Back to Home

Privacy Notice

Last updated:

MiProof is an identity-verification platform operated by MiKashBoks, a financial-technology company based in Freetown, Sierra Leone and licensed by the Bank of Sierra Leone. This notice explains how we handle personal data when financial institutions use MiProof to verify their customers and agents — covering both the people being verified and the institutions and teams that use the service.

1. Our Role: Processor and Controller

Identity verification involves two different relationships, and our responsibilities depend on which one applies:

  • As a processor — when an institution uses MiProof to verify an End User, that institution decides why and how the data is used. It is the controller (or “responsible party”), and MiKashBoks handles the Verification Data only on its documented instructions. If you were verified through a bank, fintech, mobile money provider, agent network, or lender, that institution’s own privacy notice governs your data and you should raise requests with them first.
  • As a controller — for our own business data, such as the contact details of the people who use MiProof, the information shared with us during a process review, and website-visitor data, MiKashBoks is the controller and this notice applies directly.

2. Definitions

  • “Customer” — the institution that uses MiProof to verify its customers or agents.
  • “End User” — a person or business whose identity is submitted to MiProof for verification.
  • “Verification Data” — the documents, extracted fields, images, and biometric (facial) data submitted for a check, together with the results.
  • “Personal data” — information that identifies or relates to an identifiable person.

These terms carry the same meaning as in our Terms of Service.

3. Information We Collect

We collect only what is needed to provide and run identity-verification services:

  • Verification Data (End Users) — identity and business documents and the fields read from them, facial images and the biometric template derived from them, and the related inputs and results of KYC and KYB checks. This is submitted to us by the Customer.
  • Account and contact data (Customers) — names, work email addresses, role, and organization details of the people who use MiProof on a Customer’s behalf.
  • Process-review and support data — information you share when you contact us, request a demo, or describe how you verify customers today.
  • Website and technical data — basic information such as IP address, device and browser type, and pages visited, collected when you use our website to keep it secure and working.

4. How & Why We Use Information

Depending on the role above, we use personal data to:

  • Provide identity-verification services and process KYC and KYB checks on a Customer’s instructions
  • Confirm a person matches their document and detect duplicate or repeat identities
  • Keep an evidence trail you can show an auditor for each check, on behalf of the Customer
  • Operate, secure, support, and improve the service
  • Communicate about accounts, requests, demos, and support
  • Meet our own legal, regulatory, and supervisory obligations

Our legal basis depends on the data. For Verification Data we act on the Customer’s instructions, and the Customer is responsible for the lawful basis and consent (see below). For our own business and website data, we rely on your consent, our legitimate interest in running and improving the service, or compliance with law, as applicable.

The Customer submitting data for verification is responsible for establishing a lawful basis and obtaining the consent required from the End User — including any specific consent needed for biometric data — before that data is sent to MiProof, and for giving End Users the privacy notices required by law. We process Verification Data on the Customer’s behalf for the purposes set out in our agreement with them.

6. Biometric (Facial) Data

Facial images and the biometric templates derived from them are sensitive personal data. We use them solely to confirm that a person matches their identity document and to detect duplicate identities as part of verification. We do not use biometric data for any unrelated purpose, do not sell it, and handle it in accordance with applicable data-protection law and the Customer’s instructions.

7. Automated Processing & Service Improvement

Verification uses automated checks and machine-learning models to read documents, compare faces, and flag duplicates or anomalies. These produce decision support, not a final decision — the Customer’s reviewers keep the final say over any outcome, as explained in our Terms of Service. Where permitted and on a lawful basis, we may use aggregated and de-identified information — which does not identify any person — to maintain and improve the accuracy and performance of the service. This excludes biometric (facial) data, which we never use to train or improve our models. MiProof operates as a dedicated identity-verification service, and Verification Data is never used for MiKashBoks’ own financial products.

8. Data Location & Transfers

Verification Data is processed and stored in line with the data-residency terms set out in the Service Agreement. Where processing or transfer outside a given region is necessary to provide the service — for example, certain automated document and facial checks — we put appropriate safeguards in place and act consistently with applicable law and the Service Agreement.

9. Sharing & Connected Sources

We share personal data only as needed to provide the service:

  • With the requesting Customer — the institution receives the Verification Results and evidence record for the checks it requested.
  • With connected verification and registry sources — for a given check, we exchange the minimum data needed with sources such as business registries and mobile network operators.
  • With service providers — vetted sub-processors who help us run the service under confidentiality and data-protection obligations.
  • Where required by law — with regulators or authorities, including the Bank of Sierra Leone (BSL) and the National Communications Authority (NatCA), when we are legally obliged to.

We do not sell personal data.

10. Security

We apply technical and organizational safeguards, including encryption in transit and at rest and role-based access controls with a log of who viewed each case. Specific security commitments are defined in the applicable Service Agreement.

11. Data Retention

We retain Verification Data only as long as needed to provide the service and to meet the Customer’s regulatory requirements, as set out in the Service Agreement, after which it is deleted or anonymized. Business-contact and website data is kept only as long as needed for the purpose it was collected for.

12. Your Rights

Subject to applicable law, you may ask to access, correct, or delete your personal data, or to object to or restrict certain processing. Where an institution submitted your data for verification, that institution is the controller, so we will usually direct your request to them or act on their instructions. For data we hold as controller, contact us directly at info@mikashboks.com. You may also raise a concern with the relevant supervisory authority.

13. Children’s Data

MiProof is intended for verifying adults as part of regulated financial services and is not directed at children. Where a Customer needs to verify a minor, that Customer is responsible for obtaining any guardian consent required by law before submitting the data.

14. Changes to This Notice

We may update this notice from time to time. If we make a material change, we will update the “Last updated” date above and, where appropriate, give notice. Please check back for the latest version.

15. Contact

For privacy-related inquiries, or to exercise your rights for data we hold as controller, contact us at info@mikashboks.com.