← Back to Home ← Rudi Nyumbani Last Updated: June 8, 2026

Privacy Policy

Atlas Digital Vault ("we", "us", or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, disclose, and safeguard your personal information when you use our Service. This policy is drafted in compliance with the Personal Data Protection Act, 2023 (PDPA) of the United Republic of Tanzania and is enforceable under the oversight of the Personal Data Protection Commission (PDPC) of Tanzania.

By accessing or using the Service, you acknowledge that you have read, understood, and consent to the data practices described in this Privacy Policy.

1. Data Controller

Atlas Digital Vault is the data controller responsible for processing your personal data under the PDPA. As a data controller, we determine the purposes and means of processing your personal data and are accountable for ensuring compliance with the PDPA and all directives issued by the PDPC.

2. Our Privacy Commitment

Atlas Digital Vault is built on a zero-knowledge encryption architecture. This means we fundamentally cannot access the contents of your encrypted documents. Your privacy is not just a policy — it is enforced by our technical architecture. The contents of your documents are encrypted on your device before they reach our servers, and we never possess the keys to decrypt them.

3. Information We Collect

3.1 Information You Provide Directly

Account Information: Email address, full name, and account preferences provided during registration.
Payment Information: Billing details processed through our third-party payment processors. We do not store full credit card numbers, CVVs, or complete payment credentials on our servers.
Support Communications: Information you voluntarily provide when contacting our support team, including email correspondence and any attachments you send.
Feedback and Surveys: Information you provide if you participate in surveys or provide feedback about the Service.

3.2 Information We Cannot Access (Zero-Knowledge Data)

Document Contents: All documents are encrypted on your device using AES-256-GCM encryption with your master password before upload. We store only encrypted ciphertext and have no technical ability to decrypt it.
Master Password: Your master password is never transmitted to or stored on our servers in any form.
Encryption Keys: Your encryption keys are derived locally on your device using PBKDF2-SHA256 with 600,000 iterations and are never shared with us or transmitted over any network.
Recovery Key: Your recovery key is generated locally and is never stored on our servers in plaintext.

3.3 Information Collected Automatically

Usage Data: General usage patterns such as feature usage frequency, session duration, and anonymized error logs. This data does not include any document content.
Device Information: Device type, operating system, browser type and version, screen resolution, and language preferences.
Log Data: IP addresses, access timestamps, API request metadata, HTTP status codes, and referral URLs.
Performance Data: Page load times, API response times, and crash reports to help us maintain and improve the Service.

4. Legal Basis for Processing (PDPA Compliance)

Under Section 11 of Tanzania's Personal Data Protection Act, 2023, we process your personal data on the following lawful bases:

Consent (Section 11(1)(a)): You provide explicit, informed consent when creating an account and agreeing to this Privacy Policy. You may withdraw your consent at any time as described in Section 9 below.
Contractual Necessity (Section 11(1)(b)): Processing necessary to perform the contract for the Service you have subscribed to, including account management, payment processing, and service delivery.
Legitimate Interest (Section 11(1)(f)): Processing necessary for our legitimate interests in operating, securing, and improving the Service, including fraud prevention, security monitoring, and service analytics, balanced against your rights and freedoms.
Legal Obligation (Section 11(1)(c)): Processing required to comply with applicable laws, regulations, court orders, or lawful requests from governmental authorities of the United Republic of Tanzania.

5. How We Use Your Information

We use the information we collect for the following purposes:

Providing, operating, maintaining, and improving the Service.
Processing transactions and sending related billing and payment information.
Sending service-related notices, including expiry reminders, security alerts, and account notifications.
Responding to your support requests, inquiries, and feedback.
Monitoring and analyzing usage trends to improve user experience and Service performance.
Detecting, investigating, and preventing fraud, security threats, and technical issues.
Complying with legal obligations under Tanzanian law and responding to lawful governmental requests.
Enforcing our Terms of Service and other policies.

