ZafTech Solutions

Legal

Privacy Policy

This policy describes how ZafTech Solutions collects, uses, stores, and shares personal data across our website and products. It is written to comply with the EU GDPR, the California CCPA, and Ethiopian data-protection rules.

Effective
2026-04-24
Last updated
2026-04-24

Who we are

ZafTech Solutions ("ZafTech", "we") is the data controller for personal data collected via zaftech.co and our SaaS products (Convia, Mizan, RMS, Anchor, Talos, and any future products we launch).

Contact for privacy matters: contact@zaftech.co (subject line: "Privacy").

Data we collect

We collect the following categories of data:

  • Account data: name, email address, password (stored as a hashed value), profile details you provide.
  • Billing data: handled by our payment processor Paddle. We do not store full card numbers. Paddle provides us with the country of residence, last four digits, invoice amount, and tax status.
  • Usage data: pages visited, features used, device and browser type, IP address (truncated where feasible), timestamps, referral sources.
  • Product content: data you submit to the product you are using (for example, form responses in Convia, meals logged in Mizan, orders in RMS).
  • Communications: emails, support tickets, and chat messages you send us.
  • Cookies and similar technologies: see our Cookie Policy.

How we use it

  • Provide, operate, and maintain the services you use.
  • Process payments and manage subscriptions (via Paddle).
  • Send service communications: account notices, receipts, security alerts, policy updates.
  • Send product updates and occasional marketing (only if you opted in; unsubscribe any time).
  • Improve our products through aggregated analytics and bug investigation.
  • Prevent fraud, abuse, and breaches of our Terms or Acceptable Use Policy.
  • Comply with legal, tax, and regulatory obligations.

We do not sell your personal data. We do not use your product content to train general-purpose machine-learning models.

If you are in the EU or UK, our legal basis for processing your data is one of:

  • Contract: to deliver the service you subscribed to.
  • Legitimate interest: to secure our services, analyse usage in aggregate, and prevent fraud, balanced against your rights.
  • Consent: for marketing emails, non-essential cookies, and any special-category data. You can withdraw consent at any time.
  • Legal obligation: to meet tax, accounting, and law-enforcement requirements.

Who we share with

We share data with a limited set of processors and partners:

Recipient Purpose Location
Paddle.com Market Limited Merchant of Record: payments, invoicing, tax UK / EEA
Amazon Web Services, Google Cloud, Microsoft Azure Hosting, storage, compute for products EU, US regions
Resend / transactional email provider Account emails, receipts, password resets US
Plausible or PostHog Privacy-respecting product analytics EU / US
Support tooling (email, issue tracker) Responding to your requests EU / US

Each processor is bound by a Data Processing Agreement and may only use your data to deliver services to us. We will never sell your data to third parties. We may disclose data where required by law, court order, or to protect our rights or the safety of our users.

International transfers

Because ZafTech is based in Ethiopia and our infrastructure providers operate globally, your data may be transferred to and processed in countries other than the one you live in. When we transfer personal data of EU/UK users outside the EEA, we rely on Standard Contractual Clauses (SCCs) or equivalent safeguards approved under GDPR.

Retention

  • Account data: while your account is active and for up to 12 months after closure, unless a longer period is required by law.
  • Billing records: up to 7 years, as required by tax and accounting law.
  • Product content: deleted or anonymised within 90 days of account closure unless you export it first.
  • Support tickets: 24 months.
  • Analytics: stored in aggregated, non-identifiable form.

Your rights

Depending on where you live, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Erase your data (subject to legal retention requirements).
  • Restrict or object to certain processing.
  • Port your data to another service in a machine-readable format.
  • Withdraw consent where we process your data on that basis.
  • Lodge a complaint with your local data-protection authority.

To exercise any of these rights, email contact@zaftech.co. We respond within 30 days. We may need to verify your identity before fulfilling the request.

Children

Our services are not directed at people under 18. We do not knowingly collect personal data from children. If you believe a child has given us personal data, contact us and we will delete it.

Security

We protect your data using industry-standard measures: TLS in transit, encryption at rest, role-based access control, audit logging, and routine security reviews. Passwords are stored using strong one-way hashing.

No system is 100% secure. If we become aware of a personal-data breach that is likely to affect your rights, we will notify you and, where required, the relevant authority within 72 hours.

Cookies

We use cookies and similar technologies for session management, analytics, and preferences. See our Cookie Policy for the full list and how to opt out.

Per-product notes

Additional data specifics by product:

Convia (form builder)

Collects form responses submitted by your respondents. You are the controller of respondent data; ZafTech is the processor. You must obtain any consents required by law before using Convia to collect responses.

Mizan (nutrition & fitness)

Collects meal logs, workout logs, body measurements, and (optionally) photos you attach. This may include health-related data, which we treat as sensitive under GDPR. Processing is based on your explicit consent; you can revoke it and export or delete your data from your profile.

RMS (restaurant management)

Collects menu, inventory, staff roster, and order data for your restaurant. You are the controller of customer data processed through RMS; ZafTech is the processor.

Anchor (AI integration)

Processes documents and queries you submit to build retrieval-augmented generation pipelines. Your corpus is not used to train general AI models.

Talos (authentication & sandbox execution)

Collects authentication events, including IP addresses and device fingerprints, for security. Executed code runs in ephemeral sandboxes and is not retained after the session ends unless you save it to your account.

Changes

We may update this Privacy Policy. We will notify you of material changes by email and by posting a notice on the site. The "Last updated" date at the top always reflects the latest version.

Contact & DPO

Privacy questions and requests: contact@zaftech.co (please put "Privacy" in the subject).

Postal address: ZafTech Solutions, Addis Ababa, Ethiopia.