Loading...
Loading...
Legal
Last updated: April 12, 2026
Compliant with Rwanda Law N° 058/2021 on the Protection of Personal Data and Privacy
Umwuga Ltd ("we", "us") is a company registered in Rwanda. This Privacy Policy explains how we collect, use, store, and protect your personal data in compliance with Law N° 058/2021 of 13/10/2021 relating to the protection of personal data and privacy in Rwanda, and its implementing regulations. By using our platform, you consent to the practices described in this policy. The National Cyber Security Authority (NCSA) is the supervisory authority for data protection matters in Rwanda.
Umwuga Ltd acts as the data controller for personal data processed through this platform. For any inquiries regarding your personal data, contact our Data Protection Officer at privacy@umwuga.com or write to: Umwuga Ltd, KG 7 Ave, Kigali, Rwanda.
We collect the following categories of personal data: (a) Identity data — full name, national ID number or passport number, date of birth, and photograph for provider verification; (b) Contact data — email address, phone number (including MTN/Airtel Mobile Money-linked numbers), and physical address; (c) Professional data — qualifications, certifications, work history, and portfolio items (providers only); (d) Financial data — Mobile Money transaction references, bank account details for provider payouts, and payment history; (e) Location data — GPS coordinates when actively using the service, and saved addresses; (f) Device and usage data — IP address, browser type, device identifiers, and platform interaction logs.
Under Article 7 of Law N° 058/2021, we process your data on the following lawful bases: (a) Contract performance — to match clients with providers, facilitate bookings, process payments via Mobile Money or bank transfer, and deliver the services you request; (b) Legal obligation — to comply with tax reporting requirements (RRA), anti-money laundering regulations, and provider background verification; (c) Legitimate interest — to improve our platform, prevent fraud, ensure safety, and send service-related communications; (d) Consent — for marketing communications and non-essential cookies, which you may withdraw at any time.
We share limited personal data with: (a) Service providers/clients — your name, profile photo, phone number, and location are shared with the other party when a booking is confirmed; (b) Payment processors — MTN MoMo, Airtel Money, and banking partners to process transactions; (c) Background verification services — for provider identity and criminal record checks; (d) Government authorities — when required by Rwandan law, including the Rwanda Investigation Bureau (RIB) and Rwanda Revenue Authority (RRA). We do not sell your personal data. Any cross-border data transfer complies with Article 48 of Law N° 058/2021 and requires adequate safeguards.
We retain your personal data for as long as your account is active and for a minimum period required by law: (a) Transaction records — 5 years (per RRA tax requirements); (b) Provider verification documents — duration of account plus 2 years; (c) Communication logs — 1 year after last interaction; (d) Account data — deleted within 30 days of account closure request, except where retention is required by law. You may request earlier deletion subject to our legal obligations.
You have the following rights: (a) Right of access — request a copy of all personal data we hold about you (Article 36); (b) Right to rectification — correct inaccurate or incomplete data (Article 37); (c) Right to erasure — request deletion of your data where there is no legal basis for continued processing (Article 38); (d) Right to restrict processing — limit how we use your data in certain circumstances; (e) Right to data portability — receive your data in a structured, machine-readable format; (f) Right to object — object to processing based on legitimate interest or for direct marketing. To exercise these rights, email privacy@umwuga.com. We will respond within 30 days.
We implement appropriate technical and organisational measures to protect your personal data, including: TLS encryption for all data in transit, AES-256 encryption for sensitive data at rest, role-based access controls, regular security audits, and secure hosting within the region. In the event of a data breach that poses a risk to your rights, we will notify the NCSA and affected individuals without undue delay, as required by Article 40 of Law N° 058/2021.
We use: (a) Strictly necessary cookies — for authentication, language preference (NEXT_LOCALE), and security; (b) Analytics cookies — to understand usage patterns and improve the platform (only with your consent); (c) We do not use third-party advertising trackers. You can manage cookie preferences through your browser settings. The NEXT_LOCALE cookie stores your language preference (English, Kinyarwanda, or French) and expires after one year.
Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, please contact us immediately at privacy@umwuga.com.
We may update this policy to reflect changes in our practices or applicable law. We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. The "Last updated" date at the top of this page indicates the most recent revision.
If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at privacy@umwuga.com. If you are not satisfied with our response, you have the right to lodge a complaint with the National Cyber Security Authority (NCSA) at info@ncsa.gov.rw.