Napier Platform
Privacy Policy

Last updated: June 4, 2026

Your privacy matters to us. This Privacy Policy explains what information Napier collects, how we use it, how group access works, and the choices you have when using Napier as a private group management and record-keeping platform.

Who we are Information we collect How we use data How data is shared Security Retention Your rights Contact
Plain-language summary: Napier stores and processes information so private groups can manage members, roles, contributions, lending pool records, governance, meetings, campaigns, projects, sponsor programmes, unit or slot records, reports, billing, audit logs, and related private group workflows. We do not sell personal data.

1. Who We Are

Napier is a private group management and record-keeping platform. We help family groups, community groups, chama-style groups, investment circles, sponsor programmes, diaspora networks, alumni groups, and other invited or member-led private groups organize their records and workflows.

Napier provides software tools. Napier does not hold client funds, take deposits, issue loans, operate as a public crowdfunding platform, public exchange, broker, investment adviser, or custodian of client funds.

2. Information We Collect

We collect different types of information depending on how you use the platform.

2.1 Information You Provide Directly

  • Account details, such as name, email address, phone number, password credentials, profile information, and login details.
  • Group details, such as group name, type, location, description, registration information, rules, package, and settings.
  • Member details, such as names, contact details, membership status, roles, sponsorship details, next-of-kin or beneficiary records where configured, and access permissions.
  • Governance records, such as committees, meetings, attendance, resolutions, votes, veto records, approvals, and role assignments.
  • Financial record information entered by users, such as contributions, security fund records, loan records, repayment records, disbursement records, pool income records, billing records, and reconciliation notes.
  • Campaign, project, sponsor, and impact records, such as project proposals, campaign participation, sponsor credits, sponsor usage, reports, documents, and impact updates.
  • Advanced group records, where enabled, such as membership slots, unit records, unit holdings, transfers, collateral records, private listings, trade records, and related documentation.
  • Scoring and engagement information, such as member activity, behavior logs, badges, tiers, credit scoring inputs, Ubuntu Index records, and participation signals.
  • Support information you send to us, including messages, attachments, screenshots, feedback, and requests.

2.2 Technical Information

  • IP address, device information, browser type, operating system, approximate location from technical data, and login timestamps.
  • Session information, cookies, authentication tokens, CSRF protection records, and security logs.
  • Usage logs, audit logs, page actions, approvals, changes, system errors, notifications, and administrative activity.

2.3 Verification and Security Information

  • Email verification status, temporary OTPs, password reset activity, and account recovery records.
  • Documentation or additional verification information where required for group approval, sponsor programmes, billing, or sensitive workflows.
  • Records used to investigate suspicious activity, unauthorized access, abuse, fraud, or security incidents.

3. How We Use Your Information

We use your information to:

  • Create, verify, and manage user accounts and private group workspaces.
  • Support member registration, group roles, permissions, governance workflows, and approval flows.
  • Record and display group activity such as contributions, lending pool records, disbursements, repayments, projects, campaigns, meetings, votes, and reports.
  • Support sponsor programmes, sponsor dashboards, credit batches, usage records, and impact reporting where enabled.
  • Support advanced private group records such as units, slots, collateral records, private listings, trade history, and related documentation where enabled.
  • Generate dashboards, summaries, notifications, audit logs, billing records, invoices, statements, reports, scores, badges, and member activity records.
  • Improve platform usability, reliability, performance, security, and troubleshooting.
  • Send important service messages such as verification emails, security alerts, approvals, billing updates, notifications, and support responses.
  • Comply with legal obligations, enforce our Terms, prevent abuse, protect users, and maintain platform integrity.

4. Legal Basis, Consent & Group Authorization

We process information where it is needed to provide the Napier service, manage your account, support your group workflows, comply with legal obligations, protect legitimate interests, or where consent or authorization has been provided.

When you submit or upload information about another person, you confirm that:

  • You have a lawful basis, authority, or consent to provide that information where required.
  • The information is accurate, relevant, and not misleading.
  • You will not upload unnecessary sensitive information.
  • You will respect group privacy, confidentiality, and applicable data protection obligations.

