TolloCredit Privacy Agreement
Thank you for choosing to use TolloCredit (the “Platform”). We recognize the importance of data security and privacy protection, and have always placed the rights of our users at the core of our business operations. To ensure that you have a clear understanding of how we handle your personal information, we have created this Privacy Policy (“Policy”). This Policy describes in detail how we collect, use, store and protect your personal information during your use of our services.
We recommend that you read this Policy in its entirety before using the Platform so that you fully understand your rights and our management measures. By continuing to use the Platform, you acknowledge that you have read, understood and agreed to this Policy in its entirety.
1. Description of the scope and purpose of the information collection
In order to provide you with a better and safer service experience, when you use TolloCredit (hereinafter referred to as the “Platform”), we may collect the following types of information according to the needs of business functions. All information is collected in strict compliance with relevant laws and regulations and in accordance with the principle of minimum necessity:
1.1 Rough Location Permission
Purpose: Obtain your rough geographic location data in order to push localized services (e.g., offers from nearby merchants, regional activities, etc.) for you.
User control: You can turn off this permission at any time through the device settings, which only affects the related functions and does not affect the use of core services.
1.2 Camera Permission
Description of Purpose: Used to support photo shooting, QR code scanning, ID uploading and other functions (e.g. real-name authentication and other scenarios).
Permission management: Apply for permission only when you trigger the relevant function on your own initiative, and will not call or store unauthorized image data in the background.
We value your privacy and strive to protect your personal information from unauthorized access, use or disclosure by taking appropriate technical and administrative measures. If you have any questions or require further information, please feel free to contact us.
2. Statement of purpose and scope of use of information
In order to guarantee the transparency of its services and fully respect the rights and interests of its users, TolloCredit (hereinafter referred to as "the Platform") strictly limits the scope of use of the information it collects. The following is a description of the specific uses of the information collected, and all processing is done in accordance with the principles of "lawfulness, legitimacy, and necessity":
2.1 Loan Application Processing and Credit Evaluation
Core Uses: Efficiently completing the loan approval process through identity verification (e.g., document information comparison), credit rating (e.g., repayment ability analysis), and anti-fraud detection.
User Value: Shorten the review cycle to [within 2 hours] and provide differentiated interest rate plans based on the assessment results to accurately match your financial needs.
2.2 Service Optimization and Technical Support
Functionality Iteration: Analyze application crash logs, operation paths, and other data to repair loopholes and add new practical functions (such as the "one-click repayment" shortcut portal).
Experience enhancement: Optimize response speed through device performance data (e.g., memory occupancy) to ensure second loading on [95%] of devices.
2.3 User Communication and Reaching Your Rights and Interests
Service Notification: Send necessary information such as changes in loan status (e.g. successful loan disbursement) and repayment reminder (pushed 3 days in advance) through encrypted channels.
Value-added services: according to the characteristics of your borrowing cycle, directional push low-interest loan renewal offers or financial solutions (can be unsubscribed at any time).
2.4 Business Analysis and Product Development
Demand Insight: Identify high-frequency usage scenarios through desensitized user behavioral data (e.g., length of stay on the page), and prioritize the development of functions with the highest demand, such as [bill installment].
Market Adaptation: Adjust the product strategy with regional economic data (e.g., increase the product line of small and flexible loans in second- and third-tier cities).
2.5 Legal Compliance and Risk Control Management
Regulatory Requirements: Report lending contract filing information to financial institutions in accordance with the law, and cooperate with identity verification in anti-money laundering (AML) investigations.
Security Audit: Retain operation logs for more than 6 months to meet the data retention obligations under the Cybersecurity Law.
Through the above measures, we hope to provide you with more efficient and convenient financial services and continuously improve our service quality to meet your expectations and needs.
3. Data-sharing and third-party disclosure policies
TolloCredit is committed to the fact that we will never sell your personal information in any form. Your privacy and security are the cornerstone of our business operations, and all data sharing is done on a “minimum necessary” basis and only in the following specific circumstances:
3.1 Necessary Sharing with Authorized Partners
Sharing Objects: Certified financial institutions, licensed credit assessment agencies, payment gateway service providers and other core business partners.
Scope of Sharing: Provide only the information necessary to complete the service (e.g. sharing ID card information to banks for loan verification).
Compliance control: All partners are required to sign a Data Protection Agreement and undergo annual security audits to ensure that their processing standards are not lower than the requirements of this policy.
3.2 Disclosure Based on Legal Obligations
Trigger Condition: In response to a written request issued in accordance with the law by the judiciary, regulatory agencies and other authorized authorities.
Disclosure process: After reviewing the validity of the legal document by the legal team, only specific data explicitly required by the instruction (such as transaction records when fraud is suspected) will be provided.
User notification: Within the scope permitted by laws and regulations, we will disclose relevant law enforcement requests to you in a timely manner (except for cases involving confidentiality).
3.3 Business Merger, Acquisition or Reorganization Scenarios
Data Processing: In the event of a merger, acquisition or asset transfer, your information will be transferred as part of the business assets.
