Bila

Privacy Policy

Introduction

Welcome to Bila ("we," "our," or "us"). Bila is a payment platform operated by Devdraft Inc Payments Solutions that enables businesses to accept mobile money payments and manage payouts across Africa.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including:

  • The Bila website (usebila.com)
  • The Bila merchant dashboard (app.usebila.com)
  • The Bila API (api.usebila.com)
  • Any related services, applications, or tools

By accessing or using our services, you agree to this Privacy Policy. IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OR USE OUR SERVICES.

Information We Collect

Personal Information

When you register for an account or use our services, we may collect:

  • Identity Information: Full name, date of birth, nationality, government-issued identification numbers
  • Contact Information: Email address, phone number, physical address
  • Account Credentials: Username, password (stored in hashed format)
  • Professional Information: Job title, role within the organization

Business Information

For merchant accounts, we collect:

  • Business Details: Company name, business registration number, tax identification number
  • Business Address: Registered address, operational address
  • Business Type: Industry, nature of business activities
  • Ownership Information: Directors, shareholders, beneficial owners

KYC Documents

To comply with regulatory requirements, we collect:

  • Identity Documents: National ID, passport, driver's license
  • Business Documents: Certificate of incorporation, business license, tax certificates
  • Proof of Address: Utility bills, bank statements
  • Additional Verification Documents: As required by applicable regulations

Financial and Transaction Information

When you use our payment services, we collect:

  • Bank Account Details: Bank name, account number, branch codes
  • Mobile Money Information: Mobile money provider, phone number, wallet details
  • Transaction Data: Payment amounts, dates, times, recipients, payment references
  • Wallet Information: Balance history, transaction history
  • Payment Link Data: Created payment links, collection amounts, payer information

Technical Information

We automatically collect:

  • Device Information: Device type, operating system, browser type
  • Log Data: IP addresses, access times, pages viewed, referring URLs
  • API Usage: API calls, endpoints accessed, request/response data
  • Session Information: Session IDs, authentication tokens

Communication Data

  • Support Requests: Messages sent through our support channels
  • Email Communications: Correspondence related to your account
  • SMS Communications: Transaction notifications, OTP codes

How We Use Your Information

We use the information we collect for the following purposes:

Service Provision

  • Process payments, collections, and transfers
  • Manage your merchant account and wallet
  • Generate and manage payment links
  • Provide real-time transaction updates via webhooks
  • Enable API access for developers

Identity Verification and Compliance

  • Verify your identity and business legitimacy
  • Conduct Know Your Customer (KYC) checks
  • Comply with anti-money laundering (AML) regulations
  • Meet regulatory reporting requirements
  • Prevent fraud and financial crimes

Communication

  • Send transaction confirmations and notifications
  • Provide customer support
  • Send service-related updates and announcements
  • Deliver security alerts and important notices

Service Improvement

  • Analyze usage patterns to improve our services
  • Develop new features and functionality
  • Conduct research and analytics
  • Debug and fix technical issues

Security

  • Protect against unauthorized access
  • Monitor for suspicious activity
  • Implement fraud prevention measures
  • Maintain audit logs for security purposes

Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal requests and court orders
  • Protect our legal rights and interests

Legal Basis for Processing

We process your personal information based on the following legal grounds:

  • Contract Performance: Processing necessary to fulfill our service agreement with you
  • Legal Obligation: Processing required to comply with applicable laws and regulations
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention and service improvement
  • Consent: Where you have given explicit consent for specific processing activities

Information Sharing and Disclosure

We may share your information with the following parties:

Payment Service Providers

We work with third-party payment processors to facilitate transactions:

  • Mobile Money Providers: Airtel Money, MTN Mobile Money, Zamtel Kwacha
  • Banking Partners: Licensed financial institutions for bank transfers
  • Payment Infrastructure Providers: To process and settle transactions

Service Providers

We engage trusted third parties to support our operations:

  • Cloud Infrastructure: Amazon Web Services (AWS) for secure data storage
  • Email Services: Resend for transactional emails
  • SMS Services: For OTP codes and transaction notifications
  • Analytics: To understand service usage and improve performance

Regulatory and Legal Authorities

We may disclose information to:

  • Central banks and financial regulators
  • Law enforcement agencies (when legally required)
  • Tax authorities
  • Other governmental bodies as required by law

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

With Your Consent

We may share your information with other parties when you have given explicit consent.

Data Security

We implement robust security measures to protect your information:

Technical Safeguards

  • Encryption: 256-bit encryption for data in transit and at rest
  • Secure Authentication: JWT-based authentication with secure token management
  • API Security: API key authentication with Stripe-like key management (sk_live_xxx, sk_test_xxx)
  • Rate Limiting: Protection against abuse and DDoS attacks
  • Secure Infrastructure: Hosted on secure, compliant cloud infrastructure

Organizational Measures

  • Access Controls: Role-based access control (RBAC) limiting data access
  • Audit Logging: Complete audit trails for all system activities
  • Data Isolation: Multi-tenant architecture with strict data separation
  • Security Training: Regular security awareness training for staff
  • Incident Response: Documented procedures for security incidents

Password Security

  • Passwords are hashed using industry-standard algorithms
  • API keys are hashed before storage
  • Support for key rotation and expiration

Data Retention

We retain your information for as long as necessary to:

  • Provide our services to you
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce agreements
  • Maintain records for audit purposes

Retention Periods

Data TypeRetention Period
Account InformationDuration of account + 7 years
Transaction Records7 years from transaction date
KYC DocumentsDuration of relationship + 7 years
Audit Logs7 years
Technical Logs90 days
Support Communications3 years

After the retention period expires, data is securely deleted or anonymized.

Your Rights

Depending on your location, you may have the following rights:

Access

You have the right to request a copy of the personal information we hold about you.

Correction

You have the right to request correction of inaccurate or incomplete information.

Deletion

You have the right to request deletion of your personal information, subject to legal retention requirements.

Data Portability

You have the right to receive your personal information in a structured, commonly used format.

Restriction

You have the right to request restriction of processing in certain circumstances.

Objection

You have the right to object to processing based on legitimate interests.

Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time.

To exercise any of these rights, please contact us at privacy@usebila.com.

Cookies and Tracking Technologies

What We Use

We use cookies and similar technologies to:

  • Maintain your session and authentication state
  • Remember your preferences
  • Analyze usage patterns
  • Improve service performance

Types of Cookies

Cookie TypePurpose
EssentialRequired for service functionality
FunctionalRemember preferences and settings
AnalyticsUnderstand how services are used

Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect service functionality.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard contractual clauses
  • Adequacy decisions
  • Other legally recognized transfer mechanisms

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Third-Party Links

Our services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification
  • Displaying a notice in our dashboard

Your continued use of our services after changes become effective constitutes acceptance of the revised Privacy Policy.

Jurisdiction-Specific Provisions

Zambia

For users in Zambia, we comply with the Data Protection Act, 2021 and regulations issued by the Bank of Zambia and other relevant authorities.

European Economic Area (EEA)

For users in the EEA, we comply with the General Data Protection Regulation (GDPR). Our legal basis for processing is described in Section 4.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

EntityContact Details
Bila (Devdraft Inc Payments Solutions)Email: privacy@usebila.com
Support: support@usebila.com
Website: https://usebila.com
Data Protection OfficerEmail: dpo@usebila.com

Complaints

If you are not satisfied with our response to your privacy concerns, you may file a complaint with the relevant data protection authority in your jurisdiction.

By using Bila's services, you acknowledge that you have read and understood this Privacy Policy.

© 2026 Devdraft Inc Payments Solutions. All rights reserved.