Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal data.

Last updated: January 2026

1. Introduction

MOMO LENS ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile application and web services (collectively, the "Service").

This policy complies with data protection laws in all jurisdictions where we operate, including:

  • The General Data Protection Regulation (GDPR) (EU/UK)
  • The Data Protection Act No. 3 of 2021 (Zambia)
  • The Nigeria Data Protection Regulation 2019 (Nigeria)
  • The Data Protection Act, 2019 (Kenya)
  • The Personal Data Protection Act (Tanzania)
  • The Protection of Personal Information Act (POPIA) (South Africa)
  • The Data Protection Act, 2012 (Ghana)
  • The Data Protection and Privacy Act, 2019 (Uganda)
  • The Personal Data Protection Act (Thailand)
  • Other applicable data protection laws in your jurisdiction

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

Data Controller

MOMO LENS LTD
United Kingdom
Email: privacy@momolens.com
Support: support@momolens.com

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Email address - Required for account creation and communication
  • Phone number - Required for account verification and service delivery
  • Name - First name and last name for account identification
  • Password - Encrypted and stored securely (we cannot see your password)
  • Country code - Auto-detected from phone number or manually provided

2.2 Business Information

To provide our business management services, we collect:

  • Business name - Your registered or trading business name
  • Owner name - Name of the business owner or authorized representative
  • Business address - Street address, city, province, postal code
  • Tax identification number - Optional, for tax reporting purposes
  • Business type - Category of your business (e.g., retail, restaurant, pharmacy)
  • Currency preference - Your preferred currency for transactions
  • Timezone - For accurate time-stamping of transactions

2.3 Your Business Data

When you use our Service to manage your business, you create and store your own business data in your account. This data belongs to you and includes:

  • Sales records - Sales you record through our POS system
  • Customer information - Customer details you choose to enter (name, phone number)
  • Payment confirmations - Mobile money payment confirmations you record
  • Expense records - Business expenses you track
  • Invoices - Invoices you create for your customers
  • Inventory data - Products, stock levels, and suppliers you manage

Important: This is your business data that you create and control. We store it securely on your behalf to provide the Service. We do not access, use, or share your business data except as necessary to provide the Service (e.g., to display it to you, sync it across your devices, or generate reports you request). We never sell your business data or use it for marketing purposes.

2.4 Technical Information

To provide and improve our Service, we automatically collect limited technical information:

  • Device information - Device type, operating system, app version (to ensure compatibility)
  • Usage data - Which features you use (aggregated and anonymized for service improvement)
  • Network information - IP address, connection type (for security and performance optimization)
  • Error logs - Technical errors and system events (to fix bugs and improve reliability)

This technical data is used only for service operation and improvement. We do not use it to track your business activities or personal behavior.

2.6 Analytics Data

We use Google Analytics (GA4) to improve our Service across both our mobile app and website. With your consent, we collect:

  • Page views - Which pages you visit on our website (to understand content engagement)
  • Screen views - Which screens you visit in our mobile app (to understand feature usage)
  • User interactions - Button clicks, form submissions, downloads (aggregated and anonymized)
  • Feature usage - Which features you use (aggregated and anonymized)
  • Error events - Technical errors to help us fix bugs
  • Device information - Device type, OS version, browser type (for compatibility)

Important: All analytics data is anonymized. We never share your personal information, business data, or financial transactions with Google Analytics. You can consent to or decline analytics tracking when you first visit our website or use the app, and you can change your preference anytime.

We use Google's Consent Mode v2 to ensure compliance with GDPR and other data protection regulations. When you decline analytics, we still collect minimal technical data necessary for website/app functionality, but we do not track your usage patterns.

2.5 Payment Information

For subscription payments, we use Stripe as our payment processor. We do not store your full payment card details. Stripe handles:

  • Payment card information (processed securely by Stripe)
  • Billing address
  • Payment history and subscription status

3. How We Use Your Information

We use your personal data for the following purposes:

Service Delivery

To store and process your business data so you can access it through our platform. Your business data is stored securely and only accessible to you (and team members you authorize).

Account Management

To create and manage your account, authenticate users, process subscriptions, and provide customer support.

Communication

To send service-related notifications, updates, security alerts, and respond to your inquiries. We may send marketing communications only with your consent.

Legal Compliance

To comply with legal obligations, including tax reporting, financial record-keeping requirements, and data protection laws.

Security & Fraud Prevention

To detect, prevent, and address security threats, fraud, unauthorized access, and other illegal activities.

Service Improvement

To improve our Service, we analyze aggregated, anonymized usage patterns (e.g., which features are most used). We never analyze your individual business data or transactions for this purpose.

