Privacy Policy
Last updated: 18 April 2026 · Legal bundle 2026-06-26-v1
1. Who we are
This Privacy Policy explains how Umutungo ("we", "us") processes personal and portfolio information when you use our web application and related APIs. The data controller is the business entity operating the deployment you signed up for (e.g. your SaaS vendor). For beta programmes, that is typically the company named on your invitation or contract.
2. Categories of data
- Account & authentication: name, email and/or phone, password hash, role, session / refresh tokens, audit references, optional legal acceptance timestamp and bundle version.
- Portfolio & operations: assets, units, tenants, leases, rent obligations, payments, payment proof files (where uploaded), valuations, and notes you attach to records.
- Subscriptions & entitlements: plan keys, plan versions, subscription status, trial start and end dates, billing window fields, entitlement grants, and subscription event logs for administrators.
- Billing & payments: during the beta programme, subscription fees are usually paid outside the application (e.g. mobile money or bank transfer). We may record that a payment was received (date, amount, reference, plan period granted) in administrative logs tied to your account — not full bank or wallet credentials unless you voluntarily share them with support. When integrated billing is enabled, payment method tokens are stored by our payment processor; we retain processor customer identifiers, not full card numbers.
- Technical & security: IP addresses and request metadata may appear in logs; error reporting (e.g. Sentry) may receive stack traces and route names when enabled.
3. Purposes and legal bases (high level)
We process data to perform the contract with you (provide the Service, authenticate users, enforce plan limits, compute rent status), to secure the platform, and — where permitted — to improve reliability (e.g. diagnostics). Marketing communications, if any, should only be sent with appropriate consent under local law.
4. Retention
We retain data while your account is active and for a period afterwards as needed for backups, legal claims, or regulatory obligations. Exact retention windows should be set by the operator; self-service export and deletion flows may be added over time. Payment proof files are stored on infrastructure controlled by the operator with size and rate limits enforced by the application.
5. Sharing
We use subprocessors typical for SaaS: e.g. cloud hosting (database, application), optional error tracking, and (when you enable it) transactional email. When integrated billing is enabled, a payment processor (e.g. Flutterwave or similar) processes card and wallet payments; its privacy notice applies to that processing. During manual beta billing, payment processors may not be used for your subscription fee. A current subprocessor list should be maintained by the operator and linked from here when available. We do not sell your personal data as a product category.
6. International transfers
Infrastructure may be located outside your country (e.g. EU cloud regions or US providers). Where required, the operator should implement appropriate safeguards (standard contractual clauses, etc.) — confirm with your counsel.
7. Your rights
Depending on jurisdiction, you may have rights to access, rectify, erase, restrict, or port personal data, and to object to certain processing. Contact the operator to exercise these rights. We will verify your identity before acting on sensitive requests.
8. Children
The Service is not directed at children. Do not register accounts for individuals below the age of digital consent in your region for commercial tenancy software.
9. Changes
We may update this Policy. Material changes should be communicated as described in the Terms. Registration records which legal bundle version you accepted and when, to demonstrate consent for that version.