Axe Microenterprise
Menu

Legal

Privacy Policy

We are committed to protecting your personal data and being transparent about how we collect, use, and safeguard it. Please read this Policy carefully.

Effective: 26 March 2026Last Updated: 26 March 2026

Jump to Section

  1. 1. About This Policy
  2. 2. Information We Collect
  3. 3. How We Use Your Information
  4. 4. Legal Basis for Processing
  5. 5. How We Share Your Information
  6. 6. Data Retention
  7. 7. Your Rights
  8. 8. Keeping Your Data Secure
  9. 9. Cookies and Tracking
  10. 10. Third-Party Links
  11. 11. Children's Privacy
  12. 12. Changes to This Policy
  13. 13. Contact Us and Complaints

1. About This Policy

Axe Micro-Enterprise Ltd. (“Axe”, “we”, “us”, or “our”) is a microfinance company incorporated in Kenya, committed to protecting the privacy of our customers, website visitors, and anyone who interacts with our services.

This Privacy Policy explains how we collect, use, share, and protect your personal data when you apply for a loan, use our digital platform, visit our website, or otherwise engage with us. It also explains your rights under the Kenya Data Protection Act, 2019 (“DPA 2019”) and how to exercise them.

By using our services, you acknowledge that you have read and understood this Policy. If you do not agree with our practices, please do not use our services. This Policy applies to all personal data processed by Axe Micro-Enterprise Ltd., with principal offices in Nairobi, Kenya.

2. Information We Collect

2.1 Information You Provide Directly

  • Full legal name, national ID or passport number, date of birth, and photograph
  • Contact details: mobile phone number, email address, and physical address
  • Business information: business name, nature of business, registration documents, and trading history
  • Financial information: bank account details, M-Pesa number, income, monthly expenses, and existing debt obligations
  • Next of kin or guarantor details where required by the loan product
  • Documents uploaded during the application process, including bank statements and business records

2.2 Information We Generate or Derive

  • Credit assessments and scoring outputs based on your application data
  • Loan history and repayment performance records
  • Internal risk ratings and classifications
  • Transaction and account activity data throughout the loan lifecycle

2.3 Information from Third Parties

  • Credit reference bureau (CRB) data from Metropol Corporation, TransUnion Kenya, and Creditinfo Kenya
  • Identity and KYC verification data from licensed verification providers
  • Bank statement data shared by you or obtained through open banking integrations with your consent
  • Business registry data from the Business Registration Service of Kenya

2.4 Technical and Usage Data

  • Device type, operating system, and browser information
  • IP address and approximate geographic location
  • Pages visited, time on site, links clicked, and navigation paths
  • Session identifiers and cookie data (see Section 9)

3. How We Use Your Information

3.1 Loan Assessment and Decisioning

To evaluate your creditworthiness, determine loan eligibility, set appropriate loan limits, and make lending decisions. This process may include automated credit scoring and risk modelling.

3.2 Loan Servicing and Account Management

To disburse funds, process repayments, generate statements, manage your account, and communicate with you about your loan status and obligations.

3.3 Identity Verification and Fraud Prevention

To verify your identity in compliance with Know Your Customer (KYC) requirements under the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA), and to detect, investigate, and prevent fraudulent or unlawful activity.

3.4 Legal and Regulatory Compliance

To meet our obligations under the Microfinance Act, Central Bank of Kenya (CBK) regulations, Kenya Revenue Authority requirements, and all other applicable laws.

3.5 Customer Communications and Support

To send important account notices, respond to your enquiries, handle complaints, and provide customer support across all our channels.

3.6 Service Improvement and Analytics

To understand how our services are used, identify opportunities for improvement, develop new products, and conduct internal analysis and reporting.

3.7 Marketing (with your consent or legitimate interest)

To inform you about new loan products, promotions, and financial tips relevant to your business, where you have given us consent or where we have a legitimate interest. You may opt out of marketing communications at any time by contacting us or using the unsubscribe link in any marketing email.

5. How We Share Your Information

We do not sell your personal data. We may share it only in the following circumstances:

5.1 Credit Reference Bureaus

As required by CBK/RG/02, we submit positive and negative credit information — including loan applications, approvals, disbursements, repayment records, and defaults — to licensed CRBs. This data is made available to other lenders in the Kenyan credit market to support responsible lending across the industry.

5.2 Regulators and Law Enforcement

We share data with the Central Bank of Kenya, the Financial Reporting Centre, Kenya Revenue Authority, and law enforcement agencies when required to do so by law, regulation, or a valid court order.

5.3 Service Providers and Technology Partners

We engage third-party vendors for payment processing, cloud hosting, identity verification, SMS and email delivery, and data analytics. These providers process data strictly on our behalf under written data processing agreements and are prohibited from using your data for their own purposes.

