Privacy Policy

1. Who We Are

KMG Vital Links Ltd (“we”, “us”) is the data controller for personal information processed through this Service. We are registered in the United Kingdom.

2. What We Collect

• Account data — name, email, phone, password hash, business details for KYB.
• Transaction data — amounts, currencies, references, payer/payee identifiers (mobile money / card metadata).
• Communications — WhatsApp inbound/outbound messages routed through the platform.
• Technical data — IP, user-agent, device fingerprint, and security logs.

3. How We Use It

• To provide, secure and improve the Service.
• To process payments and settlement on your behalf.
• To comply with legal, KYC, AML and sanctions obligations.
• To communicate operational updates and (with consent) marketing.

4. Sharing

We share data with: payment processors (PayFast, Stripe, EcoCash, Innbucks, Reloadly, Gemba, BlueLabel, Esolutions), Meta (WhatsApp Cloud API), AI providers (OpenAI for inbound message understanding and bulk-import vision processing), regulators, and law-enforcement when legally required.

5. International Transfers

Some processors are located outside the UK/EEA. Where applicable we rely on Standard Contractual Clauses or adequacy decisions for cross-border transfers.

6. Retention

We retain transaction records for a minimum of seven (7) years to satisfy financial-services record-keeping rules. Marketing data is retained until you opt out.

7. Your Rights

You can request access, correction, erasure (subject to legal retention), portability, and objection to processing. Contact privacy@kmgvitallinks.co.uk. You may also lodge a complaint with the UK Information Commissioner’s Office (ICO).

8. Security

We use TLS 1.3 in transit, AES-256 at rest, role-based access controls, and continuous logging. Access tokens for merchant WABAs are stored encrypted at the column level.

9. Cookies

We use strictly-necessary cookies for session management. Analytics cookies are set only after explicit consent.