3.1 Legal Basis for Processing

Under GDPR and applicable data protection laws, we process your personal data based on:

  • Contractual necessity - To fulfill our service agreement with you
  • Legal obligation - To comply with tax, financial, and data protection laws
  • Legitimate interests - For security, fraud prevention, and service improvement
  • Consent - For marketing communications (you can withdraw consent at any time)

4. Data Sharing and Third Parties

We do not sell your personal data. We may share your information only in the following circumstances:

4.1 Service Providers

We use trusted third-party service providers who help us operate our Service:

  • Stripe - Payment processing for subscriptions. Stripe's privacy policy: stripe.com/privacy
  • AWS (Amazon Web Services) - Cloud hosting and data storage. AWS's privacy policy: aws.amazon.com/privacy
  • Google - OAuth authentication (optional). Google's privacy policy: policies.google.com/privacy
  • Google Analytics (Firebase Analytics) - Analytics and service improvement. We use Google Analytics to understand how users interact with our app, which helps us improve features and fix bugs. We only collect anonymized usage data (screen views, feature usage, error logs). Your personal information and business data are never shared with Google Analytics. Google's privacy policy: policies.google.com/privacy

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

4.3 International Data Transfers

Your data may be processed and stored outside your country of residence, including in the United Kingdom and the United States (for AWS and Stripe services). We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) for EU/UK data transfers
  • Service providers certified under appropriate data protection frameworks
  • Encryption in transit and at rest
  • Regular security audits and compliance reviews

5. Data Security

We implement industry-standard security measures to protect your personal data:

  • Encryption - AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Access Controls - Role-based access control, multi-factor authentication for staff
  • Secure Authentication - JWT tokens, password hashing (bcrypt), secure session management
  • Network Security - Firewalls, intrusion detection, regular security audits
  • Data Isolation - Strict multi-tenant data isolation to prevent unauthorized access
  • Audit Logging - Comprehensive audit trails for all data access and modifications
  • Regular Backups - Encrypted backups stored securely with disaster recovery procedures
  • Incident Response - Security incident response plan and breach notification procedures

While we implement strong security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data - Retained while your account is active and for 7 years after account closure (for legal and tax compliance)
  • Transaction Records - Retained for 7 years (required by financial regulations)
  • Financial Data - Retained for 7 years (tax and audit requirements)
  • System Logs - Retained for 2 years (security and troubleshooting)
  • Marketing Data - Retained until you withdraw consent or unsubscribe

After the retention period, we securely delete or anonymize your data in accordance with our data deletion procedures.

7. Your Data Protection Rights

Under GDPR, the Zambia Data Protection Act 2021, Nigeria Data Protection Regulation, Kenya Data Protection Act, Tanzania Personal Data Protection Act, South Africa POPIA, Ghana Data Protection Act, Uganda Data Protection and Privacy Act, Thailand Personal Data Protection Act, and other applicable data protection laws in your jurisdiction, you have the following rights:

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your data, subject to legal retention requirements.

Right to Restrict Processing

You can request that we limit how we use your data in certain circumstances.

Right to Data Portability

You can request a machine-readable copy of your data to transfer to another service.

Right to Object

You can object to processing based on legitimate interests or for marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

Right to Lodge a Complaint

You can file a complaint with your local data protection authority or the Zambia Data Protection Commissioner.

To exercise any of these rights, please contact us at privacy@momolens.com. We will respond within 30 days.

8. Cookies and Tracking Technologies

Our web platform may use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences and settings
  • Analyze website usage and performance (using anonymized data)
  • Improve security and prevent fraud

Our mobile app does not use cookies but may use local storage (SQLite) to store your data offline. You can manage cookie preferences through your browser settings.

9. Children's Privacy

Our Service is intended for business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at privacy@momolens.com.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last updated" date
  • Sending an email notification to your registered email address
  • Displaying a notice in our mobile app

Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or wish to exercise your data protection rights, please contact us:

Email: privacy@momolens.com

Support: support@momolens.com

Address: MOMO LENS LTD, United Kingdom

For complaints, you may contact your local data protection authority:

  • Zambia: Data Protection Commissioner
  • Nigeria: Nigeria Data Protection Commission
  • Kenya: Office of the Data Protection Commissioner
  • Tanzania: Personal Data Protection Authority
  • South Africa: Information Regulator
  • Ghana: Data Protection Commission
  • Uganda: Personal Data Protection Office
  • Thailand: Personal Data Protection Committee
Terms of ServiceContact UsHome