Policies

ISSA operates under a comprehensive framework of policies designed to protect our users, comply with regulations, and maintain the integrity of our platform. This page outlines our key operational policies.

Cookie Policy

Our website uses cookies to provide and improve our services. Cookies are small text files stored on your device that help us recognize you and remember your preferences.

Types of Cookies We Use

• Essential Cookies: Required for basic functionality like authentication and security. These cannot be disabled.
• Functional Cookies: Remember your preferences and settings for a better experience.
• Analytics Cookies: Help us understand how visitors use our site so we can improve it. These collect anonymous data.

Managing Cookies

You can control cookies through your browser settings. Blocking essential cookies may prevent you from using certain features of our platform. For more information about cookies and how to manage them, visit aboutcookies.org.

Data Retention Policy

We retain your personal information only as long as necessary to provide our services and comply with legal obligations:

• Account Information: Retained while your account is active; deleted 7 years after closure (per financial regulations)
• Transaction Records: Retained for 7 years to comply with anti-money laundering laws
• Communication Records: Retained for 3 years for quality assurance and dispute resolution
• Log Data: Retained for 1 year for security monitoring
• Marketing Preferences: Retained until you opt out

Upon account closure, we anonymize or delete personal data where legally permissible. Some data may be retained in aggregated, non-identifiable form for analytical purposes.

Know Your Customer (KYC) Policy

ISSA is required by law to verify the identity of our users. Our KYC process helps prevent fraud, money laundering, and terrorist financing.

Verification Requirements

• Basic Tier: Phone number verification via OTP for transfers up to daily limits
• Standard Tier: Government ID upload and selfie verification for higher limits
• Enhanced Tier: Proof of address and additional documentation for business accounts

Document Acceptance

We accept the following identification documents from our supported countries:

• Kenya: National ID, Passport, Driving License
• Uganda: National ID, Passport, Driving Permit
• Tanzania: National ID (NIDA), Passport, Driving License

Documents must be valid, clearly visible, and match the name on your account. We typically complete verification within 24 hours.

Anti-Money Laundering (AML) Policy

ISSA maintains a robust AML program in compliance with the laws of Kenya, Uganda, and Tanzania. Our program includes:

• Customer due diligence and ongoing monitoring
• Transaction screening against sanctions lists
• Suspicious activity reporting to Financial Intelligence Units
• Regular staff training on AML procedures
• Record keeping for regulatory examinations

We reserve the right to delay or reject transactions that trigger our AML alerts and to report suspicious activities to the appropriate authorities.

Information Security Policy

Protecting your data is our priority. Our security framework includes:

• Encryption: All data in transit uses TLS 1.3; sensitive data at rest is AES-256 encrypted
• Access Control: Role-based access with principle of least privilege
• Monitoring: 24/7 security operations center monitoring for threats
• Incident Response: Documented procedures for security incident handling
• Penetration Testing: Annual third-party security assessments
• Business Continuity: Disaster recovery plans with regular testing

In the event of a security breach affecting your data, we will notify you within 72 hours as required by applicable data protection laws.

Third-Party Disclosure Policy

We work with carefully selected partners to deliver our services:

• Payment Processors: Secure handling of payment information
• Cloud Providers: AWS and Google Cloud for infrastructure hosting
• Analytics: Google Analytics for website improvement (anonymized data only)
• Communication: Email and SMS delivery services
• Fraud Prevention: Third-party risk scoring providers

All third parties are contractually obligated to protect your data and use it only for the specific purposes we authorize. We do not sell your personal information.

Acceptable Use Policy

To ensure ISSA remains safe and reliable for everyone, users must not:

• Attempt to access accounts or data that do not belong to you
• Use automated tools or scripts to interact with our platform
• Interfere with or disrupt our services
• Impersonate others or provide false information
• Upload malware, viruses, or harmful content
• Scrape or collect data from our platform without authorization
• Use our services for any illegal purpose

Violations may result in immediate account suspension and reporting to law enforcement.