Contents
1. Who We Are
Netpoa Limited (TIN / Company Registration No. 143-477-398), operator of the Sanya brand, is a company registered in the United Republic of Tanzania. We provide the Sanya Business operating system at sanya.tz along with three related services: Sanya Host (web hosting & domains), SanyaSMS (bulk SMS), and Kanisa MS (church management). For privacy purposes, we are the data controller for information about our customers — the businesses and individuals who sign up with us.
If you are using Sanya as someone's customer or employee (e.g. an invoice was generated for you by a Sanya subscriber), that subscriber is the data controller and Sanya is their data processor. The rest of this policy is written from the perspective of our direct customers.
2. What Data We Collect
2.1 You give us directly
- Identity: Your full name, business name, role (admin / employee).
- Contact: Email address, phone number.
- Business details: TIN (taxpayer identification number), VRN where applicable, business address.
- Authentication: Password (stored hashed, never in plaintext), two-factor codes.
- Billing: The plan you chose, cycle, payment confirmations from our online payment partner or your bank.
2.2 Generated automatically when you use Sanya
- Workspace activity: Invoices issued, products created, payroll runs — i.e. the records you generate to run your business.
- Usage logs: IP address, browser type, pages visited, timestamps. Retained for 90 days for security and debugging.
- Audit log: Significant actions (logins, password changes, subscription changes). Retained for 2 years.
2.3 Data you put into your workspace
When you enter customer records, employee details, supplier information, or other business data into Sanya, that data belongs to you. We process it on your behalf. We never sell it, mine it for advertising, or share it outside what's needed to run the service.
2.4 What we do NOT collect
- Card numbers — our online payment partner handles those directly; they never touch our servers.
- Government IDs (NIDA, passports) unless you choose to upload them as attachments.
- Personal data from non-Tanzanian advertising networks, brokers, or data aggregators.
3. How We Use Your Data
We use your data only for these purposes:
- Providing the service — running your workspace, processing your invoices, sending reminders.
- Billing & subscription management — charging your plan, sending invoices, suspending overdue accounts.
- Customer support — when you contact us, we look at your account to help you.
- Security & abuse prevention — detecting fraudulent signups, brute-force logins, SMS abuse.
- Service improvement — anonymous aggregate analytics (e.g. "70% of tenants use the Recurring module") to decide what to build next. Never tied to individual identities in published reports.
- Legal compliance — when required by Tanzanian law, court order, or regulator.
4. Lawful Basis for Processing
Under Tanzania's Personal Data Protection Act 2022 and similar laws, we process your data on these grounds:
- Contract — providing the service you signed up for.
- Legal obligation — keeping records required by Tanzanian tax, accounting, and AML rules.
- Legitimate interest — security, fraud prevention, infrastructure operations.
- Consent — for marketing emails about Sanya (opt-in only; you can revoke at any time).
5. Who We Share Data With
We share personal data only with the third parties strictly necessary to operate Sanya:
| Sub-processor type | Purpose | Data shared |
|---|---|---|
| Online payment partner | Payment processing (mobile money + cards + banks) | Order ID, amount, your name + email + phone |
| SMS delivery partner | SMS gateway (reminders, OTP codes, notifications) | Recipient phone, message body |
| Managed hosting provider | Server infrastructure and storage | All workspace data, encrypted at rest |
| Email delivery partner | Transactional email delivery (reminders, invoices) | Recipient email, message body |
Each sub-processor is bound by a contract that requires equivalent data-protection standards. We do not sell or rent personal data, period.
The specific vendors currently providing each function are listed in our Data Protection page and may change over time. We give 14 days' notice via email before adding or replacing any sub-processor.
We may also disclose data when required by:
- A Tanzanian court order or warrant.
- A binding request from a Tanzanian regulator (PDPC, TRA, BoT).
- Lawful national-security or law-enforcement requests.
Where allowed by law, we will notify you of the request so you can challenge it.
6. How Long We Keep Data
- Active workspace data: For as long as your subscription is active.
- After cancellation: 90 days, then permanently deleted (unless legally required to retain longer).
- Audit logs: 2 years.
- Billing records: 7 years (required by Tanzanian tax law).
- Marketing opt-in records: Until you revoke consent, plus a brief "do not email" record retained indefinitely so we don't re-email you by accident.
7. Your Rights
Under Tanzania's PDPA you have the right to:
- Access — Request a copy of the personal data we hold about you.
- Correct — Ask us to fix inaccurate or incomplete information.
- Delete — Request deletion ("right to be forgotten"), subject to our legal retention obligations.
- Restrict processing — Ask us to pause certain processing while a dispute is investigated.
- Object — To processing based on legitimate interest, particularly direct marketing.
- Portability — Export your data yourself in a machine-readable format (CSV, JSON) using the in-app tools, to move it elsewhere.
- Withdraw consent — Any time, for any consent-based processing.
- Complain — File a complaint with us first, then escalate to the Tanzania Personal Data Protection Commission.
To exercise any of these rights, email dpo@sanya.tz. We respond within 5 business days and complete most requests within 30 days.
8. How We Protect Data
- Encryption in transit — TLS 1.2+ on every connection.
- Encryption at rest — Database encryption on our hosting provider.
- Database isolation — Every tenant has its own database (DB-per-tenant). One customer's data cannot leak into another's through application bugs.
- Password hashing — Argon2 / bcrypt; we never store passwords in plaintext.
- Two-factor authentication — Available on every account, required for super-admins.
- Access controls — Sanya staff access to your workspace is logged and limited to support cases you've explicitly opened with us.
- Daily off-site backups — Retained for 30 days.
- Breach notification — If we discover a data breach affecting your data, we'll notify you within 72 hours of discovery, per PDPA.
9. Cookies & Tracking
Sanya uses a small number of essential cookies (session, auth, preferences). We do not use advertising cookies, marketing pixels, or third-party analytics on customer-facing pages. Full details in our Cookie Policy.
10. International Data Transfers
Our primary infrastructure is hosted with a managed hosting provider with servers located in the European Union and/or East Africa. Data may transfer outside Tanzania in the course of normal hosting operations. Where data leaves Tanzania, we ensure it is protected by:
- Hosting provider compliance with GDPR (which exceeds PDPA in most respects).
- Contractual safeguards in our hosting agreements.
- Encryption at rest and in transit.
11. Children
Sanya is a B2B service. We do not knowingly collect personal data from anyone under 18. If you become aware of a minor's data being processed through Sanya (e.g. in a school workspace), please contact dpo@sanya.tz immediately and we will remove it.
12. Changes to This Policy
We will notify you of material changes by email at least 14 days before they take effect. The "Effective" date at the top of this page is your authoritative source.
13. Contact / Data Protection Officer
For any privacy concern, contact our Data Protection Officer:
- Email: dpo@sanya.tz
- Post: Netpoa Limited (Sanya) — Data Protection, Kijitonyama, Dar es Salaam, Tanzania
You may also lodge a complaint with the Personal Data Protection Commission (PDPC) of Tanzania.