6. Data Sharing and Disclosure

We do not sell, rent, trade, or otherwise commercially transfer your personal information to third parties. We may share information only in the following limited circumstances:

Service Providers: With trusted third-party service providers who assist us in operating the Service (e.g., payment processors, cloud hosting providers, error monitoring services), subject to strict data processing agreements that comply with the PDPA. These providers are contractually obligated to process your data only as instructed by us and to maintain appropriate security measures.
Legal Requirements: When required by law, regulation, legal process, or a binding order from a court or governmental authority of the United Republic of Tanzania. Due to our zero-knowledge architecture, we can only provide encrypted data and account metadata — we cannot provide the plaintext content of your documents.
Protection of Rights: When we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, to investigate fraud, or to respond to a government request.
Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, with prior notice to you and subject to this Privacy Policy continuing to apply to your data.
With Your Consent: When you explicitly authorize sharing, such as through the Trusted Contacts feature or Shared Links. You are solely responsible for data shared through these features.

7. Data Storage and Location

Your encrypted data is stored on secure servers. We prioritize data sovereignty and compliance with Tanzanian data localization preferences as directed by the PDPC. Account metadata may be processed in secure data centers where necessary for service delivery, subject to appropriate data protection safeguards as required by the PDPA.

8. Data Retention

Active Accounts: We retain your account information and encrypted data for as long as your account is active and the Service is being provided to you.
Closed Accounts: Upon account closure or deletion, we retain your data for 30 days to allow for account recovery, after which it is permanently and irreversibly deleted from our active systems.
Legal Requirements: We may retain certain account metadata as required by applicable Tanzanian law (including tax and financial record-keeping requirements) even after account closure, for the minimum period required by law.
Backup Data: Encrypted backups may persist for up to 90 days after deletion from active systems before being purged from all backup systems.
Anonymized Data: We may retain anonymized, aggregated data that cannot be used to identify you for statistical and analytical purposes indefinitely.

9. Your Rights Under the PDPA

Under the Personal Data Protection Act, 2023 of the United Republic of Tanzania, you have the following rights, which we are committed to upholding:

Right of Access (Section 16): You may request access to the personal data we hold about you, including information about the purposes of processing, the categories of data, and the recipients of your data.
Right to Rectification (Section 17): You may request correction or updating of inaccurate or incomplete personal data.
Right to Erasure (Section 18): You may request deletion of your personal data, subject to legal retention requirements and our obligation to retain certain records under Tanzanian law.
Right to Data Portability (Section 20): You may request a copy of your personal data in a structured, commonly used, and machine-readable format.
Right to Restrict Processing (Section 19): You may request that we restrict the processing of your personal data in certain circumstances.
Right to Object (Section 21): You may object to the processing of your personal data for certain purposes, including direct marketing.
Right to Withdraw Consent: You may withdraw your consent to data processing at any time by contacting us. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with the Personal Data Protection Commission (PDPC) of Tanzania if you believe your data protection rights have been violated.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within 30 days as required by the PDPA.

10. Data Security

We implement comprehensive technical and organizational security measures to protect your information, including:

AES-256-GCM encryption for all document content (performed client-side before upload).
PBKDF2-SHA256 with 600,000 iterations for cryptographic key derivation.
TLS 1.3 encryption for all data in transit between your device and our servers.
bcrypt hashing for all authentication credentials stored on our servers.
Regular security assessments and vulnerability scanning.
Access controls, role-based permissions, and monitoring for our infrastructure.
Encrypted database backups with automated rotation and secure off-site storage.
Rate limiting and intrusion detection systems to prevent unauthorized access.

While we implement industry-leading security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, and you acknowledge that you transmit data at your own risk.

11. Children's Privacy

The Service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16 without verifiable parental consent. Users between 16 and 18 may use the Service only under the supervision of a parent or legal guardian who has agreed to our Terms of Service. If we become aware that we have collected personal information from a child under 16 without appropriate consent, we will take immediate steps to delete that information. If you believe a child under 16 has provided us with personal data, please contact us at [email protected].

