Sign InCreate Account

Privacy Policy

Last updated: February 2026

Pledgr (“we”, “us”, or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, applications, and services (collectively, the “Services”). This policy is designed to comply with the Kenya Data Protection Act, 2019 and the European Union General Data Protection Regulation (GDPR).

1. Information We Collect

1.1 Personal Information

When you create an account, start a Drive, or make a pledge, we may collect the following personal information:

  • Full name, email address, and phone number.
  • Government-issued identification documents (for KYC verification).
  • Profile photograph and biographical information.
  • Physical or postal address.
  • Date of birth and nationality.

1.2 Payment Information

To process pledges and withdrawals, we collect payment-related data including:

  • M-Pesa phone number and transaction identifiers.
  • Credit or debit card details (processed and stored by our PCI-DSS compliant payment processors; Pledgr does not store full card numbers).
  • Cryptocurrency wallet addresses.
  • Bank account details for EFT withdrawals.
  • Transaction history and amounts.

1.3 Usage Data

We automatically collect certain information when you access the Services, including:

  • IP address, browser type, operating system, and device identifiers.
  • Pages visited, features used, and time spent on the Platform.
  • Referral URLs and search terms used to find the Platform.
  • Click patterns, scroll depth, and interaction data.
  • Crash reports and performance metrics.

2. How We Use Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the Services.
  • To process pledges, withdrawals, and other financial transactions.
  • To verify your identity and comply with KYC/AML regulations.
  • To communicate with you about your account, Drives, and pledges.
  • To send promotional communications (with your consent, which you may withdraw at any time).
  • To detect, prevent, and address fraud, abuse, and security issues.
  • To analyse usage patterns and improve the user experience.
  • To comply with legal obligations and respond to lawful requests from public authorities.
  • To enforce our Terms of Service and protect our legal rights.

3. Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

3.1 Payment Processors

We share necessary payment information with our payment processing partners (including M-Pesa/Safaricom, card processors, and cryptocurrency payment gateways) to facilitate transactions. These processors are contractually obligated to use your data solely for processing payments and are required to maintain appropriate security measures.

3.2 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend the rights or property of Pledgr; (c) prevent fraud or other illegal activity; (d) protect the personal safety of users of the Services or the public.

3.3 Service Providers

We engage trusted third-party service providers who assist us in operating the Platform, including cloud hosting, analytics, customer support, and email delivery services. These providers are given access only to the information necessary to perform their specific functions and are bound by contractual obligations to protect your data.

3.4 Business Transfers

In the event of a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4. Data Security

We implement industry-standard technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.3 and data at rest using AES-256.
  • Regular security assessments and penetration testing.
  • Role-based access controls and multi-factor authentication for internal systems.
  • Secure development practices and code review processes.
  • Incident response procedures and breach notification protocols.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

5. Cookies

We use cookies and similar tracking technologies to enhance your experience on the Platform. Cookies help us remember your preferences, understand how you use the Services, and improve performance.

For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

6. Your Rights

Under the Kenya Data Protection Act, 2019 and the GDPR (where applicable), you have the following rights regarding your personal data:

6.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within thirty (30) days of receiving your request, free of charge for the first request in any twelve-month period.

6.2 Right to Correction

You have the right to request correction of any inaccurate or incomplete personal data we hold about you. You can update most account information directly through your account settings.

6.3 Right to Deletion

You may request the deletion of your personal data. We will comply with your request unless we are required to retain certain information for legal, regulatory, or legitimate business purposes (such as transaction records required under anti-money laundering laws).

6.4 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance from Pledgr.

6.5 Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes. You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or contacting us directly.

To exercise any of these rights, please contact us at privacy@pledgr.com. We may require you to verify your identity before processing your request.

7. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Specific retention periods include:

  • Account information: Retained for the duration of your account and for up to 3 years after account closure.
  • Transaction records: Retained for a minimum of 7 years as required by Kenyan financial regulations and anti-money laundering laws.
  • KYC documentation: Retained for a minimum of 7 years after the end of the business relationship.
  • Usage and analytics data: Retained for up to 2 years in an identifiable form, after which it is anonymised.
  • Marketing preferences: Retained until you withdraw your consent or close your account.

8. International Transfers

Pledgr operates globally, and your information may be transferred to and processed in countries other than your country of residence, including Kenya and countries where our service providers operate. These countries may have data protection laws that differ from your jurisdiction.

When we transfer personal data outside of Kenya or the European Economic Area (EEA), we ensure appropriate safeguards are in place, including: Standard Contractual Clauses (SCCs) approved by the European Commission; adequacy decisions by the Office of the Data Protection Commissioner of Kenya; or binding corporate rules where applicable.

9. Children’s Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at privacy@pledgr.com and we will take steps to delete such information from our systems within a reasonable timeframe.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the “Last updated” date at the top of this page and notify you through the Platform or via email. We encourage you to review this policy periodically.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection Officer:

Pledgr Data Protection Officer
Email: privacy@pledgr.com
Address: Westlands, Nairobi, Kenya
Response time: Within 30 days

If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of Kenya or, for EU residents, with your local supervisory authority.

Terms of ServiceCookie PolicyCompliance