5. How Information Is Shared

We do not sell personal data. Information may be shared only in limited ways:

  • With authorized members, admins, treasurers, trustees, committees, custodians, sponsors, or other permitted group users based on roles and permissions.
  • With service providers that help us host, secure, support, email, analyze, or operate the platform, subject to confidentiality and appropriate safeguards.
  • With third-party payment, identity, communication, storage, analytics, or financial service providers where a group or user chooses or needs to use those services.
  • With regulators, courts, law enforcement, or other authorities where required by law or necessary to protect rights, safety, security, or platform integrity.
  • In aggregated, anonymized, or de-identified form for platform statistics, product improvement, reporting, or learning, where individuals are not reasonably identifiable.

6. Private Group Access

Napier is designed around role-based private group spaces. Your group information may be visible to authorized users inside your group depending on the roles, permissions, package, and workflows configured. Group admins are responsible for assigning roles carefully and reviewing access regularly.

7. Funds and Financial Records

Napier may store records related to contributions, loans, repayments, disbursements, security funds, sponsor credits, billing, projects, campaigns, units, slots, collateral, or private records. These are records entered or managed by users and groups.

Napier does not hold, pool, receive, custody, or disburse client funds on behalf of groups unless expressly stated in a separate written agreement involving an appropriately regulated third-party provider. Groups remain responsible for verifying, reconciling, approving, and correcting their own financial records.

8. Data Security

We take reasonable technical and organizational steps to protect data from loss, misuse, unauthorized access, alteration, or disclosure. These steps may include:

  • Role-based access controls and admin permissions.
  • Session management, authentication controls, and CSRF protection.
  • Audit logs for sensitive actions and administrative changes.
  • Security reviews, error logs, backups, and monitoring.
  • Limited access for staff or service providers who need information to operate or support the platform.

No system is 100% secure. You should use strong passwords, keep credentials private, review admin access, and report suspicious activity immediately.

9. Data Retention

We keep data for as long as needed to operate the platform, maintain group records, provide services, support billing and reporting, resolve disputes, enforce our Terms, maintain audit trails, and comply with legal, accounting, tax, regulatory, or security obligations.

If a group is closed or a deletion request is made, some records may need to be retained for legitimate purposes such as audit history, dispute resolution, compliance, fraud prevention, backups, or legal obligations. Where appropriate, data may be anonymized, aggregated, archived, or deleted.

10. Your Rights & Choices

Depending on your role, location, and applicable law, you may be able to:

  • Request access to personal information held about you.
  • Ask for inaccurate or outdated information to be corrected.
  • Request deletion, restriction, or objection to certain processing where applicable.
  • Withdraw consent where processing depends on consent.
  • Ask your group admin or Napier support to review role-based access or visibility concerns.
  • Raise a concern about how your data is being used within a group.

Some requests may be limited by group record-keeping needs, legal obligations, security needs, audit requirements, dispute resolution, or the rights of other members.

11. Cookies & Session Tracking

Napier may use cookies, session IDs, and similar technologies to:

  • Keep you logged in securely.
  • Remember your active group or basic preferences.
  • Protect against cross-site request forgery and similar attacks.
  • Support flash messages, forms, security checks, and platform functionality.
  • Understand performance and improve reliability where analytics are used.

Most cookies used by Napier are functional or security-related. If optional analytics or marketing cookies are introduced, additional controls or notices may be provided where required.

12. Third-Party Services

Napier may use or integrate with third-party services such as cloud hosting, email providers, payment providers, identity or verification providers, analytics tools, storage providers, messaging tools, and other operational services.

These providers may process information according to their own terms and privacy policies. We take reasonable steps to select providers that handle data responsibly and securely, but third-party services remain subject to their own controls, obligations, and limitations.

13. Children and Young Users

Napier is intended for group administration and member record-keeping. If a group stores information about minors, beneficiaries, students, dependents, or young sponsored members, the group must ensure it has appropriate authority, parental or guardian consent where required, and lawful reasons for collecting and processing that information.

14. International Users and Diaspora Groups

Napier may support diaspora groups, sponsors, and members in different locations. Information may be processed, stored, or accessed in jurisdictions where Napier, its hosting providers, or service providers operate. We take reasonable steps to protect information according to this Privacy Policy and applicable data protection requirements.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, platform features, security practices, or business operations. When we make changes, we will update the “Last updated” date at the top of this page. Continued use of Napier means you accept the updated policy.

16. Contact Us

If you have questions, concerns, or requests related to your data, please contact:

Email: support@napier.ke
Phone: +254 722 592 153

Back View Terms of Use