Terms of Service & Privacy Policy
Version 1.0 · Effective Date: April 2026
Governing Law: Republic of Kenya
PART I — TERMS OF SERVICE
1. Introduction & Acceptance of Terms
Welcome to ChamaVault. ChamaVault is a financial technology platform designed to help informal savings groups—commonly known as Chamas—manage contributions, track savings, and execute payments using Bitcoin's Lightning Network.
By creating an account, joining a Chama, accessing our USSD service, or using any feature of the ChamaVault platform (collectively, the "Service"), you ("User", "Member", or "Administrator") agree to be bound by these Terms of Service ("Terms"). If you do not agree to these Terms, you must not use the Service.
These Terms constitute a legally binding agreement between you and ChamaVault. We reserve the right to update these Terms at any time, and we will notify users of material changes via email or in-app notice at least 14 days before such changes take effect.
2. Definitions
For the purposes of these Terms, the following definitions apply:
• "Chama" means an informal savings or investment group registered on the ChamaVault platform.
• "Administrator" means a User who creates or manages a Chama, including approving contributions and withdrawals.
• "Member" means any User who has been added to a Chama by an Administrator.
• "Contribution" means a financial deposit made by a Member into a Chama's pool.
• "Lightning Network" means the Bitcoin Layer-2 payment protocol used for instant, low-cost settlements on the ChamaVault platform.
• "USSD" means Unstructured Supplementary Service Data, allowing access to the Service without an internet connection.
• "KYC" means Know Your Customer, referring to identity verification procedures.
• "AML" means Anti-Money Laundering, referring to legal frameworks against illicit financial activity.
• "Individual Lightning Wallet" means the personal Bitcoin Lightning Network wallet provisioned by ChamaVault for each registered Member.
• "Group Wallet" means the shared Bitcoin wallet secured by multi-signature technology and assigned to a Chama for pooling contributions.
• "Multisig" or "Multi-Signature" means a cryptographic security mechanism requiring a minimum number of authorised signatories to co-sign a transaction before it is executed.
• "Signatory" means a Chama Member or Administrator who holds signing authority over a Group Wallet transaction.
3. Eligibility & Account Registration
3.1 Eligibility
To use ChamaVault you must:
• Be at least 18 years of age.
• Be a resident of a jurisdiction where our services are legally permitted.
• Provide accurate and complete registration information.
• Not have been previously suspended or banned from the Service.
• Comply with all applicable laws and regulations in your jurisdiction.
3.2 Account Security
You are responsible for maintaining the confidentiality of your account credentials. You must notify us immediately at support@chamavault.xyz if you suspect any unauthorised access to your account. ChamaVault will not be liable for losses arising from unauthorised access resulting from your failure to secure your credentials.
3.3 KYC & Identity Verification
ChamaVault complies with Kenya's Proceeds of Crime and Anti-Money Laundering Act (POCAMLA) and Central Bank of Kenya (CBK) digital finance guidelines. We may require you to submit identity documents including but not limited to a National ID, Passport, or driving licence, as well as phone number verification via your registered mobile number. Failure to complete KYC verification may result in restricted access to certain features.
4. Chama Creation & Administration
4.1 Creating a Chama
Any eligible User may create a Chama on the platform. The Administrator is solely responsible for:
• Setting contribution rules, schedules, and withdrawal policies for the Chama.
• Ensuring all Members are added with their informed consent.
• Approving or rejecting withdrawals.
• Communicating the Chama's operating rules to all Members.
4.2 Administrator Liability
ChamaVault provides infrastructure and tools for Chama management but does not participate in the governance or decisions of any individual Chama. Disputes between Members and Administrators are the responsibility of the group. ChamaVault shall not be liable for losses arising from Administrator mismanagement.
4.3 Member Responsibilities
As a Member, you agree to:
• Contribute amounts and on schedules agreed within your Chama.
• Provide accurate payment details for Lightning Network payouts.
• Promptly notify your Administrator and ChamaVault of any technical issues affecting your contributions.
5. ChamaVault Wallets
ChamaVault provisions two distinct types of Bitcoin wallets: an Individual Lightning Wallet for each registered Member, and a Group Multisig Wallet for each Chama.
5.1 Individual Lightning Wallet
Upon successful registration and KYC verification, ChamaVault automatically creates a Bitcoin Lightning Network wallet linked to your account. The following terms apply:
• Wallet creation: ChamaVault generates and manages the cryptographic keys associated with your Individual Lightning Wallet on your behalf. You are responsible for securely storing any recovery credentials provided to you at wallet creation.
