Privacy Policy

1. Who we are

ZanziPOS is a product of Zanziholics Digital Agency, a digital agency registered in Zanzibar, Tanzania. When this policy refers to "we", "us" or "ZanziPOS", it means Zanziholics Digital Agency.

Contact: build@zanzipos.app  ·  Fumba Town, Shehia ya Nyamanzi, Zanzibar, Tanzania

2. What data we collect

We collect the following categories of data depending on how you interact with ZanziPOS:

• Early access sign-ups: venue name, email address, venue type, and IP address submitted through the landing page form.
• Venue accounts (tenants): business name, owner name, email, venue type, subscription plan, and billing status.
• Staff accounts: name, email address, role, and hashed password.
• Orders and receipts: order items, quantities, prices, payment method, and optional customer name and email (if provided at checkout).
• ZRA receipts: fiscal receipt numbers, tax amounts, and ZRA integration identifiers required by Zanzibar Revenue Authority regulations.
• Usage analytics: page views, session data, and interaction events collected via Google Analytics and Google Tag Manager.

3. What we do not collect

• Card numbers, CVV codes, or any payment card data — this is handled entirely by Pesapal.
• Mobile money account details — processed by Pesapal.
• Biometric data of any kind.
• Data from children under 13.

4. How we use your data

• To provision and operate your venue account and POS system.
• To process subscription payments via Pesapal.
• To generate ZRA-compliant fiscal receipts as required by Tanzanian law.
• To send email receipts and transactional notifications (order confirmations, early access welcome emails).
• To notify our team (operations@zanziholics.com) of new sign-ups and account activity.
• To improve ZanziPOS using aggregated, anonymised analytics data.
• To log early access sign-ups in a Google Sheet for internal tracking.

5. Third-party services

ZanziPOS integrates with the following third-party services. Each has its own privacy policy:

6. Data storage and security

Venue data is stored in isolated MariaDB databases on a Hetzner VPS server located in Europe. Each venue has its own database — tenant data is never mixed. Passwords are hashed using bcrypt and never stored in plain text.

We use SSL/TLS encryption on all connections. The server is maintained by Zanziholics with regular backups.

7. Data retention

We retain venue account and order data for as long as your subscription is active, plus 12 months after cancellation to comply with tax record-keeping requirements under Tanzanian law.

Early access sign-up data is retained until you request deletion.

Analytics data (Google Analytics, Hotjar) is retained according to those platforms own policies.

8. Cookies

The ZanziPOS landing page uses cookies from Google Analytics, Google Tag Manager, Meta Pixel, TikTok Pixel, and Hotjar for analytics and advertising measurement purposes.

The tenant POS application uses a session cookie to maintain staff login state. This cookie is essential for the system to function and does not track advertising activity.

9. Your rights

You have the right to request access to, correction of, or deletion of your personal data held by ZanziPOS. To exercise these rights, contact us at build@zanzipos.app. We will respond within 30 days.

Note that some data (ZRA fiscal receipt records) cannot be deleted as it is required to be retained under Tanzanian tax regulations.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page will always reflect the most recent version. Continued use of ZanziPOS after changes are posted constitutes acceptance of the revised policy.