Privacy Policy

Korafy — Operated by Infomyne Technologies Limited Liability Company
Last Updated: March 19, 2026

1. Introduction

Korafy ("we," "us," or "our") is a mobile application operated by Infomyne Technologies Limited Liability Company that provides community savings circle (rosca/susu/ajo) management and stablecoin-powered funding services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information.

By using Korafy, you consent to the practices described in this policy.

2. Information We Collect

2.1 Account Information

Email address — used for login and account identification
Full name — used for profile display and financial compliance
Date of birth — used for age verification and regulatory compliance
Phone number (optional) — used for account recovery and notifications

2.2 Financial Information

Bank account details — collected via Plaid (our banking integration partner) when you link a bank account for funding or withdrawals. We do not store your bank login credentials.
Transaction history — records of deposits, withdrawals, and savings circle contributions processed through our platform
Wallet balances — your USDC stablecoin balance held in custody through our financial services partner

2.3 Device and Usage Information

Device identifiers — device type, operating system, and app version
Usage data — app interactions, feature usage patterns, and error logs
IP address — collected for security and fraud prevention

2.4 Savings Circle Data

Circle membership — which savings circles you belong to or manage
Contribution records — payment schedules, amounts, and payout history
Invitation data — email addresses of people you invite to join circles

3. How We Use Your Information

We use your information to:

Provide core services — manage your account, process transactions, operate savings circles, and facilitate payouts
Process financial transactions — execute deposits, withdrawals, and stablecoin conversions through our banking and blockchain partners
Communicate with you — send transaction confirmations, circle updates, and service notifications
Ensure security — detect fraud, prevent unauthorized access, and protect your account
Comply with legal obligations — meet regulatory requirements for financial services, including anti-money laundering (AML) and know-your-customer (KYC) obligations
Improve our services — analyze usage patterns to enhance app functionality and user experience

4. How We Share Your Information

We share your information only in the following circumstances:

4.1 Service Providers

Plaid, Inc. — processes bank account linking and verification. See: plaid.com/legal
Brale, Inc. — provides stablecoin custody, USDC minting/redemption, and virtual bank account services
Privy, Inc. — provides authentication and identity verification services
Supabase, Inc. — provides cloud database hosting and serverless infrastructure

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

We do not sell your personal information to third parties.

5. Data Security

We implement industry-standard security measures to protect your information:

Encryption — all data is transmitted via TLS/SSL encryption
Authentication — JWT-based token authentication with secure session management
Access controls — row-level security (RLS) policies ensure users can only access their own data
Secure storage — sensitive data stored using encrypted storage on your device (SecureStore)
Third-party auditing — our financial service providers maintain SOC 2 Type II and PCI DSS compliance

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide services. Financial transaction records are retained as required by applicable law (typically 5-7 years). You may request deletion of your account and associated data at any time (see Section 8).

7. Children's Privacy

Korafy is not intended for users under 18 years of age. We do not knowingly collect personal information from minors. If we learn that we have collected information from a child under 18, we will promptly delete it.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access — request a copy of the personal data we hold about you
Correction — request correction of inaccurate or incomplete data
Deletion — request deletion of your personal data
Portability — request your data in a structured, machine-readable format
Opt-out — opt out of non-essential communications

To exercise any of these rights, contact us at privacy@korafy.io.

California Residents (CCPA)

California residents have the right to know what personal information is collected, request its deletion, and opt out of its sale. We do not sell personal information.

9. Third-Party Links

Korafy may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing your information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy in the app and updating the "Last Updated" date. Your continued use of Korafy after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at:

Infomyne Technologies Limited Liability Company
Email: privacy@korafy.io
Website: https://korafy.io