PRIVACY POLICY

Last Updated: November 1, 2025

1. Introduction

This Privacy Policy explains how Call Africa Ltd collects, uses, stores, protects, and shares personal data in accordance with Rwanda’s Data Protection and Privacy Law (Law N°058/2021). By using our services, you consent to the processing of your personal data as described in this Policy.

2. Personal Data We Collect

Call Africa collects personal data necessary to deliver its services. This includes identification details such as names, emails, phone numbers, and business information. We also collect platform usage data, including device information, IP addresses, and system logs. Messaging-related data such as SMS content, sender IDs, and delivery results are processed as part of our messaging and USSD services. Financial data such as payment records, mobile money transactions, and wallet activity may be collected where relevant. We also process technical information from hardware products during installation or maintenance.

3. How We Use Personal Data

We use personal data to operate and improve our services, deliver SMS and USSD communications, process payments, verify identities where required, provide customer support, and protect our systems from fraud or misuse. We may also process data to comply with legal obligations imposed by regulators including RURA and BNR.

4. Legal Basis for Processing

Call Africa processes personal data based on legitimate legal grounds, including your consent, the need to fulfill service agreements, compliance with legal or regulatory requirements, and the pursuit of our legitimate business interests such as fraud prevention and service improvement.

5. Data Sharing

We may share your data with mobile network operators, payment processors, financial institutions, technology partners, regulatory authorities, and service providers who support our operations. All third parties are required to handle data securely and in compliance with applicable laws. Call Africa does not sell personal data to any organization.

6. International Data Transfers

Should personal data be transferred outside Rwanda, Call Africa will ensure that adequate protections are in place, including data processing agreements and compliance with the standards required by Rwandan data protection law.

7. Data Retention

Personal data is stored only for as long as necessary to fulfill the purposes described in this Policy. SMS logs and system activity may be stored for several months depending on regulatory requirements, while financial records may be retained for up to ten years in accordance with BNR regulations. Account data is stored until an account is closed or no longer required.

8. Your Rights

Under Rwandan law, you have the right to access, correct, delete, or restrict the processing of your personal data. You may also withdraw consent or request a copy of your data in a portable format. All privacy-related requests can be made through our official support channels.

9. Security Measures

Call Africa uses strong security measures to safeguard personal data, including encryption, access restrictions, secure servers, network monitoring, and physical protections for hardware. While we take every reasonable step to ensure security, no system can be guaranteed fully secure.