Privacy Policy

Our Commitments at a Glance

Data is encrypted at rest and in transit

All data is stored on secured servers. Communication between your browser and our servers is encrypted via HTTPS/TLS.

Complete tenant isolation

Your organisation's data is strictly separated from every other organisation on the platform. No cross-tenant data access is possible.

We never sell your data

Member data you enter is never sold, rented, or shared with third parties for marketing or any other commercial purposes.

Right to deletion

You may request deletion of your organisation's data at any time by contacting us. Data will be permanently deleted within 30 days.

1. Who We Are (Data Processor)

TELESOFT operates the JUZAFY platform. For the purposes of data protection law, TELESOFT acts as a data processor on behalf of your organisation (the data controller).

Contact: support@juzafy.co.tz

2. What Data We Collect

2.1 Organisation Account Data

Data	Purpose	Retention
Organisation name	Account identification	Duration of account
Contact person name	Account contact	Duration of account
Contact email address	Account communications	Duration of account
Contact phone number	Login credential + contact	Duration of account
Password (hashed)	Authentication	Duration of account

2.2 Member Data (Entered by Your Organisation)

            Important: Member data is entered entirely by the account holder's organisation. JUZAFY does not independently collect this data from members.
        

Data	Purpose	Retention
Full name	Member identification	Until deleted by organisation
Phone number	SMS communication	Until deleted by organisation
Pledge & payment amounts	Financial tracking	Until deleted by organisation

2.3 Usage & Audit Data

Actions performed within the platform (audit logs) — retained for 12 months
IP addresses of logins — retained for 90 days
SMS delivery logs — retained for 12 months

3. Legal Basis for Processing

We process personal data on the following legal bases:

Contract performance — to provide the JUZAFY service as agreed
Legitimate interests — security monitoring, fraud prevention, platform improvement
Legal obligation — where required by Tanzanian law

For member data entered by organisations, the legal basis is determined by the organisation (data controller) — not JUZAFY.

4. How We Use Data

Providing and operating the JUZAFY platform
Authenticating users and securing accounts
Transmitting SMS messages through the Beem Africa gateway
Generating audit trails for the account's own review
Investigating security incidents and platform abuse
Communicating service updates to account holders

We do not use member data for advertising, profiling, or any purpose beyond operating the platform.

5. Data Sharing

We share data only with:

Beem Africa — SMS delivery (only the phone number and message content; no name or financial data)
Hosting provider — infrastructure to run the platform (subject to data processing agreements)
Law enforcement — only where required by a valid legal order from a Tanzanian court

We never sell, rent, or trade personal data to third parties.

6. Data Security Measures

All passwords are hashed using bcrypt (one-way, irreversible)
All connections use HTTPS/TLS encryption
Tenant data is isolated at the database level — each query is automatically scoped to the authenticated organisation
Admin access requires a separate super-admin credential
Full audit trail of all data modifications
Internal error details are never exposed to end users — all exceptions are logged server-side only

7. Your Rights as Data Subject

Members whose data has been entered into JUZAFY by an organisation have the following rights (exercisable through the organisation that holds their data):

Right of access — request a copy of your personal data
Right to rectification — request correction of inaccurate data
Right to erasure — request deletion of your personal data
Right to object — object to processing of your data
Right to withdraw consent — withdraw consent for SMS communication at any time

Organisations can exercise these rights on behalf of their members through the platform's member management features, or by contacting us at support@juzafy.co.tz.

8. Data Retention

Organisation account data: retained while the account is active; deleted within 30 days of account closure
Member data: retained until deleted by the organisation, or 30 days after account closure
Audit logs: 12 months
SMS logs: 12 months
IP address logs: 90 days

9. Cookies

JUZAFY uses session cookies strictly necessary for platform operation (authentication, CSRF protection). We do not use tracking or advertising cookies.

10. Compliance

This policy is designed to comply with the principles of the Personal Data Protection Act (PDPA) of Tanzania and related regulations issued by the Personal Data Protection Commission (PDPC).

As a data processor, JUZAFY will:

Process data only on documented instructions from the organisation
Maintain appropriate technical and organisational security measures
Notify affected organisations promptly in the event of a data breach
Cooperate with regulatory investigations as required

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active organisations of any material changes via in-platform notification at least 14 days before changes take effect.

12. Contact & Complaints

For privacy-related queries or to exercise your rights:

Email: support@juzafy.co.tz

If you believe your data rights have been violated, you may lodge a complaint with the Personal Data Protection Commission (PDPC) of Tanzania.