Legal, privacy and support information
This page explains how the iSACCO Member App works, the rules that apply when you use it, how personal data is handled and how to obtain support or request account deletion.
About iSACCO
iSACCO is a secure digital channel through which members of participating savings and credit co-operative societies can access services offered by their SACCO.
Available services depend on the participating SACCO and may include:
- Viewing savings, deposits, share capital and other balances.
- Viewing loans, repayment information and transaction statements.
- Submitting membership, loan or service requests.
- Making or confirming payments through supported payment providers.
- Receiving account, transaction and service notifications.
Terms of Use
Acceptance
By accessing or using iSACCO, you agree to these Terms of Use. Do not use the app if you do not agree with them.
Eligibility
You may use iSACCO only where you are a registered member, applicant, authorised representative or other permitted user of a participating SACCO. You must provide accurate information and use only an account you are authorised to access.
Account security
- Keep your password, PIN and one-time password confidential.
- Protect your device with a screen lock and current security updates.
- Report suspected unauthorised access immediately.
- Do not allow another person to use your account.
SACCO services and records
Your SACCO determines eligibility, limits, approvals, pricing and service rules. Information displayed in the app is obtained from SACCO and integrated service records. Where a genuine discrepancy occurs, it must be investigated against the SACCO's authorised records.
Payments
Where payment services are available, you authorise the transmission of the details needed to initiate, confirm and reconcile the transaction. Payment requests may be delayed or fail because of mobile networks, banks, payment providers, maintenance or incorrect details.
Acceptable use
You must not:
- Use iSACCO for fraud, impersonation or any unlawful activity.
- Attempt to access another member's account or restricted systems.
- Interfere with security controls, availability or app operation.
- Introduce malware, automate abusive requests or manipulate records.
- Copy, reverse engineer or misuse the platform except where permitted by law.
Availability and suspension
Access may be interrupted for maintenance, security, network failure, compliance requirements or circumstances outside reasonable control. Access may also be limited or suspended where misuse, fraud or a security risk is reasonably suspected.
Liability
Nothing in these Terms excludes liability that cannot lawfully be excluded. Subject to applicable law, Shahi Service Limited is not liable for indirect loss, third-party network failure, member error, or a SACCO decision made under the SACCO's own policies.
Governing law
These Terms are governed by the laws of the Republic of Kenya. SACCO products and services may also be governed by the SACCO's bylaws, member agreements and applicable regulatory requirements.
Privacy and Data Protection Notice
Who is responsible for your data?
For member accounts and SACCO financial services, the participating SACCO normally determines why and how personal data is used. Shahi Service Limited operates the iSACCO technology platform and processes data for the SACCO. Shahi Service Limited may separately determine limited processing needed for platform security, technical support and legal compliance.
Information processed
- Identity and contact information: name, member number, National ID details, phone number, email address and other membership information provided by you or your SACCO.
- Financial and SACCO records: savings, deposits, shares, loans, repayments, statements, applications and transaction history.
- Security information: login activity, IP address, device and session identifiers, audit logs and records used to detect fraud or unauthorised access.
- Technical information: app version, operating system, device type, diagnostics and crash information where enabled.
- Support information: messages, documents and other details submitted when requesting help.
Why information is used
- To identify and authenticate users.
- To provide SACCO account and transaction services.
- To process requests, payments, applications and notifications.
- To secure accounts, prevent fraud and maintain audit records.
- To provide support, investigate errors and improve reliability.
- To meet legal, regulatory and contractual obligations.
Lawful processing
Personal data is processed where necessary to provide requested services, perform contractual and membership obligations, comply with law, protect legitimate security interests, or on the basis of consent where consent is specifically required.
Sharing
Information may be shared only where necessary with:
- Your participating SACCO and its authorised personnel.
- Banks, mobile-money providers and payment processors used for a transaction.
- Hosting, messaging, security and support providers working under appropriate obligations.
- Regulators, law-enforcement agencies, courts or other authorities where legally required.
Data retention
Data is retained only for as long as reasonably necessary for the service, SACCO operations, security, dispute resolution and legal or regulatory recordkeeping. Different records may have different retention periods. Data that is no longer required should be securely deleted, anonymised or otherwise handled in accordance with the applicable retention schedule.
Security
Reasonable technical and organisational safeguards are used, including encrypted transmission, access controls, authentication controls, audit logging, backups, monitoring and security updates. No digital system is completely risk-free, so members must also protect their devices and credentials.
Your rights
Subject to applicable law, you may request:
- Information about how your personal data is used.
- Access to personal data held about you.
- Correction of inaccurate or incomplete information.
- Restriction of or objection to qualifying processing.
- Deletion of information that is no longer lawfully required.
- Withdrawal of consent where processing relies on consent.
Requests may require identity verification and may be referred to your SACCO where the SACCO controls the relevant member or financial records. Some records cannot be deleted immediately where retention is required by law, regulation, audit obligations or the establishment or defence of legal claims.
Children and junior accounts
iSACCO is primarily intended for adult members. Junior accounts may be accessed only under the participating SACCO's rules and with the required parent, guardian or authorised representative controls.
Cross-border processing
Where an approved service provider processes data outside Kenya, appropriate legal, contractual and security safeguards must be applied before the transfer.
Policy updates
This notice may be updated when services, legal requirements or processing arrangements change. Material changes will be communicated through the app, website or another appropriate channel.
Data Safety Summary
The following is a concise summary of the main data categories used by iSACCO. The exact features available depend on the participating SACCO.
Account and Data Deletion
You may request deletion or deactivation of your iSACCO access account. Deleting app access does not automatically erase the underlying SACCO membership, financial or transaction records.
- Send an email to [email protected] with the subject iSACCO Account Deletion Request, or submit the request through your SACCO.
- Include your full name, SACCO name, member number and registered phone number. Do not email your password, PIN or OTP.
- Complete identity verification when contacted. This protects your account from fraudulent deletion requests.
- After verification, app access will be deleted, disabled or anonymised as applicable, and you will be informed of records that must legally be retained.
Support and Contact
Contact Shahi Service Limited for technical problems, login errors, security incidents, privacy questions or account-deletion requests. Contact your SACCO for balances, statements, loan decisions, guarantors, membership status, fees or disputes about SACCO records.
Technical and privacy support
Provider address
Shahi Service Limited
West Park Heights, Kodi Road 2
Nairobi West, Apartment No. 1
Nairobi, Kenya
Security incidents
Report a lost device, unexpected OTP, suspicious login or unauthorised transaction immediately to both your SACCO and technical support. Never disclose your password, PIN or OTP to a person claiming to provide support.
Complaints
Privacy concerns should first be raised with the participating SACCO or Shahi Service Limited. You may also lodge a complaint with Kenya's Office of the Data Protection Commissioner where applicable.