.
  • To provide support, investigate errors and improve reliability.
  • To meet legal, regulatory and contractual obligations.

Lawful processing

Personal data is processed where necessary to provide requested services, perform contractual and membership obligations, comply with law, protect legitimate security interests, or on the basis of consent where consent is specifically required.

Sharing

Information may be shared only where necessary with:

  • Your participating SACCO and its authorised personnel.
  • Banks, mobile-money providers and payment processors used for a transaction.
  • Hosting, messaging, security and support providers working under appropriate obligations.
  • Regulators, law-enforcement agencies, courts or other authorities where legally required.
Personal data is not sold. iSACCO does not sell member personal data or use financial records for unrelated advertising.

Data retention

Data is retained only for as long as reasonably necessary for the service, SACCO operations, security, dispute resolution and legal or regulatory recordkeeping. Different records may have different retention periods. Data that is no longer required should be securely deleted, anonymised or otherwise handled in accordance with the applicable retention schedule.

Security

Reasonable technical and organisational safeguards are used, including encrypted transmission, access controls, authentication controls, audit logging, backups, monitoring and security updates. No digital system is completely risk-free, so members must also protect their devices and credentials.

Your rights

Subject to applicable law, you may request:

  • Information about how your personal data is used.
  • Access to personal data held about you.
  • Correction of inaccurate or incomplete information.
  • Restriction of or objection to qualifying processing.
  • Deletion of information that is no longer lawfully required.
  • Withdrawal of consent where processing relies on consent.

Requests may require identity verification and may be referred to your SACCO where the SACCO controls the relevant member or financial records. Some records cannot be deleted immediately where retention is required by law, regulation, audit obligations or the establishment or defence of legal claims.

Children and junior accounts

iSACCO is primarily intended for adult members. Junior accounts may be accessed only under the participating SACCO's rules and with the required parent, guardian or authorised representative controls.

Cross-border processing

Where an approved service provider processes data outside Kenya, appropriate legal, contractual and security safeguards must be applied before the transfer.

Policy updates

This notice may be updated when services, legal requirements or processing arrangements change. Material changes will be communicated through the app, website or another appropriate channel.

Section 4

Data Safety Summary

The following is a concise summary of the main data categories used by iSACCO. The exact features available depend on the participating SACCO.

Personal information Name, contact details, identity and membership information used to identify and serve the member.
Financial information Savings, shares, loans, repayments, statements and transaction information used to provide SACCO services.
App and device activity Login, session, device and diagnostic records used for security, support and service reliability.
Payment information Amounts, references, phone numbers and transaction status used to initiate and reconcile supported payments.
Key safeguards Data is encrypted in transit. Access is restricted to authorised users and service providers. Full card credentials are not intentionally stored by iSACCO.
Section 5

Account and Data Deletion

You may request deletion or deactivation of your iSACCO access account. Deleting app access does not automatically erase the underlying SACCO membership, financial or transaction records.

  1. Send an email to [email protected] with the subject iSACCO Account Deletion Request, or submit the request through your SACCO.
  2. Include your full name, SACCO name, member number and registered phone number. Do not email your password, PIN or OTP.
  3. Complete identity verification when contacted. This protects your account from fraudulent deletion requests.
  4. After verification, app access will be deleted, disabled or anonymised as applicable, and you will be informed of records that must legally be retained.
Financial records may need to be retained. Your SACCO may be required to keep membership, loan, payment, audit, statutory and dispute records even after app access is closed.
Section 6

Support and Contact

Contact Shahi Service Limited for technical problems, login errors, security incidents, privacy questions or account-deletion requests. Contact your SACCO for balances, statements, loan decisions, guarantors, membership status, fees or disputes about SACCO records.

Technical and privacy support

[email protected]
+254 722 400 737
shahi.co.ke

Provider address

Shahi Service Limited
West Park Heights, Kodi Road 2
Nairobi West, Apartment No. 1
Nairobi, Kenya

Security incidents

Report a lost device, unexpected OTP, suspicious login or unauthorised transaction immediately to both your SACCO and technical support. Never disclose your password, PIN or OTP to a person claiming to provide support.

Complaints

Privacy concerns should first be raised with the participating SACCO or Shahi Service Limited. You may also lodge a complaint with Kenya's Office of the Data Protection Commissioner where applicable.

On this page

About iSACCO Terms of Use Privacy Notice Data Safety Account Deletion Support
Need technical help?
Call +254 722 400 737
© 2026 Shahi Service Limited. iSACCO is a technology platform for participating SACCOs.
Terms Privacy Delete account Support