12. Cookies and Tracking Technologies

We use minimal, essential cookies and similar technologies solely for:

Authentication: Session cookies to keep you securely signed in to your account.
Security: Cookies to prevent cross-site request forgery (CSRF) and other security attacks.
Preferences: Cookies to remember your settings, theme, and language preferences.

We do not use third-party advertising cookies, tracking pixels, or behavioral analytics trackers. We do not share browsing data with advertisers or data brokers. We do not engage in cross-site tracking or profiling.

13. Cross-Border Data Transfers

In accordance with Part VI of the PDPA, when personal data is transferred outside the United Republic of Tanzania, we ensure that:

The receiving country or organization provides an adequate level of data protection as determined by the PDPC.
Appropriate safeguards are in place, including standard contractual clauses, binding corporate rules, or other legally recognized transfer mechanisms.
Data processing agreements are executed with all international service providers that comply with the PDPA requirements.
You are informed of any cross-border transfer and the safeguards in place.

14. Data Breach Notification

In accordance with the PDPA, in the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

Notify the Personal Data Protection Commission (PDPC) within 72 hours of becoming aware of the breach.
Notify affected users without undue delay, providing details of the breach, its likely consequences, and the measures taken to address it.
Document all breaches, including their facts, effects, and remedial actions taken.

Due to our zero-knowledge architecture, a breach of our servers would not expose the plaintext contents of your documents, as we do not possess the encryption keys. However, account metadata (email addresses, IP logs) could potentially be affected.

15. Data Protection Impact Assessment

In compliance with the PDPA, we conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of data subjects. These assessments evaluate the necessity, proportionality, and risks of our data processing activities and identify appropriate mitigation measures.

16. Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on you. Any automated processing we perform (such as AI-assisted document categorization) operates on metadata and labels only, not on the encrypted contents of your documents.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance from the PDPC. We will notify you of material changes by email or through the Service at least 30 days before the changes take effect. The "Last Updated" date at the top of this policy indicates when it was last revised. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

18. Data Protection Officer

In compliance with the PDPA, we have designated a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and compliance. For any data protection inquiries, questions about this Privacy Policy, or to exercise your data rights, you may contact our DPO at:

Email: [email protected]
Subject line: "Data Protection Inquiry"

19. Regulatory Authority

The supervisory authority for data protection matters related to this Service is the Personal Data Protection Commission (PDPC) of the United Republic of Tanzania, established under Part III of the PDPA, 2023. If you believe your data protection rights have been violated and we have not adequately addressed your concern, you have the right to lodge a complaint with the PDPC.

20. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us at:

Email: [email protected]
Website: atlasdigitalvault.app

Sera ya Faragha

Atlas Digital Vault ("sisi", "yetu", au "wetu") imejitolea kulinda faragha yako na data yako binafsi. Sera hii ya Faragha inaeleza jinsi tunavyokusanya, kutumia, kusindika, kufichua, na kulinda taarifa zako binafsi unapotumia Huduma yetu. Sera hii imeandaliwa kwa mujibu wa Sheria ya Ulinzi wa Data Binafsi, 2023 (PDPA) ya Jamhuri ya Muungano wa Tanzania na inatekelezeka chini ya usimamizi wa Tume ya Ulinzi wa Data Binafsi (PDPC) ya Tanzania.

Kwa kupata au kutumia Huduma hii, unakubali kwamba umesoma, kuelewa, na kutoa idhini yako kwa mazoea ya data yaliyoelezwa katika Sera hii ya Faragha.

1. Mdhibiti wa Data

Atlas Digital Vault ndiye mdhibiti wa data anayehusika na usindikaji wa data yako binafsi chini ya PDPA. Kama mdhibiti wa data, tunaamua madhumuni na njia za kusindika data yako binafsi na tunawajibika kuhakikisha utiifu wa PDPA na maagizo yote yaliyotolewa na PDPC.

2. Ahadi Yetu ya Faragha

Atlas Digital Vault imejengwa juu ya usanifu wa usimbaji fiche wa maarifa-sifuri (zero-knowledge). Hii inamaanisha kwamba kimsingi hatuwezi kufikia yaliyomo katika nyaraka zako zilizosimbwa. Faragha yako si sera tu — inatekelezwa na usanifu wetu wa kiufundi. Yaliyomo katika nyaraka zako yanasimbwa kwenye kifaa chako kabla ya kufikia seva zetu, na hatuwahi kumiliki funguo za kuzifungua.

