At Boreleza, we take your privacy seriously and comply with applicable law. This disclosure explains what device and personal data we may request, why we need it, where data is sent, how we protect it, and how you control the permissions you grant. Unless otherwise stated, data described below is transmitted to and stored at https://fgfcsr.boreleza.com/wsnupovngb/.
Registration / profile setup: information you voluntarily enter (name / phone number / email / PIN) is collected only after you submit it.
Loan application (when you tap “Apply”): with your prior permission and explicit submission, we collect additional sources needed for credit decisioning (e.g., filtered SMS / device environment info / installed-app metadata / selected emergency contacts).
We will always ask for permission before accessing sensitive sources such as SMS, contacts, installed apps, or advertising identifiers.
Purpose: identify SMS messages relevant to financial transactions so we can better assess creditworthiness.
What we collect: only SMS messages that match a predefined set of financial keywords/patterns.
How it works: when you grant SMS permission and explicitly submit a loan application, the app performs local filtering on your device to identify messages. Only filtered messages are uploaded to our server; non-matching messages are not uploaded or stored by Boreleza. If you do not authorize permission, no SMS messages are uploaded.
Data is transmitted securely to https://fgfcsr.boreleza.com/wsnupovngb/ for analysis.
We may send optional push notifications for account updates / repayment reminders / promotional offers. You can opt out in your settings; disabling notifications does not affect the app’s core functionality.
Purpose: identity verification and fraud prevention.
You submit the specific contacts you select (name / phone number) or you enter. We will not upload your Emergency Contacts without your submission.
Purpose: authenticate device, detect fraud, and evaluate environment risk. We collect categorized fields as follows (examples separated by slashes):
Hardware Identifiers: brand / modelNo / board / hardware component / product name / manufacturer
System & Build Info: osVersion / cpuAbi / androidId / fingerprint / isDevelopMode / isSimulator / root status
Memory & Performance: availableMemorySize / totalMemorySize / elapsedRealtime / elapsedRealtimeNotSleep
Display & Locale: brightness / screenWidth / screenHeight / defaultLanguage / timeZone / currentTimestamp
Advertising & Network Quality: gaId (GAID on Android) / wifiRssi
Collection of these telemetry fields occurs only after you grant permission and tap “Apply.” The app will request platform-appropriate permissions and explain their purposes before accessing identifiers.
Purpose: detect fraudulent or malicious environments. Boreleza collects only limited metadata and, where possible, only for finance-related or security-relevant apps — for example: package name / app display name / installation timestamp / version. We do not collect app contents or user data from within other apps.
During the application/KYC flow, we may ask you to provide personal data such as phone number / email / full name / national ID / date of birth / employment / monthly income / address / education / marital status. This information is used for identity verification / fraud prevention / regulatory compliance and credit assessment. External credit-bureau queries are performed only after you explicitly authorize them.
We collect data via: (1) direct submission — information you enter; (2) automated collection — device signals, filtered SMS, logs, and environment metadata.
Primary purposes: identity verification / credit scoring / loan decisioning / payment monitoring & collections / statistical analysis and product improvement.
In transit: protected using industry-standard.
At rest: encrypted with strong algorithms.
Access controls.
Retention & residency: we retain personal data only as long as necessary and in accordance with applicable law; retention periods and data residency details are available upon request.
Boreleza may request data from external sources (credit bureaus / banks / identity providers) to improve credit assessments — only after you explicitly authorize such requests during application or KYC. We will identify the external provider and the exact data requested and will ask for separate consent before any third-party query or data import occurs.
We may work with advertising partners for promotional activities only if you opt in. Promotional use of your personal data (including targeted advertising) requires a separate consent step and can be withdrawn at any time via app settings or support. Access to advertising identifiers (GAID on Android) is subject to platform rules; we will request the necessary permission and explain the purpose.
