Pawa Systems Africa

Legal

Data Policy

Last updated: 1 June 2026

1. Scope

This Data Policy describes how Pawa Systems handles data processed through our hosting, messaging, payment, POS, and custom-software services on behalf of our customers ("Controllers") and their end-users.

2. Roles

For services delivered to business customers, Pawa Systems acts as a Data Processor and the customer is the Data Controller. For our own website and marketing activities we act as Data Controller.

3. Categories of data processed

  • Account, billing, and contact information of customers.
  • End-user records stored by customers within hosted databases or applications.
  • Message metadata (sender, recipient, timestamp, status) for messaging APIs.
  • Transaction metadata for payments — never raw card data; processors are PCI-DSS certified.
  • System logs required for security, debugging, and capacity planning.

4. Data location

Primary infrastructure is hosted in regional data centres within Tanzania and the EU, with redundant backups in geographically separate locations. Customers may request specific regional residency for an enterprise plan.

5. Sub-processors

We engage a limited set of sub-processors (cloud infrastructure, email delivery, telco aggregators, payment processors). A current list is available on request and updated 30 days before any material change.

6. Security controls

Controls include role-based access, MFA on all admin accounts, encrypted backups, vulnerability scanning, quarterly penetration tests, intrusion detection, and audit logging. Incidents are reported to affected customers without undue delay and within 72 hours where required.

7. Data retention & deletion

Customer data is retained for the term of the service agreement plus 30 days for recovery. After this period, data is securely deleted from production and backup systems within 90 days unless retention is required by law.

8. Data subject requests

As a Processor we forward data subject requests to the relevant Controller and support them in responding within statutory deadlines.

9. Contact

Data Protection Officer — dpo@pawasystems.co.tz.

Chat on WhatsApp