3. Taarifa Tunazokusanya

3.1 Taarifa Unazotoa Moja kwa Moja

Taarifa za Akaunti: Anwani ya barua pepe, jina kamili, na mapendeleo ya akaunti yanayotolewa wakati wa usajili.
Taarifa za Malipo: Maelezo ya malipo yanayosindikwa kupitia wasindikaji wetu wa malipo wa nje. Hatuhifadhi nambari kamili za kadi za mkopo, CVV, au sifa kamili za malipo kwenye seva zetu.
Mawasiliano ya Msaada: Taarifa unazotoa kwa hiari unapowasiliana na timu yetu ya msaada, ikiwa ni pamoja na mawasiliano ya barua pepe na viambatisho vyovyote unavyotuma.
Maoni na Tafiti: Taarifa unazotoa ukishiriki katika tafiti au kutoa maoni kuhusu Huduma.

3.2 Taarifa Tusizoweza Kufikia (Data ya Maarifa-Sifuri)

Yaliyomo ya Nyaraka: Nyaraka zote zinasimbwa kwenye kifaa chako kwa kutumia usimbaji fiche wa AES-256-GCM na nenosiri lako kuu kabla ya kupakia. Tunahifadhi maandishi yaliyosimbwa tu na hatuna uwezo wa kiufundi wa kuyafungua.
Nenosiri Kuu: Nenosiri lako kuu halijawahi kutumwa au kuhifadhiwa kwenye seva zetu kwa namna yoyote.
Funguo za Usimbaji: Funguo zako za usimbaji fiche zinaundwa ndani ya kifaa chako kwa kutumia PBKDF2-SHA256 na marudio 600,000 na hazishirikiwi nasi au kutumwa kupitia mtandao wowote.
Ufunguo wa Uokoaji: Ufunguo wako wa uokoaji unaundwa ndani ya kifaa na hauhifadhiwi kwenye seva zetu kwa maandishi wazi.

3.3 Taarifa Zinazokusanywa Kiotomatiki

Data ya Matumizi: Mifumo ya jumla ya matumizi kama vile mzunguko wa matumizi ya vipengele, muda wa kikao, na kumbukumbu za makosa zisizo na utambulisho. Data hii haijumuishi yaliyomo ya nyaraka yoyote.
Taarifa za Kifaa: Aina ya kifaa, mfumo wa uendeshaji, aina na toleo la kivinjari, azimio la skrini, na mapendeleo ya lugha.
Data ya Kumbukumbu: Anwani za IP, alama za muda za ufikiaji, metadata ya maombi ya API, misimbo ya hali ya HTTP, na URL za rufaa.
Data ya Utendaji: Nyakati za kupakia ukurasa, nyakati za majibu ya API, na ripoti za kuanguka ili kutusaidia kudumisha na kuboresha Huduma.

4. Msingi wa Kisheria wa Usindikaji (Utiifu wa PDPA)

Chini ya Kifungu cha 11 cha Sheria ya Ulinzi wa Data Binafsi ya Tanzania, 2023, tunasindika data yako binafsi kwa misingi ifuatayo ya kisheria:

Idhini (Kifungu cha 11(1)(a)): Unatoa idhini ya wazi na ya kuelimisha unapounda akaunti na kukubaliana na Sera hii ya Faragha. Unaweza kuondoa idhini yako wakati wowote kama ilivyoelezwa katika Kifungu cha 9 hapa chini.
Ulazima wa Mkataba (Kifungu cha 11(1)(b)): Usindikaji unaohitajika kutekeleza mkataba wa Huduma uliyojisajili, ikiwa ni pamoja na usimamizi wa akaunti, usindikaji wa malipo, na utoaji wa huduma.
Maslahi Halali (Kifungu cha 11(1)(f)): Usindikaji unaohitajika kwa maslahi yetu halali katika kuendesha, kulinda, na kuboresha Huduma, ikiwa ni pamoja na kuzuia ulaghai, ufuatiliaji wa usalama, na uchambuzi wa huduma, ukisawazishwa na haki na uhuru wako.
Wajibu wa Kisheria (Kifungu cha 11(1)(c)): Usindikaji unaohitajika kwa mujibu wa sheria, kanuni, amri za mahakama, au maombi halali kutoka kwa mamlaka za serikali ya Jamhuri ya Muungano wa Tanzania.

