1. Introduction
eChama ("we," "our," or "us") operates a group savings management platform
that digitizes the cooperative savings club experience for communities with
common financial goals. This Privacy Policy explains how we collect, use, share,
and protect information about you when you use our website and services
(collectively, the "Services").
By creating an account or using the Services, you agree to the collection
and use of information as described in this policy. If you do not agree,
please do not use the Services.
Summary: eChama collects personal and financial information
to operate your group savings account, match contributions, and ensure
every member can see an accurate, transparent record of group finances.
We do not sell your data.
3. Banking Integrations (Plaid & Stripe)
eChama uses two third-party financial services — Plaid for bank account
linking and transaction sync, and Stripe for payment processing. Each is
described below.
3.1 Plaid — bank account linking and transaction sync
Plaid disclosure: eChama uses Plaid to connect your
group's bank account, sync transactions, and retrieve balances. By
linking a bank account through Plaid Link, you authorise Plaid to share
the financial data described below with eChama on your behalf. Plaid's
use of your data is governed by the
Plaid Privacy Policy
and the
Plaid End User Privacy Policy.
Through Plaid, eChama accesses the following data from your connected bank account:
- Account identity — institution name, account name, account type (checking/savings), and last 4 digits of the account number; full account numbers are never stored
- Account balance — current and available balance, polled on initial connection and daily thereafter to show group totals
- Transaction history — inbound and outbound transactions including amount, date, bank description, merchant name, and counterparty name where Plaid identifies the other party
- Raw transaction data — the full Plaid transaction payload is stored in our database for audit and reconciliation purposes
Plaid access tokens are encrypted at rest using AES-256-GCM encryption
and are never stored in plaintext. They are deleted immediately when a
group administrator disconnects the linked bank account.
3.2 Stripe — payment processing
Stripe disclosure: eChama uses Stripe to process member
contribution payments (card payments and ACH) and to support Stripe
Financial Connections for bank verification. Stripe handles payment
authorisation, payment confirmation, and webhook notifications. Stripe's
use of your data is governed by the
Stripe Privacy Policy
and the
Stripe Consumer Terms.
3.3 Why we access this financial data
We use financial integration data exclusively to:
- Match incoming bank transactions to eChama member contributions automatically or manually
- Display real-time group account balance and transaction history to group administrators
- Generate contribution and payment reports for group members
- Process contribution payments made by members via card or ACH
- Reconcile payment payouts against synced bank transactions
3.4 How we protect and store financial data
- Plaid access tokens are encrypted at rest using AES-256-GCM encryption before storage — never stored or logged in plaintext
- Full bank account numbers are never stored — only the last 4 digits (mask) are retained for display
- Financial data is never used for advertising, profiling, or sold to third parties
- Access to financial data is restricted to group administrators of the specific connected group
3.5 Disconnecting your bank account
Group administrators may disconnect a linked bank account at any time from
the Banking section of the eChama dashboard. Upon disconnection, the Plaid
access token is immediately revoked and deleted from our servers. Historical
transaction records already synced to eChama are retained for audit
compliance purposes as described in Section 6.
4. How We Use Your Information
We use the information we collect to:
- Operate the Services — create and manage your account, process group memberships, record contributions, and facilitate benefit claim events
- Contribution matching — automatically or manually match bank transactions to member contributions using counterparty names and transaction details
- Communications — send email notifications for account verification, password resets, group invitations, membership changes, and contribution confirmations
- Security and fraud prevention — detect suspicious login activity, enforce account lockout policies, and maintain a tamper-evident audit log
- Compliance — maintain financial records required by applicable law and support regulatory audits
- Service improvement — analyse usage patterns (in aggregate, non-identifiable form) to improve the platform
We do not use your personal or financial information for advertising or
marketing purposes beyond communications directly related to your use of
the Services.