• Purpose: The wallet is used to receive Chama payout disbursements, receive instant Lightning Network settlements, and send contributions to your Chama's Group Wallet.
• Custody: You retain beneficial ownership of funds. ChamaVault acts as a technical custodian solely to facilitate platform operations.
• Irreversibility: All Lightning Network transactions are cryptographically final and cannot be reversed once broadcast.
• Loss of access: Contact support@chamavault.xyz immediately. Recovery is subject to successful KYC re-verification.
• Wallet closure: Upon account termination, any remaining balance must be withdrawn prior to closure.
5.2 Group Chama Wallet (Multisig)
Each Chama is assigned a shared Bitcoin wallet secured by multi-signature (multisig) technology. Key terms:
• Multisig structure: Requires a defined threshold of cryptographic signatures from designated signatories before any outgoing transaction can be executed.
• Purpose: Holds pooled Member contributions, accumulates Chama savings, and disburses approved withdrawals to Member wallets.
• Signatory responsibilities: Signatories must review and co-sign transactions in a timely manner.
• Transparency: All Group Wallet transactions are recorded on the Bitcoin blockchain and visible to all Chama Members.
• No commingling: ChamaVault does not commingle Group Wallet funds with its own operational funds or with funds belonging to other Chamas.
• Chama dissolution: Any remaining balance must be disbursed to Members in accordance with agreed rules and with the required multisig approvals.
5.3 General Wallet Terms
• Bitcoin volatility: Funds are denominated in Bitcoin (BTC) and are subject to market price volatility. ChamaVault does not guarantee, insure, or protect against changes in the value of Bitcoin.
• Regulatory compliance: Wallet activity is subject to ongoing AML/KYC monitoring in accordance with POCAMLA and CBK guidelines.
• No deposit insurance: Funds held in ChamaVault wallets are not insured by the Kenya Deposit Insurance Corporation (KDIC) or any other government deposit protection scheme.
• Security responsibility: You are responsible for keeping your account credentials secure. ChamaVault cannot be held liable for losses resulting from user-side security breaches, phishing attacks, or social engineering.
6. Contributions, Withdrawals & Payments
6.1 Contributions
Contributions can be made via the ChamaVault mobile app or the USSD interface (accessible without an internet connection). All contributions are recorded on the platform in real time and are visible to all Chama Members. Contributions are routed from the Member's Individual Lightning Wallet into the Chama's Group Wallet upon confirmation.
6.2 Bitcoin & Lightning Network Payments
ChamaVault uses the Bitcoin Lightning Network for withdrawals and settlements. You acknowledge and accept that:
• Bitcoin is a volatile digital asset. The value of funds may fluctuate significantly.
• Blockchain transactions are irreversible. Once a Lightning payment is dispatched, it cannot be reversed or recalled.
• You are responsible for ensuring your Individual Lightning Wallet is active and accessible for receiving disbursements.
6.3 Fees
ChamaVault does not charge hidden fees. Any applicable platform or network fees will be clearly disclosed prior to transaction completion. Bitcoin Lightning Network transaction fees are variable and determined by network conditions, not ChamaVault.
6.4 Withdrawal Approval
All withdrawals from the Group Wallet require both Administrator approval and the requisite multisig signatures before funds are released. ChamaVault processes approved and fully signed withdrawals promptly via the Lightning Network. Processing times may vary due to network conditions beyond our control.
7. Prohibited Conduct
You agree not to use ChamaVault to:
• Engage in money laundering, terrorist financing, fraud, or any other illegal activity.
• Create Chamas for the purpose of operating illegal pyramid or Ponzi schemes.
• Impersonate another person or misrepresent your identity.
• Circumvent, hack, or interfere with the platform's security measures.
• Use the Service to conduct transactions on behalf of sanctioned individuals or entities.
• Use automated bots or scripts to access the platform without authorisation.
• Violate any applicable law or regulation in your jurisdiction.
ChamaVault reserves the right to suspend or permanently terminate any account found to be in violation of this section, and to report such activity to the relevant authorities including the Financial Reporting Centre (FRC) of Kenya.
8. Intellectual Property
All content, trademarks, software, logos, and intellectual property on the ChamaVault platform are the exclusive property of ChamaVault or its licensors. You are granted a limited, non-exclusive, non-transferable licence to access and use the Service for personal and group savings purposes only. You may not copy, modify, distribute, sell, sublicense, or create derivative works of any platform content without our prior written consent.
9. Disclaimers & Limitation of Liability
9.1 No Financial Advice
ChamaVault is a savings management technology platform and does not provide financial, investment, legal, or tax advice. Nothing on the platform constitutes a recommendation to buy, hold, or sell Bitcoin or any other asset. You should seek independent professional advice before making financial decisions.
