Plain-language guide to how we handle your personal data
Last updated: 07 April 2026 · Applies in Uganda, Zambia, Senegal and Switzerland
Privacy Policy
🔒Your data is secure
Encrypted in transit and at rest
🚫We don’t sell data
Ever, to anyone
✋You’re in control
Access, edit or delete your data
📍Local accountability
A local company handles your data
Privacy Highlights
A quick summary — the full policy follows below.
1. Who we are
VeryPay provides app-based e-wallet payment solutions. Depending on where you use the service, a local VeryPay company is your data controller — see the country sections for full details.
VeryPay provides app-based e-wallet payment solutions. Depending on where you use the service, a local VeryPay company is your data controller — see the country sections for full details.
2. What data we collect
Only what we need: your name, contact details, account credentials, payment history, and technical device data. Biometrics (fingerprint / face ID) are handled by your device — we never see them.
Only what we need: your name, contact details, account credentials, payment history, and technical device data. Biometrics (fingerprint / face ID) are handled by your device — we never see them.
3. Why we use it
To provide the service, keep it secure, meet our legal duties, and (with your consent) send you relevant updates or marketing.
To provide the service, keep it secure, meet our legal duties, and (with your consent) send you relevant updates or marketing.
4. Sharing
With people you pay, our trusted service providers, and authorities when required by law. Never sold. International transfers use contractual safeguards.
With people you pay, our trusted service providers, and authorities when required by law. Never sold. International transfers use contractual safeguards.
5. How long we keep it
Account data: while active + a short period after. Transactions: up to 10 years, or longer when required by country-specific rules below. Log data: up to 12 months.
Account data: while active + a short period after. Transactions: up to 10 years, or longer when required by country-specific rules below. Log data: up to 12 months.
6. Your rights
Access, correct, delete, restrict, port, object and complain. Use the Account details page in the app or email privacy@verysellgroup.com.
Access, correct, delete, restrict, port, object and complain. Use the Account details page in the app or email privacy@verysellgroup.com.
1 — Who we are
Your local VeryPay company is responsible for your data
VeryPay is a suite of app-based payment solutions for e-wallets — enabling customers and merchants to manage electronic payments securely and economically.
Depending on where you use our services, a different VeryPay entity is your data controller:
🇸🇳 Senegal
VeryPay Senegal SUARL
VeryPay Senegal SUARL
🇺🇬 Uganda
VerySell Technologies (Uganda) Ltd
VerySell Technologies (Uganda) Ltd
🇿🇲 Zambia
VeryPay Zambia Limited
VeryPay Zambia Limited
Where your data is stored:
🇺🇬 Uganda users
Stored in Uganda + Switzerland
Stored in Uganda + Switzerland
🇸🇳 Senegal users
Stored in Switzerland (currently) subject to transfer conditions
Stored in Switzerland (currently) subject to transfer conditions
🇿🇲 Zambia users
Stored in Switzerland (currently) subject to transfer conditions
Stored in Switzerland (currently) subject to transfer conditions
2 — Data we collect
Only what we need to provide and improve the service
| Type of data | What this includes |
|---|---|
| Basic details | Name, email address, phone number, company name, language preference |
| Account & security | Username, password, app ID, device identifiers, IP address, operating system, app version |
| Payments & activity | Transaction history, merchants, amounts, currency, dates and times |
| Optional | Profile photo or avatar. Biometric login (fingerprint / face ID) is processed entirely on your device — we only receive a pass/fail signal and never store your biometric data. |
| VERA chatbot | Messages you send and responses generated. VERA is powered by OpenAI (our data processor). Please don’t include sensitive data — health info, card numbers — in chat messages. |
| Linked wallets | If you connect a third-party e-wallet: wallet ID, balances, purchase history, geolocation (where enabled). Review that provider’s privacy policy too. |
| Data about others | If you add friends or family, you confirm you have the right to share their details with us and will inform them about this policy. Some countries require their consent first. |
ℹ️ We also automatically collect technical data (device model, OS version, approximate location from IP address) when you use the app — this helps us keep the service secure and running properly.
3 — Why we use your data
Clear purposes, recognised legal bases
Every time we use your personal data, we need a recognised legal reason. Here’s exactly what we do and why:
| What we do with your data | Legal basis |
|---|---|
| Create and manage your account; process transactions and show your balances | Contract performance |
| Verify your identity; prevent fraud, identity theft and misuse | Legitimate interests + Legal obligation |
| Improve, secure and personalise the app; troubleshooting and analytics | Legitimate interests |
| Connect you with contacts and linked e-wallets | Legitimate interests |
| Send updates, security alerts, support messages and new feature announcements | Contract performance + Legitimate interests |
| Handle complaints and disputes; provide customer support | Contract performance + Legitimate interests |
| Meet legal and regulatory duties; respond to lawful authority requests | Legal obligation |
| Protect user safety, VeryPay’s rights and the rights of others | Legitimate interests |
| Marketing and optional features (with your agreement) | Consent |
ℹ️ Where we rely on your consent, you can withdraw it at any time in app settings or by emailing us — without affecting anything that’s already happened.