5.4 Business Transfers

In the event of a merger, acquisition, financing, or sale of all or part of our business, your data may be transferred to the relevant counterparty, subject to equivalent privacy protections and notification to you where required by law.

5.5 With Your Consent

We may share your data with other parties where you have given us explicit, informed consent to do so. You may withdraw this consent at any time.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, and in any case for no shorter than the minimum periods required by law:

Data CategoryRetention Period
Loan and financial records7 years after account closure (Banking Act / CBK requirement)
Identity documents (KYC)5 years after end of customer relationship (POCAMLA requirement)
Credit assessment records5 years after the assessment decision
Marketing data and preferences3 years, or until consent is withdrawn
Technical logs and usage dataUp to 12 months
Complaint and dispute records5 years after resolution

When data is no longer required, we securely destroy or irreversibly anonymize it in accordance with our data disposal procedures.

7. Your Rights

Under the DPA 2019, you have the following rights in relation to your personal data held by Axe:

Right of Access

Request a copy of the personal data we hold about you and information about how we use it.

Right to Rectification

Request correction of any personal data that is inaccurate, incomplete, or out of date.

Right to Erasure

Request deletion of your data where we no longer have a lawful reason to hold it. Note that certain data must be retained for legal and regulatory compliance.

Right to Restriction

Request that we temporarily limit our use of your data while a dispute is being resolved.

Right to Data Portability

Receive the personal data you have provided to us in a structured, commonly used, machine-readable format.

Right to Object

Object to processing based on our legitimate interests, including direct marketing, at any time.

Right to Withdraw Consent

Where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing.

Right Regarding Automated Decisions

Request human review of any significant decision made solely by automated processing, including credit scoring.

To exercise any of these rights, contact our Data Protection Officer at privacy@axemicroenterprise.co.ke. We will acknowledge your request within 5 business days and respond fully within 21 days. If you are dissatisfied with our response, you may lodge a complaint with the Office of the Data Protection Commissioner (ODPC) at www.odpc.go.ke.

8. Keeping Your Data Secure

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or alteration. Our measures include:

  • Transport Layer Security (TLS) encryption for all data transmitted between your device and our systems
  • Encryption at rest for sensitive personal and financial records stored on our servers
  • Role-based access controls that limit staff access to personal data on a strict need-to-know basis
  • Regular security assessments, vulnerability testing, and staff training on data protection obligations
  • Incident response procedures aligned with the DPA 2019 breach notification requirements to the ODPC

Despite these measures, no method of transmission over the internet is completely secure. If you suspect your account has been compromised, please contact us immediately at info@axemicroenterprise.co.ke.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. The types of cookies we use are:

Essential Cookies

Always Active

Required for the site to function correctly — for example, maintaining your session and enabling secure login. These cannot be disabled.

Functional Cookies

Remember your preferences and settings to improve your experience across sessions.

Analytics Cookies

Help us understand how visitors use our website so we can improve it. We use Google Analytics for this purpose. You may opt out via your browser settings or Google's opt-out tools.

Preference Cookies

Allow us to remember choices you have made and to tailor content to your interests. These require your consent.

You can control non-essential cookies through your browser settings or our cookie consent banner. Declining these cookies will not affect your ability to apply for or manage your loan.

11. Children's Privacy

Our services are designed for individuals aged 18 and above. We do not knowingly collect or solicit personal data from anyone under the age of 18. If we become aware that we have inadvertently collected personal data from a minor, we will take prompt steps to delete that information. If you believe we may have collected data from a child, please contact us at privacy@axemicroenterprise.co.ke.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable technology, regulatory requirements, or business operations. We will post the updated Policy on this page with a revised “Last Updated” date. For material changes that significantly affect how we use your data, we will notify you directly via your registered email address or mobile number. Your continued use of our services after such notification constitutes your acceptance of the revised Policy.

13. Contact Us and Complaints

If you have any questions about this Policy, wish to exercise your data rights, or want to raise a privacy concern, please contact our Data Protection Officer:

Data Protection Officer

Axe Micro-Enterprise Ltd.

Nairobi, Kenya

Privacy enquiries: privacy@axemicroenterprise.co.ke

General enquiries: info@axemicroenterprise.co.ke

Phone: +254 707 632 578

If you are not satisfied with our response, you have the right to escalate your complaint to the Office of the Data Protection Commissioner (ODPC). The ODPC is Kenya's independent regulatory authority responsible for overseeing the DPA 2019. You can reach them at www.odpc.go.ke.

Related Legal Documents

Your use of our services is also governed by our Terms of Service.

Terms of ServiceContact Us