9.2 Service Availability
We strive to maintain continuous availability of the Service; however, we do not warrant that the platform will be uninterrupted, error-free, or free from security vulnerabilities. We will not be liable for losses arising from platform downtime, technical errors, or third-party service failures.
9.3 Limitation of Liability
To the maximum extent permitted by applicable Kenyan law, ChamaVault's total liability to you for any claim arising out of or related to these Terms or your use of the Service shall not exceed the total amount of transaction fees paid by you to ChamaVault in the 90 days preceding the claim. ChamaVault shall not be liable for any indirect, incidental, special, consequential, or punitive damages.
10. Dispute Resolution
In the event of a dispute arising out of or relating to these Terms or the Service, you agree to first attempt to resolve the matter informally by contacting us at support@chamavault.xyz within 30 days of the dispute arising.
If the dispute cannot be resolved informally, both parties agree to submit to arbitration in Nairobi, Kenya, in accordance with the Arbitration Act (Cap 49, Laws of Kenya). Arbitration shall be conducted in English and the decision of the arbitrator shall be final and binding.
Nothing in this clause prevents either party from seeking emergency injunctive relief from a competent court.
11. Governing Law & Jurisdiction
These Terms are governed by and construed in accordance with the laws of the Republic of Kenya. Any matters not resolved through arbitration shall be subject to the exclusive jurisdiction of the courts of Nairobi, Kenya.
12. Termination
ChamaVault reserves the right to suspend or terminate your access to the Service at any time, with or without notice, for violation of these Terms, suspected fraudulent activity, regulatory requirements, or for any other legitimate business reason.
You may terminate your account at any time by contacting us at support@chamavault.xyz. Upon termination, any pending approved withdrawals will be processed. Funds locked in an active Chama are subject to that Chama's withdrawal rules and require Administrator approval.
PART II — PRIVACY POLICY
13. Introduction
ChamaVault is committed to protecting your personal data in accordance with the Kenya Data Protection Act, 2019 (DPA 2019), the Kenya Data Protection (General) Regulations 2021, and internationally recognised data protection principles including those outlined in the EU General Data Protection Regulation (GDPR) to the extent applicable.
This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights as a data subject. By using our Service, you consent to the collection and use of your data as described in this Policy.
14. Data Controller Information
ChamaVault is the Data Controller responsible for your personal data.
Email: support@chamavault.xyz
Phone: +254 713 072 153
Address: Nairobi, Kenya
Website: www.chamavault.xyz
For all data protection enquiries, please contact us using the details above with the subject line: "DATA PROTECTION ENQUIRY".
15. Personal Data We Collect
15.1 Data You Provide Directly
• Identity data: Full name, national ID number, date of birth, passport number.
• Contact data: Phone number, email address, physical address.
• Financial data: Bitcoin/Lightning Network wallet addresses, transaction amounts, contribution history.
• Account data: Username, hashed password, account preferences.
• Chama data: Chama name, membership information, contribution and withdrawal records.
15.2 Data Collected Automatically
• Device and technical data: IP address, device type, operating system, browser type.
• Usage data: Pages visited, features used, USSD session logs, timestamps.
• Transaction data: On-chain and Lightning Network transaction metadata (note: Bitcoin transactions are public on the blockchain).
15.3 Data from Third Parties
• Identity verification data from licensed KYC/AML service providers.
• Telecommunications data from mobile network operators for USSD services.
16. Legal Basis for Processing
We process your personal data on the following legal bases under the Kenya DPA 2019:
• Contractual necessity: To provide you with the Service as described in these Terms.
• Legal obligation: To comply with KYC, AML, POCAMLA, CBK regulations, and tax reporting requirements.
• Legitimate interests: To improve our platform, prevent fraud, and ensure platform security.
• Consent: Where we ask for your specific consent (e.g., marketing communications), which you may withdraw at any time.
17. How We Use Your Personal Data
We use your personal data for the following purposes:
• Account creation, management, and authentication.
• Processing contributions, withdrawals, and Lightning Network payments.
• Conducting KYC/AML checks as required by Kenyan law.
• Communicating service-related notices, updates, and alerts.
• Providing customer support and resolving disputes.
• Detecting and preventing fraud, money laundering, and other illegal activities.
• Improving platform functionality, features, and user experience.
• Complying with legal, regulatory, and reporting obligations.
• Sending marketing communications where you have consented.
18. Data Sharing & Third-Party Disclosure
We do not sell your personal data to third parties. We may share your data with:
• KYC/AML service providers: For identity verification as required by law.