Boreleza will not share your personal data with third parties except in the following, limited circumstances:
With your explicit consent (e.g., targeted marketing / optional third-party products) /
Service providers who process data on our behalf under contract (e.g., payment processors / identity verification / cloud hosting / analytics vendors) /
Affiliates for product improvement and analytics, under confidentiality agreements /
Legal authorities where required by law or valid legal process (e.g., court orders) — we will notify you where permitted /
Security & risk vendors for fraud detection and incident response.
When sharing is consent-based (for marketing or third-party services), we will ask for a clear opt-in and provide an easy way to withdraw consent.
We may disclose personal data in response to lawful requests by public authorities (court orders / subpoenas) or to establish, exercise, or defend legal claims. Where permitted by law, we will notify you of such requests unless prohibited.
If you choose not to proceed with a loan application, Boreleza will not upload SMS / device telemetry / installed-app metadata to our servers. Data you enter during registration may be stored locally on your device until you explicitly submit it; we will request your permission before transmitting such information.
You can: view / correct / delete certain personal data via app settings or by contacting support / withdraw consent for optional processing (e.g., marketing) at any time. Requests will be handled in accordance with applicable law. For specifics on data retention, data export, or deletion, contact our privacy team via the app or support channels.
If you have questions about this disclosure, wish to exercise your data rights, or want details on data retention or residency, contact Boreleza support through the app (or the support channel provided in the app).
By using Boreleza and granting the requested permissions, you consent to the collection, processing, and transfer of your data as described above, which enables us to deliver timely, secure, and relevant lending services.
In order to protect your privacy,we have implemented the following policies regarding the acquisition and utilization of data.
All capitalized phrases in our Privacy Policy have the same meanings as our language of use,unless otherwise specified(where applicable).
Furthermore,you furnish us with precise personal information.This information may have been acquired from sources other than yourself,such as the provision of personal information during the account establishment process or in other ways,or it may have been explicitly provided by you.It is accessible whenever the software employs it.The Data Protection Act of 2019 does not impose any restrictions;however,it does permit specific information collection methods and purposes.
Name,ID number,date of birth,gender,educational background,religion,photo,physical address,email address,employment details,marital status,emergency contacts,phone number,SIM card details,financial and credit information(including Mobile Money,if applicable),and an Account ID and/or password are among the numerous pieces of personal information that you are required to provide in order to register and establish your account.
In order to effectively operate the electronic money feature of the application,payment-related information,including the type of payment card,mobile wallet account data,issuer name,account bearer name,account number,and payment amount,is necessary.
Instances in which we may collect specific technical information about your activities during your use of the application or visit to our website include your IP address,the websites you have visited in the past or present,the duration of your sessions,your device ID or media access control address,and information about the model,manufacturer,and operating system of your device.
Furthermore,cookies frequently accumulate specific data when you access our website or use the program.Cookies are small files that are stored on your computer or mobile device to monitor user behavior and improve the user interface.The app or website may not function as intended if the settings are altered to reject specific categories of cookies or to remove stored cookies at any time,despite the fact that the majority of devices and browsers accommodate cookies by default.
Despite our rigorous efforts to prevent it,inadvertent geolocation data collection may occur while the program is operating in the background.Nevertheless,it is important to note that temporarily disabling geolocation tracking on your smartphone may disrupt the functionality of certain applications.The application monitors and collects real-time geolocation information when it is used on a mobile device.The performance of your mobile device's program may be improved if GPS is enabled.
Additionally,the User is required to submit an inventory of emergency contacts,phone and text message logs,and digital information,such as photos or videos,in order to interact with the application.The technical details and unique identifiers of the User's mobile device,including the IMEI number,MAC address,and phone number,as well as information regarding the mobile network,operating system,mobile browser type,and preferred time zone,must be provided.
We may be granted access to your personal information by third parties,such as mobile network providers,collecting agencies,agents,suppliers,contractors,and partners,in order to fulfill our service obligations.We exclusively collect this data to ensure compliance with our Privacy Policy and the Data Protection Act of 2019,as well as to fulfill our obligations to these parties.
Nevertheless,it is essential that you obtain their consent.In accordance with the"Acceptance and consent"section below,you are authorized to provide us with Personal Information regarding third parties,including spouses,family members,associates,and emergency contacts..