5. Jinsi Tunavyotumia Taarifa Zako

Tunatumia taarifa tunazokusanya kwa madhumuni yafuatayo:

Kutoa, kuendesha, kudumisha, na kuboresha Huduma.
Kusindika miamala na kutuma taarifa husika za malipo na ankara.
Kutuma arifa zinazohusiana na huduma, ikiwa ni pamoja na vikumbusho vya muda wa kumalizika, tahadhari za usalama, na arifa za akaunti.
Kujibu maombi yako ya msaada, maswali, na maoni.
Kufuatilia na kuchambua mienendo ya matumizi ili kuboresha uzoefu wa mtumiaji na utendaji wa Huduma.
Kugundua, kuchunguza, na kuzuia ulaghai, vitisho vya usalama, na matatizo ya kiufundi.
Kutii wajibu wa kisheria chini ya sheria za Tanzania na kujibu maombi halali ya serikali.
Kutekeleza Masharti yetu ya Huduma na sera nyingine.

6. Kushiriki na Ufichuzi wa Data

Hatuuzi, kukodisha, kubadilishana, au kuhamisha kibiashara taarifa zako binafsi kwa wahusika wengine. Tunaweza kushiriki taarifa tu katika hali zifuatazo zenye mipaka:

Watoa Huduma: Na watoa huduma wa nje wanaoaminika wanaotusaidia kuendesha Huduma (k.m., wasindikaji wa malipo, watoa huduma za kupangisha wingu, huduma za ufuatiliaji wa makosa), chini ya makubaliano makali ya usindikaji wa data yanayotii PDPA. Watoa huduma hawa wamebanwa kimkataba kusindika data yako tu kama tulivyoagiza na kudumisha hatua za usalama zinazofaa.
Mahitaji ya Kisheria: Inapohitajika na sheria, kanuni, mchakato wa kisheria, au amri ya lazima kutoka mahakama au mamlaka ya serikali ya Jamhuri ya Muungano wa Tanzania. Kutokana na usanifu wetu wa maarifa-sifuri, tunaweza kutoa data iliyosimbwa na metadata ya akaunti tu — hatuwezi kutoa yaliyomo ya maandishi wazi ya nyaraka zako.
Ulinzi wa Haki: Tunapoamini kwa nia njema kwamba ufichuzi ni muhimu kulinda haki zetu, usalama wako, au usalama wa wengine, kuchunguza ulaghai, au kujibu ombi la serikali.
Uhamisho wa Biashara: Kuhusiana na muunganiko, ununuzi, upangaji upya, au uuzaji wa mali, kwa arifa ya awali kwako na chini ya Sera hii ya Faragha kuendelea kutumika kwa data yako.
Kwa Idhini Yako: Unapoidhinisha kushiriki kwa wazi, kama vile kupitia kipengele cha Anwani za Kuaminika au Viungo vya Kushiriki. Unawajibika peke yako kwa data inayoshirikiwa kupitia vipengele hivi.

7. Uhifadhi wa Data na Eneo

Data yako iliyosimbwa inahifadhiwa kwenye seva salama. Tunaipa kipaumbele mamlaka ya data na utiifu wa mapendeleo ya uwekaji wa data ya Tanzania kama inavyoelekezwa na PDPC. Metadata ya akaunti inaweza kusindikwa katika vituo vya data salama inapohitajika kwa utoaji wa huduma, chini ya ulinzi unaofaa wa data kama inavyohitajika na PDPA.

