Legal

Acceptable Use Policy

Effective: 15 May 2026  ·  Version 1.0

Sanya is designed for legitimate Tanzanian businesses. This policy spells out what you cannot do — so the platform stays fast, secure, and free of abuse for everyone else.

1. The short version

Use Sanya to run a legitimate business. Don't use it to break the law, attack the service, harm other users, or send unwanted SMS / email. Violations can result in immediate suspension without refund.

2. What you may not do

2.1 Illegal activity

  • Use Sanya to commit, support, or facilitate any act illegal under Tanzanian law (or the law of any jurisdiction where the activity occurs).
  • Store, process, or distribute content that infringes intellectual property rights you don't own.
  • Conduct money laundering, terrorist financing, tax evasion, or sanctions-busting activity. (We comply with all applicable AML/KYC requirements and may freeze accounts on a regulator's lawful request.)

2.2 Spam & unwanted communications

  • Do not use Sanya's SMS or email features to send messages to recipients who have not consented to hear from you.
  • Bulk SMS sent through Sanya must comply with Tanzania Communications Regulatory Authority (TCRA) rules — including respecting opt-out requests, sender-ID rules, and time-of-day restrictions where applicable.
  • Do not use Sanya to send phishing messages, scams, or misleading "you have won" promotions.

2.3 Security & integrity

  • No probing, scanning, penetration testing, or vulnerability research against Sanya infrastructure without prior written authorisation (which we grant generously to good-faith researchers — see Section 5).
  • No attempts to bypass authentication, authorisation, rate limits, or plan-feature gates.
  • No introducing of malware, viruses, ransomware, or any code intended to disrupt or damage the service or other users.
  • No mass scraping of UI or API endpoints to circumvent plan limits.
  • No sharing login credentials between people. Each user must have their own account.

2.4 Resource abuse

  • No using Sanya for cryptocurrency mining, distributed compute jobs, or any activity unrelated to running a normal business.
  • No storing files unrelated to your business (movies, personal photos, software downloads). The storage allotment is for invoices, receipts, employee photos, product images, and similar working files.
  • If your traffic pattern causes us to provision dedicated infrastructure to keep up, we'll contact you to either upgrade to a higher plan or limit the activity.

2.5 Harmful content

  • No hate speech, threats, harassment, or content inciting violence.
  • No content sexually exploiting minors. (We report any such content to Tanzania Police and preserve evidence for prosecution.)
  • No content that defames identifiable individuals.

2.6 Multi-tenancy violations

  • Do not attempt to access, read, modify, or interfere with another tenant's workspace.
  • Do not impersonate another Sanya customer in correspondence, support tickets, or recovery flows.
  • Do not create duplicate accounts to evade a previous suspension or to abuse trial / promotional offers.

2.7 Reselling without permission

  • You may use Sanya to invoice your own customers — that's the point.
  • You may not resell Sanya as a sub-service to third parties (e.g. as a white-labelled product you charge for separately), except under our Pro plan's white-label feature which allows you to brand your own invoices — not to re-sell access to Sanya itself.
  • If you have a partnership / reseller need, contact partners@sanya.tz — we have a separate programme.

3. Responsible Security Research — welcomed

If you find a security vulnerability in Sanya:

  1. Don't exploit it beyond what's necessary to demonstrate the issue.
  2. Don't access another tenant's data — even to prove the bug. Document the vulnerability conceptually.
  3. Email security@sanya.tz with the details. PGP key available on request.
  4. We commit to acknowledge within 48 hours, fix within a reasonable timeframe, and credit you publicly (if you wish) once the patch ships.
  5. Good-faith disclosure to us — even of a serious vulnerability — will not result in legal action against you under these Terms.

4. Consequences of violation

If you violate this policy, we may take any of the following actions, depending on severity:

  • Warning — for first-time, minor, easily-corrected issues.
  • Temporary feature restriction — e.g. disabling SMS sending until a specific issue is resolved.
  • Suspension — workspace becomes inaccessible. Data preserved. You can fix the issue and request reactivation.
  • Termination — for serious or repeated violations. Data deleted after the 90-day retention window in our Terms.
  • Refund forfeit — pre-paid amounts are not refunded for violation-based terminations.
  • Legal action — for fraud, willful damage, or illegal activity.

For serious threats (active attacks, illegal content), we may suspend without prior notice. Where possible we will explain the reason within 24 hours and give you a chance to respond.

5. Reporting violations

If you believe another Sanya user is violating this policy:

We treat every report seriously. False reports made in bad faith are themselves a violation of this policy.

6. Changes

We may update this policy as new abuse patterns emerge. Material changes are emailed to active customers at least 14 days before they take effect.

Questions?

Email support@sanya.tz or write to Netpoa Limited, Kijitonyama, Dar es Salaam, Tanzania.

For data-protection requests specifically, contact our DPO at dpo@sanya.tz.