info@mswahili.com

Looking for collaboration for your next project? Do not hesitate to contact us to say hello.

scroll
Mswahili

Data Protection Policy

Effective Date: January 1, 2026
This Data Protection Policy explains how Mswahili Technologies (“we”, “our”, or “us”) processes and protects personal data in accordance with the Personal Data Protection Act, 2022 of Tanzania and applicable international data protection standards.

This policy applies to all platforms operated by Mswahili Technologies, including Bantu Soko, Bantu Dereva, and Kadi.

1. Principles of Data Protection

We process personal data in accordance with the following principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy of data
  • Storage limitation
  • Integrity and confidentiality

2. Lawful Basis for Processing

We process personal data only where permitted under law, including:

  • With the data subject’s consent
  • To perform contractual obligations
  • To comply with legal and regulatory requirements
  • For legitimate business interests that do not override user rights

3. Types of Data We Process

  • Identity and contact information
  • Location and service usage data
  • Transaction and payment records
  • Device and technical data
  • Communications and support interactions

4. Purpose of Processing

We process personal data to:

  • Provide and operate our Services
  • Facilitate transactions and service delivery
  • Enhance safety, prevent fraud, and enforce policies
  • Comply with legal and regulatory obligations
  • Improve platform functionality and user experience

5. Data Subject Rights

Under applicable law, users have the right to:

  • Access their personal data
  • Request correction of inaccurate data
  • Request deletion of data (subject to legal limitations)
  • Object to or restrict certain processing activities
  • Withdraw consent where processing is based on consent

6. Data Security

We implement appropriate technical and organizational measures to safeguard personal data, including encryption, access control mechanisms, and monitoring systems to prevent unauthorized access, disclosure, or loss.

7. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, and resolve disputes.

8. Cross-Border Data Transfers

Where personal data is transferred outside Tanzania, we ensure that adequate safeguards are in place and that such transfers comply with the requirements of the Personal Data Protection Act, 2022.

9. Data Breach Management

In the event of a data breach, we will take appropriate steps to contain, investigate, and mitigate the impact. Where required, we will notify relevant authorities and affected individuals in accordance with applicable laws.

10. Third-Party Processors

We may engage third-party service providers to process data on our behalf. Such providers are required to implement appropriate safeguards and comply with applicable data protection laws.

11. Compliance and Governance

We maintain internal policies and procedures to ensure compliance with data protection laws, including staff training, access controls, and regular reviews of data handling practices.

12. Updates to Policy

This policy may be updated periodically to reflect changes in legal requirements or business practices. Updates will be published on this page.

Contact

Mswahili Technologies
Email: info@mswahili.com
Website: https://mswahili.com