Policy

Effective Date: February 20, 2026 – Issued by Universal IT Solutions Limited (UITS), Accra, Ghana

 

eBanqr is a cloud-based core banking platform developed by Universal IT Solutions Limited (UITS). We are committed to protecting the privacy and security of all data entrusted to us by our clients and their customers. This Privacy Policy explains what data we collect, why we collect it, how we protect it, and your rights as a data subject.

This Policy applies to financial institutions subscribing to eBanqr, their authorized staff, end-clients whose data is processed on the platform, and visitors to our website (https://ebanqr.com). By using eBanqr, you agree to the terms of this Policy.

1. Our Role in Data Processing

eBanqr operates in two capacities depending on the data involved:

  • Controller: As a Data Controller, for information we collect directly — such as from website visitors, prospective clients, and account registration.
  • Processor: As a Data Processor, for personal data submitted by client financial institutions about their customers. In this role, we process data strictly on the instructions of the client institution.

Client institutions remain responsible for ensuring they have a lawful basis to share their customers’ data with eBanqr.

2. Data We Collect

From Financial Institutions and Their Staff

  • Institutional details: organization name, organization contact, address, business details
  • User information: names, email addresses, phone numbers, job titles, and login credentials
  • Billing and subscription records
  • System activity: login history, audit logs, and feature usage

From End-Clients (Processed on Behalf of Financial Institutions)

  • Identity and KYC data: names, national ID numbers, date of birth, photographs
  • Financial products data: loan records, repayment history, account balances, deposits, and transactions
  • Contact and address information
  • Employment and income information provided during loan applications

Automatically Collected Data

  • IP addresses, browser type, device identifiers, and session data
  • Platform usage patterns and error/diagnostic logs
  • Cookies for authentication and analytics (manageable via browser settings)

3. How We Use Your Data

We use collected data for the following purposes:

  • Delivering core banking services — loan origination, loan management, KYC, deposits, accounting, reporting, and API integrations
  • Authenticating users and enforcing role-based access controls
  • Security monitoring, vulnerability assessments, and fraud prevention
  • Customer support, onboarding, training, and service communications
  • Regulatory compliance and audit trail maintenance
  • Platform analytics and product improvement using anonymized data

4. Data Security

Security is central to how eBanqr is designed and operated. Our key measures include:

  • Encryption of all data in transit (TLS/SSL)
  • Logical data isolation — each institution’s data is kept strictly separate from others
  • Fine-grained role-based access control (RBAC) limiting data access to authorized users only
  • Two-factor authentication (2FA) support for all accounts
  • Regular vulnerability scans and risk assessments
  • Comprehensive audit logging of all system activity

In the event of a data breach, we will notify affected institutions and relevant authorities within the timeframes required by applicable law.

5. Data Sharing

We do not sell personal data. Data is only shared in limited circumstances:

  • With authorized technology partners, only to the extent required by the integration and as instructed by the client institution
  • With regulators and law enforcement where required by law (e.g., Regulatory bodies, Data Protection Commission)
  • In the event of a business merger or acquisition, with advance notice to clients and appropriate data protection safeguards

6. Data Retention

We retain data only as long as necessary:

  • Client institutional data: retained for the duration of the subscription
  • End-client records: retained per the client institution’s own retention policy and applicable regulations; data can be exported at any time via eBanqr’s built-in export feature
  • Website and inquiry data: up to 24 months from last contact
  • Security and audit logs: minimum 12 months

Data no longer required is securely deleted or anonymized.

7. Your Rights

Subject to applicable law, you have the right to:

  • Access, correct, or request deletion of your personal data
  • Receive your data in a portable format
  • Object to processing based on legitimate interests
  • Withdraw consent where processing is consent-based
  • Lodge a complaint with the Data Protection Commission of Ghana, or the relevant authority in your jurisdiction

For end-client data requests, eBanqr will refer you to the client financial institution that controls your data. To exercise your rights, contact us using the details in Section 9.

8. Changes to This Policy

We may update this Privacy Policy periodically. For material changes, we will notify client institutions at least 30 days in advance via email or platform notification. The “Effective Date” at the top of this document will always reflect the current version. Continued use of eBanqr after changes take effect constitutes acceptance of the revised Policy.

9. Contact Us

For any questions, requests, or concerns about this Policy or your data, please contact:

Universal IT Solutions Limited (UITS)

Address: No. B16, Shalom Shopping Mall, Golf Street, Achimota, Accra, Ghana

Email: info@ebanqr.com

Phone: (+233) (0)24-480-7648

Website: https://ebanqr.com

We aim to respond to all requests within 30 days of receipt.