Quantum Technology logoContact Us
Legal

Privacy Policy

Effective Date: January 1, 2025  ·  Last updated: January 1, 2025

1. Introduction

Quantum Technology PLC ("Quantum", "we", "us", or "our") is committed to protecting the privacy and personal data of everyone who uses our platforms and services. This Privacy Policy explains how we collect, use, store, share, and protect your information when you interact with any Quantum platform — including the Alegnta and Milkii mobile applications, our website, airtime distribution systems, POS services, and Safaricom distribution channels.

This policy should be read alongside our Terms of Service. By using any Quantum platform, you consent to the practices described in this policy.

2. Who We Are

Quantum Technology PLC is a technology company registered in the Federal Democratic Republic of Ethiopia. We build and operate digital platforms that connect users with financial services provided by our licensed Partner Banks, as well as telecom distribution and payment infrastructure.

As a technology platform provider, Quantum acts as a data processor on behalf of our Partner Banks for financial service data, and as a data controller for data we collect independently in the course of operating our platforms.

Data Controller: Quantum Technology PLC

Gabon St, Addis Ababa 1000, Ethiopia

info@quantumtechnology.com.et

3. Information We Collect

Information You Provide Directly

  • Full name, date of birth, and gender
  • Phone number and email address
  • National ID number or passport number
  • Bank account details linked to a Partner Bank
  • Business information for merchant and agent registrations
  • Messages and communications you send to us

Information Collected Automatically

  • Device identifiers (IMEI, device model, operating system version)
  • App usage data and interaction logs
  • Transaction history (airtime purchases, loan applications, repayments)
  • Location data — only where you have granted permission, and only for features that require it
  • Network and connectivity information
  • Crash reports and performance diagnostics

Information from Third Parties

  • Credit scoring and KYC data from Partner Banks and government identity repositories
  • Telecom usage data from Ethio Telecom and Safaricom Ethiopia, where relevant to the service you are using
  • Credit reference data from the National Bank of Ethiopia's Credit Reference Bureau

4. How We Use Your Information

We use the information we collect to:

  • Operate and deliver our platforms and services
  • Process loan applications and financial transactions on behalf of Partner Banks
  • Verify your identity and conduct KYC checks as required by Ethiopian law
  • Perform credit scoring to assess eligibility for Financial Services
  • Send transactional messages (loan approvals, repayment reminders, receipts)
  • Provide customer support and respond to inquiries
  • Detect, prevent, and investigate fraud and security incidents
  • Comply with legal and regulatory obligations under Ethiopian law
  • Improve the performance, reliability, and features of our platforms
  • Conduct internal analytics and business intelligence (using anonymised data where possible)

We do not use your personal data for unsolicited marketing without your explicit consent.

5. Legal Bases for Processing

We process your personal data on the following legal bases:

  • Contract performance — processing necessary to deliver the services you have requested
  • Legal obligation — processing required to comply with NBE directives, AML/KYC regulations, and Ethiopian data protection law
  • Legitimate interests — fraud prevention, platform security, and service improvement where these do not override your rights
  • Consent — for location data, marketing communications, and any other processing where we have explicitly asked for your permission

6. Information Sharing

We do not sell your personal data. We may share your information only in the following circumstances:

  • Partner Banks — to process loan applications, KYC verification, and financial transactions. Each Partner Bank operates under their own privacy obligations and NBE-regulated data governance framework.
  • Telecom partners (Ethio Telecom, Safaricom Ethiopia) — where necessary to deliver airtime or SIM-related services
  • Technology service providers — cloud infrastructure, SMS gateways, analytics tools — under strict data processing agreements that prohibit independent use of your data
  • Regulatory authorities — the National Bank of Ethiopia, Ethiopian Revenue and Customs Authority, and other bodies as required by applicable law
  • Law enforcement — in response to lawful requests, court orders, or where required to protect against imminent harm
  • Business transfers — in the event of a merger, acquisition, or asset sale, under obligations of confidentiality

7. Data Transfers to Partner Banks

When you apply for a Financial Service through one of our platforms, your personal and financial data is shared with the relevant Partner Bank as necessary to assess and fulfil your application. This includes:

  • Identity and KYC information
  • Device and behavioural data used for credit scoring
  • Transaction history and repayment performance

Partner Banks are independent data controllers for the data they receive and process. Their use of your data is governed by their own privacy policies and regulatory obligations with the NBE. We encourage you to review the privacy policy of the relevant Partner Bank for your financial product.

8. Credit Reference Reporting

In accordance with the Directives for the Establishment and Operation of a Credit Reference Bureau (Directive No. CRB/02/2019) issued by the National Bank of Ethiopia, and the Financial Consumer Protection Directive No. FCP/01/2020, your credit data may be:

  • Submitted to the NBE Credit Reference Bureau on a regular basis
  • Shared with other financial institutions authorised to access CRB data
  • Updated to reflect your repayment performance, including any defaults

By accepting a Credit Advance through any Quantum platform, you expressly acknowledge and authorise this reporting.

9. Data Security

We implement technical and organisational measures appropriate to the sensitivity of the data we process, including:

  • AES-256 encryption for data at rest; TLS 1.3 for all data in transit
  • Role-based access controls limiting staff access to personal data on a need-to-know basis
  • Multi-factor authentication for all internal systems handling user data
  • Regular security assessments and penetration testing
  • Incident response procedures with notification protocols

No transmission over the internet is completely secure. While we take all reasonable precautions, we cannot guarantee absolute security against all threats.

10. Data Retention

We retain your data for as long as necessary to provide our services and fulfil our legal obligations:

  • Active account data — retained for the duration of your account
  • Loan and financial transaction records — 7 years from the date of the transaction, in accordance with Ethiopian financial regulations
  • KYC and identity documents — 5 years after account closure
  • Device and usage logs — 12 months on a rolling basis
  • Support communications — 3 years from the date of the interaction

After retention periods expire, data is securely deleted or anonymised.

11. Your Rights

Subject to applicable Ethiopian law, you have the following rights regarding your personal data:

  • Right to access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to deletion — request deletion of your data where there is no legal obligation to retain it
  • Right to object — object to processing based on legitimate interests or for direct marketing
  • Right to restrict processing — request that we limit how we use your data in certain circumstances
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at info@quantumtechnology.com.et. We will respond within 30 days. Note that some rights may be limited where retention is required by law — for example, financial transaction records required by the NBE.

12. Children's Privacy

Our platforms are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a person under 18 without appropriate consent, we will take steps to delete it promptly. If you believe a minor's data has been submitted to us, please contact info@quantumtechnology.com.et.

13. Third-Party Links

Our platforms may contain links to third-party websites or services, including Partner Bank portals and telecom operator pages. This Privacy Policy applies only to Quantum's own platforms. We are not responsible for the privacy practices of third parties and encourage you to review their policies before providing any personal information.

14. Changes to This Policy

We may update this Privacy Policy to reflect changes in our services, data practices, or legal requirements. When we do, we will update the "Last updated" date at the top of this page and notify you of material changes via the Platform or SMS where possible.

Your continued use of our platforms after the effective date of any update constitutes acceptance of the revised policy.

15. Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices:

Quantum Technology PLC — Privacy

Gabon St, Addis Ababa 1000, Ethiopia

+251 943092091

You also have the right to lodge a complaint with the relevant Ethiopian data protection authority if you believe your rights have not been respected.