4 — Sharing & international transfers
We never sell your personal data
✓ We do not sell your personal data to anyone, ever.
We may share your data with:
- ✓ People you choose to pay or interact with through the app
- ✓ VeryPay group companies to operate and support the service
- ✓ Trusted service providers (hosting, payments, analytics, support, security) — contractually bound to protect your data and act only on our instructions
- ✓ Participating merchants — only to complete a transaction you initiate
- ✓ Authorities, courts and regulators — only when required by law, to prevent fraud or harm, or to protect our rights
- ✓ Potential buyers or partners in a business transaction (merger / acquisition) — subject to appropriate safeguards
International transfers
Your data may be processed in Switzerland and in other countries where our group companies or service providers operate. When we send data across borders we protect it using:
- Contractual safeguards — such as standard contractual clauses approved by the relevant data protection authority
- Technical security — encryption, access controls and logging
- Organisational safeguards — policies, staff training and regular audits
→ Country-specific transfer rules are explained in the country sections at the end of this policy.
5 — How long we keep your data
Only as long as we need it
Sometimes local rules require us to keep certain data for longer. If a country section below says we must keep data for longer, that longer period applies to the relevant data, Services and users.
| Data type | How long we keep it |
|---|---|
| Account & profile data | Kept while your account is active. After you close your account, we retain it for a limited further period to handle complaints, enforce agreements or meet legal requirements. In some countries, we may need to keep this data for longer. |
| Transaction & financial records | Up to 10 years (required by financial, anti-money-laundering, tax and accounting laws in each country). In some countries, we may need to keep this data for longer. |
| Technical & log data | Up to 6 months by default. Up to 12 months for security monitoring, fraud prevention or incident investigation. Longer only if required by law or for active legal proceedings. |
| Consent-based processing | Until you withdraw consent — then deleted or anonymised, unless we have another lawful reason to retain it. |
6 — Your privacy rights
You are in control of your personal data
Depending on where you live, you have some or all of these rights:
Access
Get a copy of the personal data we hold about you, and an explanation of how we use it.
Get a copy of the personal data we hold about you, and an explanation of how we use it.
Correct
Ask us to fix inaccurate or incomplete data.
Ask us to fix inaccurate or incomplete data.
Delete
Ask us to erase your data in certain situations (e.g. no longer needed, or processed unlawfully).
Ask us to erase your data in certain situations (e.g. no longer needed, or processed unlawfully).
Object
Object to certain uses of your data, especially direct marketing and legitimate-interests processing.
Object to certain uses of your data, especially direct marketing and legitimate-interests processing.
Restrict
Ask us to pause or limit processing in certain circumstances.
Ask us to pause or limit processing in certain circumstances.
Data portability
Receive your data in a structured, machine-readable format and ask us to transfer it to another provider.
Receive your data in a structured, machine-readable format and ask us to transfer it to another provider.
Withdraw consent
Change your mind at any time where we rely on consent — without affecting past processing.
Change your mind at any time where we rely on consent — without affecting past processing.
Complain
Lodge a complaint with your local data protection authority at any time.
Lodge a complaint with your local data protection authority at any time.
ℹ️ Use the Account details page in the app to exercise many of these rights directly. Or email us at privacy@verysellgroup.com — we may ask you to verify your identity first.
Direct marketing
You can object to direct marketing at any time — use the unsubscribe link in any email, update your preferences in the app, or contact us. We will stop marketing to you immediately. For new visitors, we only send marketing communications where you have given explicit consent.
7 — How we keep your data safe
Technical and organisational protections
In transit
✓ HTTPS / TLS encryption for all connections
✓ Secure key-based authentication
✓ HTTPS / TLS encryption for all connections
✓ Secure key-based authentication
At rest
✓ Encrypted storage of sensitive data
✓ Strict firewall rules and network segmentation
✓ Encrypted storage of sensitive data
✓ Strict firewall rules and network segmentation
Access controls
✓ Only authorised staff can access personal data
✓ Logging and monitoring of key systems
✓ Only authorised staff can access personal data
✓ Logging and monitoring of key systems
People & process
✓ Regular staff privacy training
✓ Internal policies and audit processes
✓ Regular staff privacy training
✓ Internal policies and audit processes
⚠️ No system is 100% secure. Please protect your own password and notify us immediately at privacy@verysellgroup.com if you think your account has been compromised.
