Privacy.

Effective 2026-05-01.

1. Scope

This Privacy Policy explains how Vantage (the operator of the Vantage platform) collects, uses, stores, shares, and protects personal data. It applies to data we process on behalf of partners (banks, MFIs, co-ops, government programmes) and to data we collect directly from farmers, dealers, and partner staff who use the platform.

2. Data we collect

From partners: organisation name, contact details, configuration choices, billing information. From partner staff: name, email, role, hashed password, activity logs. From farmers: name, ID number, date of birth, contact details, KYC documentation, geolocation of farm fields, polygon boundaries, satellite-derived indices for those fields, loan and card activity. From dealers: business name, address, registered product list, redemption activity. From the platform itself: server logs, request metadata, error traces, audit log entries.

3. How we use data

We process personal data to (a) operate the platform, (b) provide the contracted service to the relevant partner, (c) perform farm scoring, credit decisioning, card issuance and settlement on partner instruction, (d) comply with applicable KYC and AML obligations, (e) detect fraud and abuse, (f) improve the platform’s underlying models and features in aggregate, non-identifying form.

4. Roles and responsibilities

For most farmer and dealer data, the partner is the data controller and Vantage is the data processor. For platform-staff and partner-staff data we collect ourselves, Vantage is the controller. Our processor obligations are defined in the partner’s subscription agreement and any applicable DPA.

5. Sharing

We do not sell personal data. We share farmer data only with the partner that owns the relationship, with sub-processors strictly necessary to run the platform (hosting, monitoring, transactional email), and with regulators or law enforcement where compelled by valid legal process. Sub-processors are listed and notified of changes in advance for Enterprise customers.

6. Retention

Personal data is retained for the duration of the partner contract plus the period required by applicable financial regulations (typically 5–7 years for ledger, KYC, and transaction records). On contract termination, partners may export all data within 30 days; after that, we hard-delete operational copies and keep only the regulator-required minimum.

7. Security

We apply the controls described on the Security page — bcrypt password and PIN hashing, TLS in flight, encrypted storage at rest, RBAC, tenant isolation, rate limiting, monitoring, daily backups, and audit logging on every sensitive action.

8. Your rights

Subject to local law, you may request access, correction, deletion, restriction, or portability of your personal data. Farmers should contact their partner first; partners and platform-staff users may contact us directly at privacy@vantage.co.zw. We respond within 30 days.

9. Cross-border transfers

Vantage’s default infrastructure may host data outside the country of collection. Where required by local law, Enterprise customers can request in-region data residency. Cross-border transfers are governed by the relevant statutory mechanisms (standard contractual clauses or equivalent).

10. Changes

We update this policy as the platform evolves. Material changes are communicated to partners by email at least 30 days before they take effect. The effective date of this policy is shown at the bottom of the page.

Questions on this policy? Email privacy@vantage.co.zw.