1. Apps covered by this policy
This privacy policy applies to all software and services published by Nzunda Technologies Limited under the Nzura brand, including in particular:
- Nzura App — the full Nzura Business Operating System covering every module and product (accounting, inventory, HR/payroll, CRM, POS, manufacturing, hotel, microfinance, contract farming, and more), available on the web at nzura.co.tz and through the Nzura desktop and mobile installers.
- Nzura Social Manager — the social media management app and module within Nzura App that connects to third-party social networks (including TikTok, X, Facebook, Instagram, LinkedIn, YouTube, and WhatsApp Business) to publish posts, schedule content, read and reply to messages, mentions and comments, and view social analytics on behalf of the connected business. "Nzura Social Manager" is also the application name registered with TikTok, X (Twitter), Meta, LinkedIn, and other social network developer platforms for the OAuth client that powers these integrations.
- Nzura Chat — the end-to-end encrypted messenger app published by Nzunda Technologies Limited for private business and personal conversations.
Where this policy refers to "the Nzura platform" or simply "Nzura", that reference includes Nzura App, Nzura Social Manager, and Nzura Chat unless the context clearly limits it to one of them.
2. What we collect
Nzura App, Nzura Social Manager, and Nzura Chat may process account details, company profiles, staff records, customer and supplier data, invoice and payment data, social channel metadata, posts, comments, mentions, direct messages, uploaded documents, audit logs, connected provider credentials, device and access logs, and operational content that a tenant chooses to place into the platform. In particular, Nzura Social Manager processes the posts, comments, mentions, direct messages, and analytics that flow through the social networks a tenant has chosen to connect.
3. Why we process data
We process data to provide the service, authenticate users, secure access, support required integrations, generate records and reports, improve reliability, comply with lawful requests, investigate abuse, and maintain auditability across modules.
4. Tenant control and lawful basis
Each tenant is responsible for ensuring it has a lawful basis to collect, use, upload, and process personal data through Nzura App, Nzura Social Manager, and Nzura Chat. Where a tenant acts as a controller or business owner for that data, the tenant remains responsible for notices, permissions, and compliance with applicable law.
5. Provider and integration data (including Nzura Social Manager)
When you connect payment gateways, AI providers, SMS providers, or social media channels, the Nzura platform stores and processes the minimum connection information needed to operate those integrations. Sensitive credentials are protected with encryption at rest and restricted operational access.
Nzura Social Manager specifically connects your business to third-party social networks — TikTok, X (Twitter), Facebook, Instagram, LinkedIn, YouTube, and WhatsApp Business — using each provider's official OAuth flow. For each connection, Nzura Social Manager stores only the tokens and identifiers needed to act on your behalf (publish posts you compose, schedule content, read and reply to messages, comments and mentions, and read public profile and analytics metrics for the connected account). Nzura Social Manager does not request, collect, or process the credentials of other users on those networks, and does not scrape data outside the scope of the official provider APIs and the permissions you have granted. You can disconnect any social account at any time from inside Nzura Social Manager, which revokes our stored access tokens for that account.
6. Security measures
The Nzura platform applies role-based access controls, audit trails, tenant scoping, transport security, environment-based secret handling, and verification workflows for connected providers. No system is guaranteed to be risk-free, so tenants must also apply their own operational security, user management, and review controls.
7. Data sharing
We may share data with infrastructure providers, communication providers, payment gateways, social networks, AI providers, regulators, auditors, or professional advisers when needed to provide the service, comply with law, investigate misuse, or enforce our terms. We do not treat tenant data as public information, and we do not sell or rent the data collected through Nzura App, Nzura Social Manager, or Nzura Chat.
8. Retention
We retain information for as long as needed for service delivery, auditing, legal obligations, backup continuity, dispute handling, abuse prevention, and lawful recordkeeping, subject to applicable agreements and law.
8.1 Trial accounts — pre-expiry cycle
Every Nzura App tenant starts on a 10-day free trial. Five days before the trial ends (T-5), the billing system automatically issues a draft invoice on the tenant's behalf and on Nzunda Technologies Limited's accounting books, and begins a daily reminder cadence by email and SMS at 09:05 EAT (T-5, T-4, T-3, T-2, T-1, T-0). The reminder on the final day (T-0) also includes a one-click login link so the tenant administrator can sign in and pay.
8.2 Trial accounts — grace period
If the invoice remains unpaid after the trial expires, daily "trial over — log in and pay" reminders continue for seven calendar days (T+1 through T+7). On T+7 (seven days after trial expiry) the unpaid invoice is automatically voided on both the tenant's billing module and Nzunda Technologies Limited's accounting module, and the tenant's service access stays suspended.
8.3 Inactive trial accounts — 60-day retention & deletion
If a trial account remains inactive (no plan activation, no successful payment) for 60 days after trial expiry, the account, its database schema, its uploaded files, and all stored backups are permanently and automatically deleted. To give the tenant administrator every opportunity to reactivate, a 14-day deletion countdown notification sequence is sent by email and SMS — at T+46 (14 days remaining), T+53 (7 days remaining), T+57 (3 days remaining), T+59 (final warning — tomorrow), and T+60 (confirmation of deletion).
8.4 Manual deletion by the tenant administrator
A tenant administrator may request deletion at any time via /consent/. Manual deletion cancels any pending reminder messages, hard-deletes the database schema, and purges every backup object held for the tenant in our object storage. The deletion takes effect on the scheduled day; if it is requested for a future date, all pending reminders for that tenant stop immediately.
8.5 What we keep after deletion
After deletion (manual or automatic at T+60) we retain only the minimum metadata required by Tanzanian tax law and our audit obligations: the tenant identifier, the legal company name, the deletion timestamp, the operator who performed the deletion, and the high-level audit trail. All personal data, customer records, business documents, attachments, and backup snapshots are irreversibly removed.
8.6 Disconnecting a social account in Nzura Social Manager
When a tenant administrator disconnects a social account (TikTok, X, Facebook, Instagram, LinkedIn, YouTube, or WhatsApp Business) inside Nzura Social Manager, the access tokens for that account are revoked and removed from our active store. Cached posts, conversations, and analytics metrics already pulled from that account remain associated with the tenant's record for audit and historical reporting unless the tenant requests their deletion via /consent/.
9. Cross-border and provider-side processing
Some connected providers — including the social networks integrated by Nzura Social Manager — may process data in jurisdictions outside Tanzania. By enabling those integrations, the tenant acknowledges that provider-side processing may be governed by the provider's own infrastructure footprint and contractual terms.
10. Your rights, requests, and complaints
In line with Tanzania's Personal Data Protection Commission guidance for website privacy notices, data subjects should be able to request information, access, correction, deletion, restriction, objection, withdrawal of consent, and direct-marketing preferences through a clear channel. Nzura provides a public request page for that purpose at /consent/.
Privacy and data protection requests for Nzura App, Nzura Social Manager, or Nzura Chat may be sent to info@nzura.co.tz or info@nzundatech.co.tz. Where the request relates to tenant-controlled customer or employee data, we may direct the request to the relevant tenant or require verification of authority.
11. Privacy & consent request form
If you want to exercise a privacy right or withdraw a consent you previously gave for Nzura App, Nzura Social Manager, or Nzura Chat, use the Privacy & Consent Request Form. The form helps us capture the minimum details needed to verify and route the request correctly.
12. Policy updates
We may update this privacy policy as the product, integrations, or legal requirements evolve. Material updates may be reflected through platform notices, updated legal pages, or contractual updates. This policy covers Nzura App, Nzura Social Manager, and Nzura Chat collectively.