8. Uhifadhi wa Data

Akaunti Zinazotumika: Tunahifadhi taarifa za akaunti yako na data iliyosimbwa kwa muda ambao akaunti yako inatumika na Huduma inatolewa kwako.
Akaunti Zilizofungwa: Baada ya kufunga au kufuta akaunti, tunahifadhi data yako kwa siku 30 kuruhusu uokoaji wa akaunti, baada ya hapo inafutwa kabisa na bila kurudi kutoka kwenye mifumo yetu inayotumika.
Mahitaji ya Kisheria: Tunaweza kuhifadhi metadata fulani ya akaunti kama inavyohitajika na sheria za Tanzania zinazotumika (ikiwa ni pamoja na mahitaji ya kuweka kumbukumbu za kodi na fedha) hata baada ya kufunga akaunti, kwa kipindi cha chini kinachohitajika na sheria.
Data ya Nakala Rudufu: Nakala rudufu zilizosimbwa zinaweza kubaki hadi siku 90 baada ya kufutwa kutoka kwenye mifumo inayotumika kabla ya kuondolewa kutoka kwenye mifumo yote ya nakala rudufu.
Data Isiyojulikana: Tunaweza kuhifadhi data isiyojulikana na iliyojumuishwa ambayo haiwezi kutumika kukutambulisha kwa madhumuni ya takwimu na uchambuzi kwa muda usio na kikomo.

9. Haki Zako Chini ya PDPA

Chini ya Sheria ya Ulinzi wa Data Binafsi, 2023 ya Jamhuri ya Muungano wa Tanzania, una haki zifuatazo, ambazo tumejitolea kuziheshimu:

Haki ya Ufikiaji (Kifungu cha 16): Unaweza kuomba ufikiaji wa data binafsi tunayohifadhi kuhusu wewe, ikiwa ni pamoja na taarifa kuhusu madhumuni ya usindikaji, makundi ya data, na wapokeaji wa data yako.
Haki ya Urekebishaji (Kifungu cha 17): Unaweza kuomba marekebisho au kusasisha data binafsi isiyosahihi au isiyo kamili.
Haki ya Kufutwa (Kifungu cha 18): Unaweza kuomba kufutwa kwa data yako binafsi, chini ya mahitaji ya kisheria ya uhifadhi na wajibu wetu wa kuhifadhi kumbukumbu fulani chini ya sheria za Tanzania.
Haki ya Uhamishaji wa Data (Kifungu cha 20): Unaweza kuomba nakala ya data yako binafsi katika muundo uliopangwa, unaotumika kawaida, na unaosomeka na mashine.
Haki ya Kuzuia Usindikaji (Kifungu cha 19): Unaweza kuomba tuzuie usindikaji wa data yako binafsi katika hali fulani.
Haki ya Kupinga (Kifungu cha 21): Unaweza kupinga usindikaji wa data yako binafsi kwa madhumuni fulani, ikiwa ni pamoja na masoko ya moja kwa moja.
Haki ya Kuondoa Idhini: Unaweza kuondoa idhini yako ya usindikaji wa data wakati wowote kwa kuwasiliana nasi. Kuondoa hakuathiri uhalali wa usindikaji uliotegemea idhini kabla ya kuondolewa kwake.
Haki ya Kuwasilisha Malalamiko: Una haki ya kuwasilisha malalamiko kwa Tume ya Ulinzi wa Data Binafsi (PDPC) ya Tanzania ikiwa unaamini haki zako za ulinzi wa data zimekiukwa.

Ili kutumia haki yoyote kati ya hizi, tafadhali wasiliana nasi kwa [email protected]. Tutajibu ombi lako ndani ya siku 30 kama inavyohitajika na PDPA.

10. Usalama wa Data

Tunatekeleza hatua za kina za usalama wa kiufundi na shirika ili kulinda taarifa zako, ikiwa ni pamoja na:

Usimbaji fiche wa AES-256-GCM kwa yaliyomo yote ya nyaraka (unafanywa upande wa mteja kabla ya kupakia).
PBKDF2-SHA256 na marudio 600,000 kwa uundaji wa funguo za usimbaji fiche.
Usimbaji fiche wa TLS 1.3 kwa data yote inayosafirishwa kati ya kifaa chako na seva zetu.
Uhashishaji wa bcrypt kwa sifa zote za uthibitishaji zilizohifadhiwa kwenye seva zetu.
Tathmini za mara kwa mara za usalama na uchunguzi wa udhaifu.
Udhibiti wa ufikiaji, ruhusa zinazotegemea jukumu, na ufuatiliaji wa miundombinu yetu.
Nakala rudufu za hifadhidata zilizosimbwa na mzunguko wa kiotomatiki na uhifadhi salama nje ya eneo.
Upunguzaji wa kiwango na mifumo ya kugundua uvamizi ili kuzuia ufikiaji usioruhusiwa.

Ingawa tunatekeleza hatua za usalama zinazoongoza katika tasnia, hakuna njia ya mawasiliano kupitia Mtandao au uhifadhi wa kielektroniki ambayo ni salama 100%. Hatuwezi kudhamini usalama kamili, na unakubali kwamba unatuma data kwa hatari yako mwenyewe.

11. Faragha ya Watoto

Huduma hii haikusudiwa watoto walio chini ya umri wa miaka 16. Hatukusanyi kwa makusudi taarifa binafsi kutoka kwa watoto chini ya miaka 16 bila idhini ya wazazi inayoweza kuthibitishwa. Watumiaji wenye umri kati ya miaka 16 na 18 wanaweza kutumia Huduma tu chini ya usimamizi wa mzazi au mlezi wa kisheria ambaye amekubali Masharti yetu ya Huduma. Ikiwa tutafahamu kwamba tumekusanya taarifa binafsi kutoka kwa mtoto chini ya miaka 16 bila idhini ifaayo, tutachukua hatua za haraka kufuta taarifa hiyo. Ikiwa unaamini mtoto chini ya miaka 16 ametupa data binafsi, tafadhali wasiliana nasi kwa [email protected].

12. Vidakuzi na Teknolojia za Ufuatiliaji

Tunatumia vidakuzi vichache, muhimu na teknolojia zinazofanana kwa ajili ya tu:

Uthibitishaji: Vidakuzi vya kikao ili kukuweka umeingia kwa usalama kwenye akaunti yako.
Usalama: Vidakuzi vya kuzuia mashambulizi ya kughushi maombi ya tovuti nyingine (CSRF) na mashambulizi mengine ya usalama.
Mapendeleo: Vidakuzi vya kukumbuka mipangilio yako, mandhari, na mapendeleo ya lugha.

Hatutumii vidakuzi vya matangazo ya wahusika wengine, pikseli za ufuatiliaji, au vifuatiliaji vya uchambuzi wa tabia. Hatushiriki data ya kuvinjari na watangazaji au madalali wa data. Hatushiriki katika ufuatiliaji wa tovuti tofauti au uchambuzi wa wasifu.

13. Uhamisho wa Data Kimataifa

Kwa mujibu wa Sehemu ya VI ya PDPA, data binafsi inapohamishwa nje ya Jamhuri ya Muungano wa Tanzania, tunahakikisha kwamba:

Nchi au shirika linaloipokea linatoa kiwango cha kutosha cha ulinzi wa data kama inavyoamuliwa na PDPC.
Ulinzi unaofaa upo, ikiwa ni pamoja na vifungu vya mkataba wa kawaida, sheria za ushirika zenye nguvu, au taratibu nyingine za uhamisho zinazotambuliwa kisheria.
Makubaliano ya usindikaji wa data yanatekelezwa na watoa huduma wote wa kimataifa ambao wanatii mahitaji ya PDPA.
Unafahamishwa kuhusu uhamisho wowote wa kimataifa na ulinzi uliopo.

14. Arifa ya Ukiukaji wa Data

Kwa mujibu wa PDPA, ikitokea ukiukaji wa data binafsi ambao una uwezekano wa kusababisha hatari kwa haki na uhuru wako, tutafanya yafuatayo:

Kuarifu Tume ya Ulinzi wa Data Binafsi (PDPC) ndani ya masaa 72 baada ya kufahamu ukiukaji.
Kuarifu watumiaji walioathirika bila kuchelewa kupita kiasi, kwa kutoa maelezo ya ukiukaji, matokeo yake yanayoweza kutokea, na hatua zilizochukuliwa kuushughulikia.
Kuandika kumbukumbu za ukiukaji wote, ikiwa ni pamoja na ukweli wake, athari zake, na hatua za kurekebisha zilizochukuliwa.

Kutokana na usanifu wetu wa maarifa-sifuri, ukiukaji wa seva zetu haungeifichua yaliyomo ya maandishi wazi ya nyaraka zako, kwa kuwa hatumiliki funguo za usimbaji fiche. Hata hivyo, metadata ya akaunti (anwani za barua pepe, kumbukumbu za IP) inaweza kuathirika.

15. Tathmini ya Athari za Ulinzi wa Data

Kwa kufuata PDPA, tunafanya Tathmini za Athari za Ulinzi wa Data (DPIA) kwa shughuli za usindikaji ambazo zina uwezekano wa kusababisha hatari kubwa kwa haki na uhuru wa wahusika wa data. Tathmini hizi zinatathmini ulazima, uwiano, na hatari za shughuli zetu za usindikaji wa data na kutambua hatua zinazofaa za kupunguza hatari.

16. Maamuzi ya Kiotomatiki

Hatushiriki katika maamuzi ya kiotomatiki au uchambuzi wa wasifu unaozalisha athari za kisheria au athari zinazofanana kwa kiasi kikubwa kwako. Usindikaji wowote wa kiotomatiki tunaofanya (kama vile uainishaji wa nyaraka kwa msaada wa AI) unafanya kazi kwenye metadata na lebo tu, si kwenye yaliyomo yaliyosimbwa ya nyaraka zako.

17. Mabadiliko ya Sera Hii

Tunaweza kusasisha Sera hii ya Faragha mara kwa mara ili kuonyesha mabadiliko katika mazoea yetu, teknolojia, mahitaji ya kisheria, au mwongozo wa udhibiti kutoka PDPC. Tutakuarifu kuhusu mabadiliko makubwa kwa barua pepe au kupitia Huduma angalau siku 30 kabla ya mabadiliko kuanza kutumika. Tarehe ya "Ilisasishwa Mwisho" juu ya sera hii inaonyesha ilipobadilishwa mwisho. Kuendelea kwako kutumia Huduma baada ya tarehe ya kuanza kutumika kunachukuliwa kuwa kukubali sera iliyosasishwa.

18. Afisa wa Ulinzi wa Data

Kwa kufuata PDPA, tumeteua Afisa wa Ulinzi wa Data (DPO) anayehusika na kusimamia mkakati wetu wa ulinzi wa data na utiifu. Kwa maswali yoyote ya ulinzi wa data, maswali kuhusu Sera hii ya Faragha, au kutumia haki zako za data, unaweza kuwasiliana na DPO wetu kwa:

Barua pepe: [email protected]
Mstari wa somo: "Ombi la Ulinzi wa Data"

19. Mamlaka ya Udhibiti

Mamlaka ya usimamizi kwa masuala ya ulinzi wa data yanayohusiana na Huduma hii ni Tume ya Ulinzi wa Data Binafsi (PDPC) ya Jamhuri ya Muungano wa Tanzania, iliyoanzishwa chini ya Sehemu ya III ya PDPA, 2023. Ikiwa unaamini haki zako za ulinzi wa data zimekiukwa na hatujashughulikia wasiwasi wako ipasavyo, una haki ya kuwasilisha malalamiko kwa PDPC.

20. Wasiliana Nasi

Ikiwa una maswali yoyote kuhusu Sera hii ya Faragha, mazoea yetu ya data, au unataka kutumia haki zako za ulinzi wa data, tafadhali wasiliana nasi kwa:

Barua pepe: [email protected]
Tovuti: atlasdigitalvault.app