Stawi Biz ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, web platform, WhatsApp integration, and SMS services (collectively, the "Service"). Please read this privacy policy carefully. By using our Service, you consent to the practices described in this policy.

1.1 Personal Information

When you register for our Service, we collect:

• Full name
• Phone number (required for SMS/WhatsApp functionality)
• Email address (optional)
• Business/Shop name
• Business location (optional)
• Profile information from WhatsApp (name, profile picture) when you interact with our WhatsApp Business API

1.2 Business Data

To provide our business management services, we collect:

• Product/inventory information (names, prices, quantities)
• Sales transaction records
• Customer information (names, phone numbers for your business customers)
• Supplier information
• Expense records
• Financial reports and analytics data

1.3 Usage Data

We automatically collect:

• Device information (type, operating system)
• IP address
• Browser type and version
• Pages visited and features used
• Time and date of access
• SMS and WhatsApp message logs (commands sent to our system)

1.4 Information from Third Parties

We may receive information from:

• Meta/WhatsApp: When you interact with us via WhatsApp, we receive your WhatsApp ID, phone number, profile name, and message content
• Payment Providers: Transaction confirmations from mobile money services (M-Pesa, Tigo Pesa, Airtel Money)

We use the collected information to:

• Provide Services: Process your business transactions, manage inventory, generate reports, and deliver AI-powered business insights
• Communication: Send you transaction confirmations, alerts, reports, and important updates via SMS and WhatsApp
• Improve Services: Analyze usage patterns to enhance our platform and develop new features
• Customer Support: Respond to your inquiries and provide technical assistance
• Security: Detect and prevent fraud, unauthorized access, and other security issues
• Legal Compliance: Comply with applicable laws, regulations, and legal processes
• Marketing: Send promotional messages about new features (only with your consent, and you can opt-out anytime)

3.1 Data Storage

• Your data is stored on secure servers hosted by reputable cloud service providers
• We use PostgreSQL databases with encryption at rest
• Data is primarily stored in data centers located in secure facilities
• Backups are encrypted and stored separately for disaster recovery

3.2 Security Measures

• SSL/TLS encryption for all data in transit
• Password hashing using industry-standard algorithms (bcrypt)
• Multi-tenant data isolation ensuring your business data is completely separated from other users
• Regular security audits and vulnerability assessments
• Access controls limiting employee access to user data
• Session management and automatic logout features

3.3 Data Retention

• Active account data is retained as long as your account is active
• Transaction history is retained for 7 years for accounting and legal purposes
• Message logs are retained for 90 days for troubleshooting purposes
• Upon account deletion, personal data is removed within 30 days (except where legally required to retain)

We do NOT sell your personal information. We may share your information only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who assist us in operating our Service:

• Meta/WhatsApp: To enable WhatsApp Business messaging functionality
• SMS Gateways: To send SMS messages (Beem Africa, Africa's Talking)
• Cloud Hosting: Server infrastructure providers
• Payment Processors: To process subscription payments
• AI Services: For business intelligence features (data is anonymized where possible)

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, safety, or the rights of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change.

4.4 With Your Consent

We may share your information for any other purpose with your explicit consent.

You have the following rights regarding your personal data:

5.1 Access

You can request a copy of your personal data at any time through your account settings or by contacting us.

5.2 Correction

You can update or correct your personal information through your account settings or by contacting us.

5.3 Deletion

You can request deletion of your account and personal data by:

• Using the "Delete Account" feature in Settings
• Sending "DELETE" via WhatsApp to our business number
• Emailing us at privacy@stawibiz.co.tz

5.4 Data Portability

You can export your business data (products, sales, customers) in CSV or PDF format from your dashboard.

5.5 Opt-Out

You can opt out of:

• Marketing messages by replying "STOP" to any promotional SMS/WhatsApp
• Non-essential notifications in your account settings

5.6 Restrict Processing

You can request that we limit how we use your data while we address any concerns you have.

When you use our WhatsApp integration:

• We use the WhatsApp Business API provided by Meta to enable messaging functionality
• Your messages to our WhatsApp business number are processed to provide our services (recording sales, checking inventory, etc.)
• We receive your WhatsApp profile name and phone number when you message us
• Message content is stored to provide service continuity and support
• We do NOT access your private WhatsApp conversations with other people
• We comply with WhatsApp Business Policy and Meta's Data Policy

7. Cookies and Tracking Technologies

Our web platform uses:

• Essential Cookies: Required for the platform to function (authentication, session management)
• Preference Cookies: Remember your settings (language, theme)
• Analytics: To understand how users interact with our platform (anonymized)

You can control cookies through your browser settings.

8. Children's Privacy

Our Service is intended for business use and is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Our Service is primarily operated in Tanzania. If you access our Service from outside Tanzania, please be aware that your information may be transferred to, stored, and processed in Tanzania or other countries where our servers are located. By using our Service, you consent to such transfers.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we may also send you a notification via SMS, WhatsApp, or email. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: