Last Updated: 2025.08.22
Effective Date: 2025.08.22
This Privacy Policy describes how Phoenix Finance (“we,” “our,” or “us”) collects, uses, stores, and protects your personal information when you use our microfinance mobile application (the “App”). This policy applies to all users including field agents, loan officers, center managers, and administrators.
By using our App, you agree to the collection and use of information in accordance with this Privacy Policy.
User Account Information:
Full name, username, and password (encrypted)
Employee ID and role designation
Contact information (phone number, email address)
Company affiliation and branch details
Customer Information (Personally Identifiable Information):
Full name, age, and date of birth
Contact details (phone number, address)
Educational background and civil status
Loan history and payment records
Attendance records
Profile photographs (if provided)
Government identification numbers (where applicable)
Financial Data:
Payment transaction records
Loan amounts and repayment schedules
Collection targets and achievements
Account balances and payment history
Location Data:
GPS coordinates during field operations
Customer addresses and geographical information
Center and group locations
Route tracking for field visits
Device Information:
Device type, model, and operating system
App version and configuration settings
Device unique identifiers for security purposes
Network information and connection status
Local Storage (SQLite Database):
All personal and financial data is stored locally on your device using encrypted SQLite databases. This includes customer profiles, payment records, center information, and user authentication data.
Remote Server Transmission:
The following data is transmitted to our secure servers:
Customer registration information
Payment transaction records
User authentication credentials (encrypted)
Synchronization data for backup purposes
Performance analytics and usage statistics
Loan Management: Process loan applications, manage repayment schedules, and track payment history
Customer Service: Provide support for microfinance operations and resolve customer inquiries
Field Operations: Enable mobile collection activities and center management
Performance Tracking: Monitor collection targets, achievements, and operational efficiency
Compliance: Maintain records required for regulatory and audit purposes
Authentication and user account management
Synchronization between local device and remote servers
Generation of reports and analytics
SMS notifications for payment reminders (when enabled)
GPS tracking for field operation optimization
Data backup and disaster recovery
We do not sell, trade, or rent your personal information to third parties. We may share information only in the following circumstances:
Within Your Organization: Data is shared among authorized users within your microfinance company
Legal Requirements: When required by law, court order, or government regulations
Security Purposes: To investigate fraud, security breaches, or policy violations
Service Providers: With trusted third-party vendors who assist in app functionality (under strict confidentiality agreements)
INTERNET & NETWORK ACCESS:
Why: Required for data synchronization with servers and API communication
Usage: Uploading payment records, downloading customer data, authentication
ACCESS_FINE_LOCATION & ACCESS_COARSE_LOCATION:
Why: Essential for field operations and customer location tracking
Usage: GPS tracking during collections, mapping centers and customers, route optimization
READ_EXTERNAL_STORAGE & WRITE_EXTERNAL_STORAGE:
Why: Required for data backup, report generation, and document storage
Usage: Saving payment receipts, exporting reports, backup operations
CAMERA:
Why: Capture customer photographs and document images
Usage: Customer profile photos, payment receipt documentation
SEND_SMS (Optional):
Why: Send payment reminders and notifications to customers
Usage: Automated payment alerts (only when explicitly enabled by user)
ACCESS_NETWORK_STATE:
Why: Check internet connectivity for data synchronization
Usage: Determine when to sync data and manage offline operations
All permissions are used exclusively for legitimate business purposes related to microfinance operations. Location data is only collected during active field operations and is not used for marketing or advertising purposes.
Encryption: All sensitive data is encrypted both in transit and at rest
Authentication: Multi-factor authentication for user access
Access Controls: Role-based permissions limiting data access
Regular Updates: Security patches and updates are regularly deployed
Audit Trails: Comprehensive logging of all data access and modifications
Active Data: Retained while you remain an active user of the service
Payment Records: Maintained for 7 years for compliance purposes
Customer Data: Retained as long as the customer relationship exists
Log Data: System logs are retained for 2 years for security purposes
You have the right to:
Access your personal information stored in our systems
Request a copy of your data in a portable format
Update or correct inaccurate information
Review data sharing and processing activities
You may request deletion of:
Your user account and associated personal data
Specific customer records (subject to legal retention requirements)
Payment transaction data (after mandatory retention periods)
Location tracking data
Important Notes:
Some data may be retained for legal compliance purposes
Financial transaction records may have mandatory retention periods
Deletion requests are processed within 30 business days
Some data deletion may affect app functionality
To request data deletion, access, or correction, please contact us using the information provided in Section 10.
The App automatically synchronizes data with our servers to:
Backup critical information
Enable multi-device access
Maintain data consistency across your organization
Provide real-time updates
The App stores essential data locally to function without internet connectivity. This cached data is synchronized when connectivity is restored.
We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify users of significant changes through:
In-app notifications
Email communications
Updated version in the app store
Continued use of the App after policy updates constitutes acceptance of the revised terms.
For questions about this Privacy Policy, data deletion requests, or security concerns, please contact us:
Email: gdcreationslabs@gmail.com
Phone: +94761850940
Mailing Address:
GDCreations
No: 74, Dawson Street, Colombo 02, Sri Lanka.
If you discover a security vulnerability, please report it immediately to:
Security Email: gdcreationslabs@gmail.com
Subject Line: “SECURITY VULNERABILITY - Phoenix Finance”
We take security seriously and will respond to verified reports within 48 hours.
If applicable, you may contact our Data Protection Officer at:
11. Compliance and Legal Framework
This Privacy Policy is designed to comply with applicable data protection laws including:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
Local data protection and financial services regulations
Industry-specific microfinance compliance requirements
Our App is designed for business use and is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors.
This Privacy Policy is effective as of 2025.08.22 and governs the use of Phoenix Finance.
By using Phoenix Finance, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.