8 — Changes to this policy
We’ll let you know about anything important
We may update this policy from time to time. When we make material changes that affect your rights or how we process your data, we will:
- ✓ Update the ‘last updated’ date at the top of this policy
- ✓ Notify you through the app, our website or by email
- ✓ Give you reasonable time to review changes before they take effect
→ Please check this page from time to time to stay informed. If you disagree with changes, you can contact us or close your account.
9 — Country-specific information
Local rules, rights and contacts
This policy applies globally. The sections below give you specific details for your country, including who is responsible for your data, what law applies, and how to raise a concern.
🇸🇳 Senegal
| Data controller | VERYPAY (SENEGAL) SUARL Plateau, 66 Boulevard de La République, Immeuble Seydou Nourou Tall, 1st Floor BP 11417, Dakar, Senegal Registered: SN.DKR.2024.B.50788 |
| Applicable law | Law No. 2008-12 of 25 January 2008 on the Protection of Personal Data; Decree No. 2008-721 of 30 June 2008; Commission de Protection des Données Personnelles (CDP) |
| International transfers | Your data may be transferred to Switzerland. We apply appropriate contractual and technical safeguards. Where required by law, we rely on your consent or another valid legal basis. |
| Data Retention | For Senegal users, we retain the personal data of customers and merchants for as long as necessary to provide the services. We retain this data for at least ten (10) years after the cessation, for any reason, of the relevant services, unless a different retention period is required by applicable law or regulation. |
| Children’s data (group sharing) | If you add a child to a group sharing function, you confirm you are their parent or guardian. We collect limited data (name, school, wallet ID, PIN, payment token, guardian info and balance) only to enable authorised transactions. This data is not used for marketing or profiling. |
| How to complain | Commission de Protection des Données Personnelles (CDP) 34 Sicap Mermoz VDN Lot B, 25528 Dakar, Fann, Senegal Or contact VeryPay: privacy@verysellgroup.com |
🇺🇬 Uganda
| Data controller | VERYSELL TECHNOLOGIES (UGANDA) LIMITED Zebra Plaza, Plot 23, Kampala Road P.O. Box 21975, Kampala, Uganda |
| Applicable law | Data Protection and Privacy Act 2019 and the Data Protection and Privacy Regulations 2021 |
| International transfers | Your data may be processed in Uganda, Switzerland, and other countries where our group operates. In accordance with Article 19 of the Data Protection and Privacy Act 2019, we only transfer or store your data outside Uganda (i) where you have consented, or (ii) where the destination country ensures a level of protection at least equivalent to that provided under Ugandan law. By using the service, you consent to the transfer and storage of your data in Switzerland and the other countries mentioned above, subject to appropriate safeguards. VerySell Technologies (Uganda) Ltd is registered with the Personal Data Protection Office (PDPO) and has appointed a Data Protection Officer. |
| Your key rights | Access, correction, objection and deletion — subject to legal limits. Use the app’s Account details page or email us. |
| Data storage | Your data is stored on servers in both Uganda and Switzerland. |
| How to complain | Personal Data Protection Office (PDPO) Or contact VeryPay: privacy@verysellgroup.com |
🇿🇲 Zambia
| Data controller | VERYPAY ZAMBIA LIMITED 12 Chilekwa Mwamba Road, Longacres, Lusaka, Zambia |
| Applicable law | Data Protection Act 2021 and related rules from the Data Protection Commissioner |
| International transfers | Your data may be transferred to Switzerland. We comply with any Zambian data localisation requirements and apply appropriate contractual safeguards for international transfers. |
| Your key rights | Access, rectification, erasure and objection. We will ask for your consent where required by Zambian law and make it easy to withdraw. |
| How to complain | Data Protection Commissioner (Data Protection Act 2021) Or contact VeryPay: privacy@verysellgroup.com or our Data Protection Officer, Mr. Melron Mwaba melron@verypay.africa |
🇨🇭 Switzerland
| Data controller | VeryPay (Switzerland) SA Details available in your agreement or on the relevant app or website. |
| Applicable law | Revised Federal Act on Data Protection (FADP) — aligned with European data protection standards |
| International transfers | Switzerland is our core infrastructure location. Where we transfer data to countries without adequate protection, we use standard contractual clauses alongside technical and organisational measures. |
| Your key rights | Access, rectification, deletion, portability, objection and restriction. Data breaches are reported to the FDPIC and (where required) to you. |
| How to complain | Swiss Federal Data Protection and Information Commissioner (FDPIC) Or contact VeryPay: privacy@verysellgroup.com |
Get in touch
Questions about your data? Want to exercise a right? Not happy with our response?
We aim to respond within 30 days. If you’re not satisfied, contact your local data protection authority — details in the country sections above.
