Your data is safe with us. Here is exactly how.
You are trusting us with real information about your institution and your people. We take that seriously. This page explains, in plain language, how we keep that data protected, so you never have to wonder.
No jargon, no fine print. Just what we actually do, and what we are careful not to over-promise.
Nine ways your data stays protected
Walled off from every other customer
Every customer's data sits behind a lock built into the database itself. Even if a piece of our software ever forgot to filter a request, the database still refuses to hand your data to anyone else. Your information is yours alone.
Sensitive details are scrambled before they are stored
Your connection is encrypted, and your data is encrypted while it is stored. The most sensitive fields, like ID numbers and credentials, are individually scrambled with their own key before they ever reach the database, so a stolen record is useless on its own.
Personal details are masked before any AI sees them
Before anything you type is sent to an AI model, we automatically strip out national IDs, phone numbers, emails, and card numbers. The AI helps you without ever needing your personal identifiers.
The assistant only ever reads your own record
When Mr. Mwikila remembers your role and past cases to help you better, it only reads and writes your own record, tied to your verified login. Managers and administrators see only summaries with names stripped out.
Only the right people see the right things
Everyone sees and does only what their role allows. An automated test blocks any new screen that forgets to check, and requests forged by a malicious website are rejected before they reach your account.
The AI cannot be steered into our systems
When Mr. Mwikila fetches live research from the web, it is fenced off from our internal servers and cloud secrets, closing one of the most common ways attackers try to reach behind a service.
Every important action leaves a trace that cannot be quietly edited
Security-relevant actions are written to a chained log where any later tampering is mathematically detectable. The logs themselves avoid storing personal identifiers.
It never touches real money
This is a training and advisory tool by design. The system is built so it physically cannot move money or commit a real lending decision. Mr. Mwikila advises, teaches, and explains, and the real call always stays with your people.
We are honest about who processes data
We publish an always-current, machine-checkable list of every outside service that ever touches data, where it runs, and what it can see. The disclosure can never quietly drift from the truth.
You are always in control of your data
Under Tanzania's Personal Data Protection Act, you have real rights over your data, and we have working tools that honour them. You do not have to email anyone or wait for a favour.
- See everything we hold about you
- Take a copy with you in a machine-readable file
- Correct anything that is wrong
- Ask us to delete it, keeping only what the law requires us to retain, with your identity unlinked
Straight talk: what we do not claim
We would rather be honest than oversell. Trust is built on the things a company is careful not to say. Here is where we draw the line.
- We do not claim certifications we have not earned. Our controls are designed around recognised security principles, and we will tell you plainly when a formal certification is in progress rather than complete.
- We do not say 'unbreakable'. No honest company can promise that. What we can do is protect your data in layers and show you exactly what each layer does, which is what this page is.
- Your conversations are encrypted on the way to us and while they are stored, but they are not end-to-end encrypted: we process them on our servers to do the work, after masking your personal details. We say 'encrypted', never 'end-to-end', because the difference matters.
- Some AI processing happens outside East Africa. We do not pretend all your data stays in one country. Every place data is processed is disclosed on our data-transfers page, under legal safeguards.
Built for Tanzania's data-protection law, and beyond
We are built around Tanzania's Personal Data Protection Act and the Bank of Tanzania's expectations as our worked example, and we design to extend the same standard across East Africa as we grow. The detail lives in these documents, all written to be read, not hidden.
Questions about your data? Our Data Protection Officer is at dpo@litfin.io