Data Processing Agreement
Last updated: March 2026
This agreement defines the conditions for processing personal data by Tenflr on behalf of its client banks.
Roles and Responsibilities
The client bank is the data controller. Tenflr acts as the data processor. Tenflr processes data only according to the bank's documented instructions.
Security Measures
Tenflr implements appropriate technical and organizational measures: bank-grade encryption, complete per-bank data isolation, immutable logging, regular security audits.
Sub-processors
Tenflr informs the bank of any use of sub-processors and ensures they meet equivalent data protection obligations.
Retention and Deletion
Data is retained for the duration of the contract plus the period required by COBAC regulations. Upon expiration, data is deleted or returned per the bank's instructions.
International Transfers
Data is hosted in Africa and is not transferred outside the continent without the bank's prior consent.