Data Privacy

How can customers keep their information safe?

Do not share your personal details, call records, account balances, date of birth or PINs with anyone who calls you.
Safaricom will only call you from 0722 000 000. Safaricom staff will never ask you to share your M-PESA or Sim card PIN
Do not store your passwords and PINs as contacts on your phone.
Activate privacy settings, such as phone lock features and 2-factor authentication, on your devices.
Only download or use approved apps from official app stores.

How does Safaricom keep customers' information safe?

Safaricom has enacted security controls and measures, including data minimisation, encryption, regular audits, and 24/7 monitoring across all systems.
Our privacy practices are transparent, published on our website and available via a link on our digital channels to our privacy statement.
We have dedicated security and privacy teams that work to ensure the safety and security of all customer data.
Safaricom cannot listen to your personal calls or know what you have said in your messages.
Safaricom does not share customer information that is not required to be shared by the laws and regulations of Kenya and industry best practices.
Safaricom has annual external audits and certifications which test and confirm our security and privacy controls.
Safaricom is ISO 27701 (Privacy Information Management System), ISO 27001 (Information Security Management Systems) and PCI DSS v4 certified (the most recent version of the Payment Card Industry Data Security Standard – a set of guidelines for handling cardholder data).
Safaricom is regulated by the Office of the Data Protection Commissioner (ODPC), the Communications Authority of Kenya (CA) and the Central Bank of Kenya (CBK). We have embedded processes and controls in our business to ensure we are compliant with all laws and regulations of Kenya and with the Data Protection Act of Kenya, the Kenya Information and Communications Act, as well as the National Payments Systems Act to protect customer data.

What steps does Safaricom take to comply with data protection laws?

Safaricom is committed to complying with all relevant data protection laws and regulations. In order to ensure this, we have put in place the following measures:

Data protection policies: We have established comprehensive data protection policies that outline how we collect, use, and protect personal information and user data. To read more, see our Privacy Statement.
Training and awareness: Staff receive mandatory annual training in data protection principles and practices to ensure compliance across the organisation. Stakeholders such as dealers, agents, suppliers, and partners are also trained annually.
Data protection office: We have established a dedicated Data Protection Office staffed with a team responsible for overseeing our data protection strategy and compliance with legal obligations.

Can third parties, including law enforcement, access user data?

User data is safeguarded by strict internal privacy policies, a national regulatory framework, and global standards and best practices. Third parties can only access specific user information under certain legal conditions.
For example, law enforcement agencies may request access to user data as part of an investigation, but such requests must go through a legal process that ensures the rights of the user are respected.

Can users request access to their data?

Yes, users have the right to request access to their personal data. To submit a data access request, visit a Safaricom shop or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.. We will provide you with the information requested in accordance with applicable data protection laws.