Terms of Service

October 8, 2024

At Stitch, user privacy, security and transparency are of utmost importance.

This document, Terms of Service and End User Privacy Policy (collectively known as the “Terms”), is meant to help you (the “end user”) understand how we at Stitch collect, use, and share end user information in our possession to operate, improve, develop, and protect our services, and as otherwise outlined in the Terms. Please take some time to read the Terms carefully.

Please note that these terms apply to Stitch Money (Pty) Ltd (2018/409288/07).

1. Who is Stitch?

Stitch Money (Pty) Ltd (“Stitch”), is a company incorporated in South Africa under registration number 2018/409288/07. Stitch provides technology that allows consumers to connect their bank account to applications/websites for purposes of facilitating payments and accessing a variety of products, across verticals such as budgeting, lending, insurance, etc. These products are built by companies and developers (collectively known as “Developers”) that integrate with us by making use of our developer tools and services to do so.

Stitch is also an authorised Third Party Payment Provider and provides services in its capacity as such. The products and services that we offer are provided in partnership with merchants and registered financial institutions.

2. About the Terms

This document sets out the Terms of Service and End User Privacy Policy (collectively known as the
“Terms”) and is aimed at providing you (the “End User”) with information on the nature of personal
information we collect, the purpose for collection, how we process your personal information in the course of providing our services and the measures that we undertake to ensure that your personal information is secured, and its confidentiality safeguarded. Personal Information, process/processing and any other terms used in the context of the Protection of Personal Information Act 4 of 2013 (“POPIA”) will bear the meanings ascribed to the terms therein. The application of these Terms is limited to the information that Stitch directly collects, processes, stores and shares with third parties with your consent. These Terms apply to Stitch’s website and all relevant engagement channels (including applications) through which we offer services and products. Should you have any questions related to Stitch’s data practices please contact us via email at privacy@stitch.money

These Terms do not seek to offer any guarantees or make any representations on behalf of Developers
and/or any third parties that Stitch collaborates with for purpose of (i) giving effect to a commercial
relationship between you and said third party or Stitch and/or (ii) facilitating payment transaction(s) on your behalf. We encourage you to enquire with the Developers or any third party concerned if you wish to have more information about their data practices.

3. Information We Collect

Stitch is committed to processing Personal Information in compliance with POPIA. In light of this, your personal information will be processed in a manner that is reasonable, non-excessive, adequate and relevant to the purpose for which it is processed.

The following information will be collected and processed:

Information that you voluntarily share:

When you connect your bank accounts with an application or otherwise connect your bank accounts through Stitch, where applicable, we process credentials required by the provider of your bank account, such as your account username, bank account number, password, pin, etc.

We may in future collect your phone number, email address, security questions and answers, and Multi Factor Authentication (MFA) such as One Time Pins (OTPs) to help verify your identity before connecting your bank accounts.

When providing this information via the Stitch website or an alternative engagement channel (including apps) through which we offer services and products, you give the Developers and Stitch the authority to act on your behalf and consent to either party accessing and transmitting your End User Information from the relevant bank or other entity that provides your bank accounts (collectively known as “Bank Providers”). Please note that the obligation to collect personal information directly from you, will not apply in instances where the relevant information was deliberately made public by you or where you consented to the collection of the information from another source.

Information we collect from your bank accounts:

The information we receive from the Bank Providers varies depending on the specific Stitch services that Developers use to enable their applications, as well as the information made available by those Bank Providers. In general, we collect the following personal and commercial information, from your Bank Provider:

  • Account information, including bank name, account name, account type, account holder, branch number.
  • Information about an account balance, including current and available balance.
  • Information about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis.
  • Identifiers and information about the account holder(s), including name, email address, phone number, date of birth, gender, and address information.
  • Information about account transactions, including amount, date, type, price, and a description of the transaction.

The data collected from your bank accounts includes information from all your accounts (e.g. checking, savings, and credit card) accessible through a single set of account credentials. All personal information collected and processed in this scenario, is done so with your consent. Neither Stitch, nor the Developer is able to access personal information that you have not explicitly shared and consented to.