• Payment and blockchain infrastructure providers: To process Lightning Network transactions.
• Mobile network operators: For USSD service delivery.
• Cloud hosting and IT service providers: Operating under strict data processing agreements.
• Regulatory and law enforcement authorities: Where required by law, court order, or where we are legally compelled to do so.
• Professional advisors: Legal, accounting, and audit firms under confidentiality obligations.
Where we share data with third-party processors, we ensure they are bound by contractual obligations consistent with the Kenya DPA 2019 to protect your personal data.
19. International Data Transfers
Bitcoin transactions are recorded on a public, globally distributed blockchain. Beyond this, ChamaVault aims to store personal data within Kenya or in jurisdictions that provide an equivalent level of data protection. Where data is transferred internationally, we will implement appropriate safeguards such as standard contractual clauses, as required by the Kenya DPA 2019.
20. Data Retention
We retain personal data for as long as necessary to fulfil the purposes described in this Policy, and to comply with legal and regulatory obligations. Our standard retention periods are:
• Account and identity data: For the duration of your account and 7 years after account closure (as required by POCAMLA and tax laws).
• Transaction records: 7 years from the date of the transaction.
• USSD session logs: 12 months.
• Marketing consent records: Until consent is withdrawn plus 3 years.
Once the relevant retention period expires, personal data is securely deleted or anonymised.
21. Data Security
ChamaVault implements appropriate technical and organisational measures to protect your personal data. Our security measures include:
• End-to-end encryption for all data transmissions.
• Password hashing using industry-standard algorithms.
• Role-based access controls limiting internal access to personal data.
• Regular security audits and vulnerability assessments.
• Bitcoin Lightning Network cryptographic verification for all transactions.
• Incident response procedures for data breach notification.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Office of the Data Protection Commissioner (ODPC) within 72 hours of becoming aware of the breach, and will notify affected users without undue delay, as required by the Kenya DPA 2019.
22. Your Rights as a Data Subject
Under the Kenya Data Protection Act, 2019, you have the following rights:
• Right of access: To obtain a copy of your personal data we hold.
• Right to rectification: To correct inaccurate or incomplete personal data.
• Right to erasure: To request deletion of your personal data, where legally permissible.
• Right to restriction of processing: To limit how we process your data in certain circumstances.
• Right to data portability: To receive your personal data in a structured, commonly used format.
• Right to object: To object to processing based on legitimate interests or for direct marketing.
• Right to withdraw consent: Where processing is based on consent, you may withdraw at any time without affecting prior processing.
• Right not to be subject to automated decision-making: To not be subject solely to automated decisions that produce significant legal effects.
To exercise any of these rights, please contact us at support@chamavault.xyz. We will respond within 21 days as required by the Kenya DPA 2019. If you are not satisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner (ODPC) of Kenya at www.odpc.go.ke.
23. Cookies & Tracking Technologies
Our web application may use cookies and similar tracking technologies to:
• Maintain your session and authentication state.
• Analyse platform usage.
• Remember your preferences.
You may control cookie preferences through your browser settings. Note that disabling certain cookies may affect platform functionality. The USSD service does not use cookies.
24. Children's Privacy
ChamaVault does not knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will promptly delete such data. If you believe a minor's data has been submitted to our platform, please contact us immediately at support@chamavault.xyz.
25. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes at least 14 days before they take effect via email or in-app notification. Continued use of the Service following the effective date of any update constitutes acceptance of the revised Policy.
PART III — GENERAL PROVISIONS
26. Severability
If any provision of these Terms or Privacy Policy is found by a court of competent jurisdiction to be invalid, illegal, or unenforceable, the remaining provisions shall continue in full force and effect.
27. Entire Agreement
These Terms and the Privacy Policy constitute the entire agreement between you and ChamaVault with respect to the Service and supersede all prior agreements, representations, and understandings, whether oral or written.
28. Waiver
ChamaVault's failure to enforce any right or provision of these Terms shall not constitute a waiver of such right or provision.
29. Contact Us
For any questions, concerns, or requests relating to these Terms or Privacy Policy, please contact us:
Email: support@chamavault.xyz
Phone: +254 713 072 153
Website: www.chamavault.xyz
Address: Nairobi, Kenya
For Data Protection matters, include "DATA PROTECTION" in your email subject line.
For regulatory complaints: Office of the Data Protection Commissioner (ODPC), Kenya — www.odpc.go.ke
© 2026 ChamaVault. All rights reserved.
Empowering Chamas to Save, Grow & Thrive