In addition to any other uses authorized by the Data Protection Act of 2019 and comparable legislation,the personal information we collect may be used for the following purposes:
a.verifying your identity,establishing your account,and administering your credit terms.
b.Verifying the prerequisites prior to creating an account.
c.Overseeing the distribution of loans and the payment of service fees.
d.The evaluation and development of credit models.
e.compliance with legal obligations,including anti-money laundering and know-your-customer regulations.
f.I am contacting you to provide the application with usage instructions.
g.providing you with updates regarding any modifications to the services or application.
h.responding to and addressing inquiries and comments.
i.the development,evaluation,enhancement,and customization of the application.
j.engaging in genuine phone conversations or communicating with you via SMS.
k.the analysis of trends,user behavior,demographic data,and service utilization.
l.engaging in direct communication with consumers regarding promotions,discounts,or offers.
In addition to the uses authorized by the Data Protection Act of 2019 and associated laws,we may disclose your personal information to Affiliates and other organizations for the following reasons:
Responding to regulatory inquiries and conducting investigations are legal obligations.
a.court cases that are relevant to our business or to you.
b.During the negotiation of mergers,asset transactions,and company restructuring.
c.establishing partnerships with external organizations that provide services such as product development,research,and marketing.
d.providing anonymized,aggregated data.
e.In situations where disclosure is necessary to prevent damage,denounce illicit activity,investigate any violations of the terms of use,or comply with relevant laws.
f.We make every effort to ensure that any personal information that is not necessary for your identification is anonymized.
Your personal information may be transmitted,stored,utilized,and processed outside of your current location or country of origin when you use our services.We ensure that these transfers are protected to the same extent as required by the legal system of your country in accordance with our Privacy Policy.
We retain personal data for the duration required to achieve the objectives for which it was collected,or as established by the Data Protection Act of 2019 and other pertinent statutes.We will dispose of your information when it is no longer required to fulfill legal or commercial obligations or for the intended purpose,thereby eliminating any means of personally identifying you.
This is not an exhaustive list.We reserve the right to impose an administrative fee in accordance with the Kenyan Information and Communications Act.You have the option to request that we revise any personal information about you that we have the authority to update by contacting us using the information provided below.Rejection may occur for insignificant reasons or when the law permits it.
Third-party service providers may manage,transmit,or retain the personal data that has been collected if they provide a level of security that is comparable to that of this privacy statement.This may involve the processing or storage of data outside of your nation of origin,under the supervision of our employees or external vendors.
It is essential to protect your personal information.We take the requisite steps to prevent unauthorized access,collection,use,disclosure,and processing,as well as to prevent loss or damage.However,the security of internet communication cannot be guaranteed.It is your responsibility to protect your account and mobile device and to maintain confidentiality.
General notices will be issued by the website or application in the event of any modifications. The enhancements are permissible provided that the website is regularly accessed.This privacy statement may be edited at any time to ensure compliance with evolving legal or regulatory requirements or to reflect changing circumstances.
Any discrepancies between the English and other language variants of this privacy statement will be resolved by the English version.
Please be informed that you have given your consent to the collection,use,disclosure,storage,transmission,and processing of your personal data in accordance with the regulations outlined in this privacy statement.It is your responsibility to obtain consent for the use of third-party personal data in the manners outlined below.
You have the option to revoke your consent by contacting us or utilizing the resources at your disposal.Marketing communications may be disseminated through a variety of platforms.Loan receipts and other documents will be retained.
We are not responsible for the data practices of these websites and have no control over them.It is crucial that you become familiar with their policies regarding the acquisition and utilization of information.Our website and application may contain hyperlinks to external websites.
Furthermore,we are not liable for any indirect,incidental,consequential,extraordinary,exemplary,or punitive damages that may result from the use of the App or communication with third parties.We are not responsible for any delays or failures that are the result of events that are beyond our reasonable control.
Company: Boreas Limited
Address: Mpesi Lane, Westlands, Nairobi County, Kenya
Phone: +2540797162922
