TENGAPO
Create Wallet

Privacy Policy

Your data belongs to you. Here is exactly what we collect and why.

Last updated: 1 April 2026

Tengapo is committed to protecting your privacy. This policy explains what personal data we collect, how we use it, how we protect it, and your rights regarding it.

1. Data we collect

When you create a wallet, we collect:

  • Full name and email address (for identity and communication)
  • Username (your public @handle)
  • Country code (determined via geo-detection)
  • Phone number (optional — for account recovery only)
  • Password (stored as a one-way hash — never readable)
  • IP address at registration (for geo-verification)
  • Transaction records (amounts, timestamps, parties involved)

2. Data from senders

When someone sends money to a Tengapo wallet without an account, we collect their name, email address, and payment details (processed by Flutterwave). We do not store card numbers — these are handled entirely by Flutterwave's PCI-compliant infrastructure.

3. How we use your data

  • To create and manage your wallet and account
  • To process and record transactions
  • To verify your geographic location at registration
  • To send transactional emails (payment confirmations, security alerts)
  • To comply with legal and regulatory obligations
  • To detect and prevent fraud and abuse

4. Data sharing

We do not sell your personal data. We share data only with:

  • Flutterwave (payment processing) — as required for transactions
  • Supabase (database infrastructure) — our secure data host
  • Law enforcement — when legally required by valid court order
  • Our team — on a need-to-know basis for support and operations

5. Data retention

We retain your account data for as long as your account is active. Transaction records are retained for 7 years to comply with financial record-keeping requirements. On account deletion, personal data is anonymised within 30 days, except where retention is required by law.

6. Your rights

  • Right to access — request a copy of all data we hold about you
  • Right to correction — update inaccurate information via Settings
  • Right to deletion — request account deletion (subject to legal retention obligations)
  • Right to portability — receive your data in a machine-readable format
  • Right to object — object to processing for marketing purposes

To exercise any of these rights, email privacy@tengapo.com.

7. Security

All data is encrypted in transit using TLS. Passwords are hashed with bcrypt. We conduct regular security reviews and access is restricted to authorised personnel only.

8. Cookies

We use essential session cookies only. See our Cookie Policy for details.

9. Changes

If we make material changes to this policy, we will notify you by email at least 30 days before the changes take effect.

10. Contact

Privacy questions: privacy@tengapo.com