Privacy Policy
Last updated: June 2026
KaziPeople is an HR platform that helps organizations manage their people. This policy explains what personal data we handle, how we use it, and the rights available to you.
1. Introduction & Scope
This Privacy Policy describes how KaziPeople ("we", "us") collects, uses, and protects personal data when you use our platform, websites, and related services. It applies to account holders, administrators, and the employees whose data is managed in a KaziPeople workspace.
2. Our Role: Controller and Processor
For data about account holders and administrators (e.g. sign-up, billing, and usage data), KaziPeople acts as the data controller. For employee/HR data that a customer uploads about its workforce, the customer (the employer) is the controller and KaziPeople acts as a processor, handling that data only on the customer's instructions to provide the Service. If you are an employee, please direct privacy requests to your employer in the first instance.
3. Information We Collect
- Account data — name, work email, company name, role, and billing details of administrators.
- Employee & HR data — records customers add about their people: names, contact details, job titles, departments, leave requests and balances, documents, and related HR information.
- Usage & device data — log data, IP address, browser/device type, and how the Service is used, for security and improvement.
- Cookies — essential cookies to keep you signed in and remember preferences (see Section 10).
4. How We Use Information
- To provide, operate, and support the Service;
- To authenticate users and keep accounts secure;
- To process billing for paid plans;
- To communicate with you about your account, updates, and support;
- To monitor, maintain, and improve the Service;
- To comply with legal obligations and enforce our terms.
5. Legal Bases for Processing
Where applicable data-protection law requires a legal basis, we rely on: performance of our contract with you; our legitimate interests in operating and securing the Service; your consent (where requested); and compliance with legal obligations. We process personal data in line with the Tanzania Personal Data Protection Act, 2022, and other applicable laws, including the GDPR where it applies.
6. How We Share Information
We do not sell personal data. We share it only:
- With sub-processors who help us run the Service (e.g. cloud hosting, email delivery), under contracts that require appropriate safeguards;
- Within your own organization's workspace, according to the roles and permissions you configure;
- Where required by law, regulation, or valid legal process, or to protect rights and safety.
7. Data Retention
We retain account data for as long as your account is active and as needed to provide the Service. Employee data is retained according to the customer's instructions. After an account is terminated, we make data available for export for a reasonable period and then delete or anonymize it, unless we are required to keep it for legal or compliance reasons.
8. Security
We use technical and organizational measures designed to protect personal data, including encryption in transit, access controls, role-based permissions, and tenant isolation. No method of transmission or storage is perfectly secure, but we work to protect your information and to respond promptly to any incident.
9. International Data Transfers
Your data may be processed in locations where we or our sub-processors operate. Where data is transferred across borders, we take steps to ensure an appropriate level of protection consistent with applicable law.
10. Your Rights & Cookies
Depending on your location, you may have rights to access, correct, delete, or port your personal data, and to object to or restrict certain processing. Account holders can exercise these by contacting us; employees should contact their employer (the controller of their HR data), who can act within the platform on their behalf. We use only essential and preference cookies needed to operate the Service and remember settings such as your theme and language. We do not use them for third-party advertising.
11. Children's Privacy
The Service is intended for use by organizations and their workforce and is not directed at children under 18. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (for example, by email or in-app). The "Last updated" date above reflects the latest revision.
Contact Us
For privacy questions or to exercise your rights, contact our privacy team at [email protected].
See also our Terms of Service.