Information we collect from your bank devices:

We do not currently, but may in future receive information about the devices used to connect to the Stitch website or any other engagement channels (including apps) through which we offer services and products . We may receive identifiers and network activity information about the relevant device, including IP address, hardware model, operating system, which features within our services you access, and other technical information about the device. This would be done to enhance security around your bank accounts and prevent fraudulent access.

4. Use of Personal Information

In general we process, store and retain personal Information for purposes of (i) giving effect to a
commercial relationship between you and Stitch or a third party; or (ii) facilitating payment transaction(s) on your behalf and for any other compatible purpose.

See below list of additional reasons for which End User Information is used:

  • To operate, provide, and maintain our services;
  • To improve, enhance, modify, add to, and further develop our services;
  • To protect us, you, Developers, our partners, others from fraud, malicious activity, and other privacy and security-related compromises;
  • To develop new services;
  • To provide customer support to you or to Developers, including to help respond to your queries related to our service or Developers’ applications;
  • To investigate any misuse of our service or Developers’ applications, including criminal activity, or other unauthorised access to our services; and
  • For any other purposes that you are notified about and that you consent to.

Note: We retain your security credentials (such as your username, password, pin, etc) with your
permission, in connection with the use of our services. We do not, however, share such security
information with third parties.

5. Sharing of Personal Information

We share your End User Information for a number of purposes, including:

  • With the Developer of the application you are using and as directed by that Developer (such as with another third party with your consent);
  • Between and among Stitch group companies and, subsidiaries and other companies under common control or ownership for purposes of offering the services, customer support, monitoring and prevention of potentially illegal acts and violations of our policies, and to help us take decisions regarding our products and services;
  • As we believe reasonably appropriate to protect you, the Developers, our partners and others as well as our rights, privacy, safety, or property;
  • If we believe in good faith that disclosure is legally required in order for us to comply with any applicable laws, regulation, or legal process (such as a court order); or
  • For any other notified purpose with your consent.

We do not sell personal information that we collect/process to third parties for marketing or any other
purpose.

6. How we Secure Personal Information

We use appropriate, reasonable technical and organisational measures to curtail unlawful access to or processing of Personal Information, prevent loss of, damage to or unauthorised destruction of Personal Information and to secure the integrity and confidentiality of all Personal Information in our possession and/or under our control. Only authorised Stitch personnel and third-party service providers are provided access to personal data, and these individuals and service providers are required to treat this information as confidential.

In line with POPIA and subject to Stitch successfully verifying your identity, you have the right to amongst other things, request access to a record of your Personal Information in our possession or under our control in order to verify its accuracy, correct any errors or update it. In addition, you may also request for Stitch to delete any Personal Information that is incorrect, outdated or which was collected without your consent. Please contact us via email at privacy@stitch.money should you wish to have access to, amend, update or delete any of your Personal Information in our possession or under our control. Please note that deletion of some Personal Information may impact the services/products that we offer to you. Stitch will not take any responsibility and rejects all liability, for any harm, or loss that you may incur as a consequence of your deletion of Personal Information required for us to offer the relevant services to you.

7. Consent to Process your Personal Information

By giving your consent, you give us permission to process your Personal Information specifically for the purposes set out in this Privacy Policy. You further consent to Stitch sharing your personal information with any of its partners and service providers for purposes of facilitating transactions.

Our Retention Practices

We retain End User Information for no longer than necessary to fulfil the purposes for which it was originally collected and processed, as described in these Terms, unless a longer retention period is required or permitted under applicable law.

As permitted under applicable law, even after you stop using an application or terminate your account with one or more Developer(s), we may retain your information (for example, if you still have an account with another Developer) provided that the relevant Developer has the requisite consent. In all instances, your information will only be processed in accordance with the POPIA and these Terms.

Transfer of Information outside of South Africa

We do not currently, but may in future transfer your Personal Information outside the geographic borders of South Africa. In the event that we do transfer your Personal Information outside of the geographic borders of South Africa, the transfers will be undertaken lawfully, subject to appropriate safeguards and in line with the provisions of POPIA.

8. Contacting Stitch

If you have any questions or complaints about these Terms or our privacy practices generally, you can
contact us at privacy@stitch.money.

9. Contacting the Information Regulator

In the event that you have any complaints about this Privacy Policy or our compliance with this Privacy Policy you can lodge a complaint with the Information Regulator via its website at
https://justice.gov.za/inforeg