Legal
Privacy Policy
Last updated: 18 June 2026
1. Who we are
Buytena Technologies Ltd. ("we", "us", "Buytena") is a company registered in Dar es Salaam, Tanzania. We provide a customer retention software-as-a-service for small and mid-sized businesses. You can contact our privacy team at privacy@buytena.com.
2. What data we collect
We collect three categories of data. (1) Account data you provide on signup: name, email, password (hashed), business name. (2) Customer data you upload to ${siteConfig.name}: name, phone number, product, and date of last purchase. We never collect payment card numbers; billing is handled by mobile money or your bank. (3) Service data: API logs, IP addresses, and device information for security and abuse prevention.
3. How we use your data
We use account data to operate the service, send service emails, and authenticate you. We use customer data exclusively to send the SMS and WhatsApp reminders you configure. We do not sell or share customer data with third parties for marketing. We use aggregated, anonymized service data to improve the product.
4. Subprocessors
We use the following subprocessors: Supabase (Postgres + auth), Kilakona / Africa's Talking (SMS + WhatsApp delivery), SonicPesa (mobile money billing), and Resend (transactional email). A current list is available at /legal/dpa.
5. Your data and your rights
You can export, edit, or permanently delete any customer record at any time from the dashboard. You can request a full export or account deletion by emailing ${siteConfig.privacyEmail}. We will respond within 30 days. If you are in the EU, you have additional rights under GDPR, including access, rectification, erasure, restriction, portability, and objection. We honor the same rights for all users regardless of location.
6. Retention
We retain account data while your account is active. If you delete a customer record, it is removed from production within 24 hours and from backups within 90 days. We retain billing records for 7 years as required by tax law.
7. Security
All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Row-level security restricts every database query to the signed-in user. We perform quarterly access reviews and have a process to rotate service keys. We publish a security.txt at /.well-known/security.txt and welcome responsible disclosure at ${siteConfig.email}.
8. Children
${siteConfig.name} is a B2B service. We do not knowingly collect data from children under 16.
9. Changes to this policy
If we make material changes we will email active customers and post a banner in the dashboard at least 14 days before they take effect. The current version is always available at this URL with a last-updated date below.
10. Contact
Privacy questions: privacy@buytena.com. General questions: support@buytena.com. Postal: Dar es Salaam, Tanzania.