5. Information Sharing
eChama does not sell, rent, or trade your personal information. We share
information only in the following limited circumstances:
5.1 Within your group
Contribution amounts, dates, and member names are visible to all active
members of a group to support the transparency that cooperative savings
requires. Case event details are visible to group administrators.
Sensitive personal information (password, full bank account number,
phone number) is never shared with other group members.
5.2 Service providers
- Plaid — bank account linking (Plaid Link), transaction sync, and balance retrieval. Governed by the Plaid Privacy Policy and Plaid End User Privacy Policy.
- Stripe — payment processing, Stripe Financial Connections, and ACH payment initiation. Governed by the Stripe Privacy Policy.
- Email delivery providers — Resend or SendGrid, used solely to deliver transactional emails (verification, notifications, alerts)
- Cloud file storage — Cloudinary, used to store member profile photos uploaded voluntarily to the platform
- Cloud infrastructure — hosting providers that store and process data on our behalf under confidentiality obligations
5.3 Legal requirements
We may disclose information if required by law, regulation, legal process,
or governmental request, or to protect the rights, property, or safety of
eChama, our users, or the public.
5.4 Business transfers
If eChama is involved in a merger, acquisition, or sale of assets, your
information may be transferred as part of that transaction. We will notify
affected users before information becomes subject to a different privacy policy.
6. Data Retention
eChama follows a 7-year retention policy for financial records to comply
with applicable financial recordkeeping requirements. Specifically:
- Contribution records — retained for 7 years from the date of the contribution regardless of membership status
- Audit logs — retained for 7 years and are immutable (records cannot be altered or deleted)
- Transaction data — transaction records synced from connected bank accounts via Plaid are retained for 7 years
- Balance snapshots — daily account balance snapshots are retained for 365 days to support trend analysis and reporting
- Account information — retained while your account is active, and for 12 months after deactivation to allow reactivation and to complete pending obligations
- Plaid access tokens — deleted immediately upon bank account disconnection; never retained beyond that point
You may request deletion of your personal account information at any time
(see Section 8). Financial transaction and contribution records subject to
the 7-year policy cannot be deleted during the retention period.
7. Security
We implement industry-standard security measures to protect your information:
- All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
- Passwords are stored using bcrypt hashing with a work factor of 12 — plaintext passwords are never stored or logged
- Plaid bank access tokens are encrypted at rest using AES-256-GCM encryption — never stored or logged in plaintext
- JSON Web Tokens (JWTs) used for authentication expire after 30 minutes, with session inactivity enforcing automatic logout after 15 minutes in line with PCI DSS guidelines
- Role-based access control ensures members can only access data within their own group
- All administrative actions are recorded in a tamper-evident audit log
- Account lockout is triggered after 5 consecutive failed login attempts
While we take security seriously, no system is completely secure. If you
believe your account has been compromised, please contact us immediately
at the address in Section 12.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access — request a copy of the personal information we hold about you
- Correction — request correction of inaccurate information (note: email addresses are permanent identity fields and cannot be changed)
- Deletion — request deletion of your account and personal information, subject to financial record retention requirements
- Portability — request your contribution history and account data in a machine-readable format
- Objection — object to certain processing of your personal information
- Withdrawal of consent — disconnect your bank account at any time to withdraw consent for financial data access
To exercise any of these rights, contact us at the address in Section 12.
We will respond within 30 days. We may need to verify your identity before
fulfilling a request.
9. Cookies and Local Storage
eChama uses browser local storage (not third-party tracking cookies) to
maintain your authenticated session and remember your last active group.
This data is stored only on your device and is cleared when you log out.
We do not use third-party advertising cookies or cross-site tracking
technologies.
10. Children's Privacy
The Services are not directed to individuals under the age of 18. We do
not knowingly collect personal information from children. If you believe
a child has provided us with personal information, please contact us so
we can delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material
changes, we will notify registered users by email and update the "Last
updated" date at the top of this page. Your continued use of the Services
after notification constitutes acceptance of the revised policy.
We encourage you to review this policy periodically.