Successor obligations: The transferee must commit in writing to continue to fulfill the terms of this policy, otherwise we will protect your rights and interests through data desensitization or deletion.
3.4 Legitimate Rights and Interests Protection Measures
Application Scenarios: Used for identification and prevention of fraudulent behavior (e.g., multiple lending detection), system security defense (e.g., DDoS attack traceability), and so on.
Risk Control Mechanism: All access behaviors are subject to three levels of internal approval, and complete access logs are kept for inspection.
Through the above measures, we aim to handle your personal information in a responsible manner and ensure that your privacy is always respected and protected while sharing. We will continue to build a relationship of trust and provide you with a safe and reliable service experience.
4. Protection of information
We place a high priority on the security of your personal information and have implemented a comprehensive set of security measures to protect your personal information from unauthorized access, use or disclosure. Our information protection measures include, but are not limited to, the following:
End-to-End Encryption Protection
4.1 Transmission encryption: TLS 1.3 protocol is mandatorily enabled for all data interactions, which is transmitted through 256-bit SSL encrypted channels to effectively resist man-in-the-middle attacks (MITM) and ensure that information is not intercepted during critical operations such as logging in and transactions.
4.2 Storage encryption: AES-256 algorithm is used to encrypt and store sensitive information (e.g. ID card number, bank account number) in the database, so that the data remains unreadable even if a physical device leak occurs.
4.3 Access Control: To ensure that only authorized personnel can access your personal information, we have established a strict access control mechanism. This mechanism restricts access to sensitive data and ensures that only authenticated employees can view or process the information. We also conduct regular reviews of access privileges to ensure the reasonableness and necessity of the privilege settings, thus further reducing the risk of data leakage.
4.4 Security Audits: We conduct regular systematic security audits to assess and improve our information security management system. These audits not only include the evaluation of security policies and measures, but also cover the identification and assessment of potential security risks. Through regular security audits, we are able to identify and fix possible vulnerabilities and risks in a timely manner to ensure that information protection measures are always effective.
4.5 Security Training: In addition to technical means, we also provide regular information security training to our employees to keep them up-to-date with the latest security threats and countermeasures. By raising the security awareness of our employees, we are better able to prevent possible internal security risks and ensure that every team member can play an active role in information protection.
4.6 Emergency Response Mechanism: We have established a comprehensive emergency response mechanism to deal with possible security incidents. In the event of an information security incident, we will quickly activate the plan and conduct a comprehensive investigation and treatment in order to minimize the impact of the incident. At the same time, we will also review the incident after handling to summarize the lessons learned and further improve our security strategy.
4.7 Continuous Improvement: We always pay attention to emerging technologies and best practices in the field of information security and are committed to continuously improving our security technologies and management measures. We regularly evaluate our existing security measures and make adjustments and optimizations in accordance with industry standards and legal and regulatory requirements to ensure that we can provide users with a safer and more reliable operating environment.
Through the above measures, we hope to protect the security of your personal information without worry, so that you can feel trust and peace of mind when using our services. If you have any questions or suggestions about our information protection measures, please feel free to contact us.
5. Your rights
You have the following rights to ensure control and information about your personal information:
- To enquire and obtain access to the personal information we hold about you. You have the right to request from us, at any time, specific information about the content and source of the personal information we have collected.
- Request that we correct errors in your information. If you discover that personal information we hold about you is inaccurate or incomplete, you have the right to ask us to correct it.
- Request the deletion of unnecessary or unlawful information. You have the right to ask us to delete personal information that is no longer necessary or has been processed in an unlawful manner, thereby protecting your privacy.
- Withdraw consent to our processing of your personal information. If at any time you decide that you no longer want us to process your personal information, you may withdraw your previously given consent at any time.
To exercise these rights, please contact us using the contact details provided in section 7 of this policy and we will respond to your request promptly and within a reasonable time and ensure that your rights are fully respected and protected.
6. Protection of Children
The Application is not directed to children under the age of 18 and we expressly state that we do not knowingly collect any personal information from children.
7. Contact information
If you have any questions, suggestions or concerns about this Privacy Policy, please contact us at
e-mail: [email protected] to answer your questions as soon as possible.
Tel: +251979173681
TolloCredit is committed to continuously improving its privacy protection system. In order to adapt to business development and changes in laws and regulations, we may make necessary revisions to this privacy policy, and the update mechanism is clarified below:
8.Agreement Changes
8.1 Reminder
Prominent reminder: Major changes will be specifically notified through in-app pop-ups (manual confirmation is required), on-site letters or SMS messages
Version labeling: The policy header will clearly indicate the [last update date] and [historical version comparison] portal
Advance notice: Substantial modifications (such as the addition of new types of data collection) will be notified at least 30 days in advance
8.2 Protection of users' rights
Re-authorization: Changes that involve expanding the scope of use of personal information will be separately and expressly agreed to. Changes involving the expansion of the scope of use of personal information will obtain your express consent separately
Objection channel: If you do not agree with the modification, you can withdraw from the service within 7 days without penalty by contacting the customer service
8.3 Retroactivity rules
The policy change only applies to data collected after the effective date
Historical data will still be handled in accordance with the period and manner promised in the original policy