Privacy Policy

We process your data for the following purposes:

• Service Delivery: Deploying, hosting, and maintaining your software instances
• Account Management: Creating accounts, authenticating logins, managing subscriptions
• Billing & Payments: Processing payments, generating invoices, managing subscriptions
• Technical Support: Responding to inquiries, troubleshooting issues
• Service Improvement: Analyzing usage patterns to enhance features and performance
• Security: Detecting and preventing fraud, abuse, and unauthorized access
• Communications: Sending service updates, billing reminders, security alerts
• Legal Compliance: Meeting legal obligations, responding to lawful requests

Legal Basis (GDPR/POPIA):

• Contract: Processing necessary to provide the Service you subscribed to
• Legitimate Interest: Security, fraud prevention, service improvement
• Consent: Marketing communications (opt-in only)
• Legal Obligation: Tax records, regulatory compliance

We implement industry-standard security measures:

• Encryption in Transit: All connections secured with TLS 1.2+ (HTTPS)
• Encryption at Rest: Sensitive data encrypted using AES-256
• Password Security: Bcrypt hashing with individual salts
• Access Controls: Role-based access, principle of least privilege
• Infrastructure Security: Firewalls, intrusion detection, DDoS protection (Cloudflare)
• Automated Backups: Daily backups with encrypted storage
• Monitoring: 24/7 system monitoring and alerting
• Two-Factor Authentication: Available for all accounts (TOTP)
• Regular Updates: Security patches applied within 48 hours of release

While we employ best practices, no system is 100% secure. We encourage you to use strong passwords and enable 2FA.

We may share data with:

• Infrastructure Providers: Cloud servers for hosting your instances
• Payment Processors: To process your subscription payments
• Email Services: For transactional emails (invoices, alerts)
• DNS/CDN: Cloudflare for performance and security
• Legal Authorities: When required by law, court order, or to protect rights
• Business Transfer: In the event of merger, acquisition, or asset sale (with notice)

We will NEVER:

• Sell your data to advertisers or data brokers
• Share your application data with third parties
• Use your data for purposes unrelated to the Service
• Access your instance databases without your explicit permission

Depending on your jurisdiction (GDPR, POPIA, CCPA), you have the right to:

• Access: Request a copy of all personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interest
• Withdraw Consent: Withdraw consent for marketing communications at any time
• Complaint: Lodge a complaint with your local data protection authority

To exercise any of these rights, email [email protected]. We will respond within 30 days.

We use cookies and similar technologies:

• Essential Cookies: Required for authentication, security, and session management. Cannot be disabled.
• Functional Cookies: Remember your preferences (language, theme)
• Analytics: Aggregate usage statistics to improve the platform (no personal identification)

We do not use advertising cookies or third-party trackers. You can manage cookies through your browser settings.

• Active Accounts: Data retained for the duration of your subscription
• After Cancellation: Instance data deleted after 14 days; account data retained 30 days for recovery
• Backups: Retained for 7–30 days depending on plan, then permanently deleted
• Billing Records: Retained for 7 years as required by Zimbabwe tax law
• Server Logs: Retained for 90 days for security purposes
• Support Correspondence: Retained for 2 years

After the retention period, data is permanently and irreversibly deleted from all systems including backups.

Your data may be processed in countries other than your country of residence. Our servers are located in Europe and Africa. When transferring data internationally, we ensure:

• Adequate data protection standards are maintained
• Contractual safeguards are in place with sub-processors
• Compliance with applicable data transfer regulations

In the event of a personal data breach that poses a risk to your rights:

• We will notify affected users within 72 hours of becoming aware
• Notification will include: nature of breach, data affected, actions taken, recommended steps
• We will report to the relevant data protection authority where required
• We maintain an incident response plan and conduct regular security drills

We strive to comply with applicable data protection regulations including:

• Zimbabwe: Access to Information and Protection of Privacy Act (AIPPA), Cyber and Data Protection Act
• South Africa: Protection of Personal Information Act (POPIA)
• EU/UK: General Data Protection Regulation (GDPR) for EU-based customers
• Kenya: Data Protection Act, 2019

If you have specific regulatory requirements, please contact us to discuss compliance arrangements.

We may update this Privacy Policy periodically. When we make material changes:

• We will update the "Last Updated" date at the top
• We will notify you via email for significant changes
• We will post a notice on the Platform
• Continued use after changes constitutes acceptance

Data Controller: PrinSoft Business Solutions (Pvt) Ltd

25 Coventry Road, Workington, Harare, Zimbabwe

Privacy inquiries: [email protected]

General support: [email protected]

Phone: +263 775 115 379

We will respond to all privacy inquiries within 30 days.