Privacy Policy

Protecting Your Business Data Across East Africa

At MaltPOS, we believe privacy is fundamental to trust. This policy explains how we collect, use, and protect your business data across Uganda, Kenya, Tanzania, and Rwanda.

GDPR Principles Data Encryption Local Compliance
Your Data Journey

Encrypted from collection to storage

Collection Encryption Processing Storage Your Control
Questions?

What Data We Collect

Data Category Examples Purpose Retention Period
Business Information Business name, address, tax ID, registration details Account creation, invoicing, compliance 7 years after account closure
Sales Data Transactions, products sold, prices, customer purchases Business analytics, reporting, inventory management 7 years (financial records)
Customer Data Customer names, phone numbers, purchase history CRM, marketing (with consent), service improvement Until deletion request
Inventory Data Product details, stock levels, supplier information Inventory management, reorder alerts Until account closure
Employee Data Employee names, roles, sales performance Staff management, performance tracking Until employment ends + 1 year
Technical Data IP addresses, device information, usage logs Security, troubleshooting, service improvement 90 days

Note: You control your business data. You can export or delete your data at any time through your account settings or by contacting our support team.

Table of Contents

MP
MaltPOS

East Africa's Leading POS Solution

Privacy Policy Version

3.1

Transparency Commitment: At MaltPOS, we believe in being transparent about how we handle your business data. This Privacy Policy explains our practices in clear language. We never sell your business data to third parties.

Overview

Our Privacy Promise

MaltPOS is committed to protecting the privacy and security of your business data. As a company serving businesses across East Africa since 2017, we understand the importance of trust in business relationships.

This Privacy Policy applies to all MaltPOS services, including our web platform, mobile applications, and any related services (collectively, the "Services") used by businesses in Uganda, Kenya, Tanzania, and Rwanda.

Data Protection

Enterprise-grade security

Your Control

You own your business data

Local Compliance

Meeting regional regulations

Data We Collect

We collect different types of data to provide and improve our Services. All data collection is guided by the principles of minimization, purpose limitation, and transparency.

Business Data You Provide

  • Business registration details and tax information
  • Sales transactions and inventory data
  • Customer information (with consent)
  • Employee and user account information

Data We Collect Automatically

  • Usage data and feature interactions
  • Security logs and access information
  • Device and browser information
  • Performance and error data

Payment Data Note

MaltPOS does not store complete payment card information. Payment processing is handled by certified payment providers in each country (M-Pesa, Airtel Money, bank integrations). We only store transaction references and status information.

How We Use Data

We use your data only for specific, legitimate purposes. Here's how we use different types of data:

To Provide Our Services

Processing sales, managing inventory, generating reports, and providing customer support specific to East African business needs.

To Improve Our Services

Analyzing usage patterns to enhance features, fix bugs, and develop new functionality tailored for East African markets.

To Ensure Security

Monitoring for fraudulent activity, protecting against security threats, and maintaining system integrity across our regional infrastructure.

To Communicate With You

Sending service updates, security alerts, and (with your consent) marketing communications about new features relevant to your business.

Legal Basis for Processing

We process your data based on one or more of the following legal grounds:

Contractual Necessity

Processing required to provide the Services you requested

Legitimate Interests

Improving our Services and ensuring security

Legal Compliance

Meeting tax and regulatory requirements in East Africa

Consent

For marketing communications and optional features

Data Sharing

We do not sell your business data. We only share data in limited circumstances:

With Your Consent

We may share data with third parties when you explicitly authorize it, such as integrating with accounting software or other business tools.

Service Providers

We engage trusted partners in East Africa to help operate our Services (hosting, payment processing, customer support). All providers are contractually bound to protect your data.

Legal Requirements

We may disclose data if required by law in Uganda, Kenya, Tanzania, or Rwanda, or to protect the rights, property, or safety of MaltPOS, our users, or the public.

Business Transfers

In connection with a merger, acquisition, or sale of assets, your data may be transferred. We will notify you and ensure the recipient respects this Privacy Policy.

What We Never Do

  • We never sell your business data to third parties
  • We never use your customer data for our own marketing without consent
  • We never share data with advertisers for targeting
  • We never transfer data outside East Africa without encryption

Data Security

We implement robust security measures to protect your data across our East African operations:

Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Payment data receives additional encryption layers.

Access Controls

Role-based access controls, multi-factor authentication, and regular access reviews for our team.

Monitoring

24/7 security monitoring, intrusion detection, and regular security assessments by local experts.

Backups

Daily encrypted backups with geo-redundancy across multiple locations in East Africa.

Security Training

All MaltPOS employees receive regular security and privacy training. Our teams in Uganda, Kenya, Tanzania, and Rwanda understand local data protection requirements and best practices.

Your Security Responsibilities

While we secure our systems, you also play a crucial role:

  • Use strong, unique passwords for your MaltPOS account
  • Enable two-factor authentication when available
  • Regularly update your device software and antivirus
  • Train your staff on secure password practices
  • Log out from shared devices

Your Rights

You have important rights regarding your data. We provide easy ways to exercise these rights:

Access & Portability

You can access your data anytime through your account or request an export in common formats.

Correction

You can update inaccurate data directly in your account or request corrections.

Deletion

You can delete specific data or request account deletion, subject to legal retention requirements.

Object & Restrict

You can object to certain processing or request restriction of your data processing.

How to Exercise Your Rights

To exercise any of these rights, you can:

  1. Use the privacy controls in your MaltPOS account dashboard
  2. Email our Data Protection Officer at privacy@maltpos.com
  3. Contact our local support teams in your country
  4. Submit a request through our online portal

We respond to all legitimate requests within 30 days, as required by applicable East African data protection laws.

Regional Compliance

MaltPOS operates across four East African countries. We comply with relevant data protection laws in each jurisdiction:

Uganda Flag

Uganda

Compliant with the Data Protection and Privacy Act, 2019. Our Kampala office serves as our regional headquarters and primary data processing location.

Kenya Flag

Kenya

Compliant with the Data Protection Act, 2019. We've registered with the Office of the Data Protection Commissioner and maintain local data processing in Nairobi.

Tanzania Flag

Tanzania

Following the principles of the Personal Data Protection Bill and industry best practices. Our Dar es Salaam office handles local customer data.

Rwanda Flag

Rwanda

Compliant with the Law Relating to the Protection of Personal Data and Privacy. Our Kigali office ensures local compliance and data processing.

Data Localization

We prioritize keeping your business data within East Africa. Primary data storage and processing occur in our regional data centers in Uganda and Kenya, with backups replicated across the region. Any international data transfers (for specific services like email delivery) use approved transfer mechanisms and strong encryption.

Cookies & Tracking

We use cookies and similar technologies to provide, secure, and improve our Services:

Essential Cookies

Required for the Services to function. Cannot be disabled.

Examples: Session management, security, load balancing

Analytics Cookies

Help us understand how our Services are used so we can improve them.

Examples: Feature usage, error tracking, performance monitoring

Marketing Cookies

Used to show relevant content and measure campaign effectiveness.

Examples: Campaign tracking, website referrals

Managing Cookies

You can control cookies through:

  • Your browser settings (all browsers allow cookie management)
  • Our cookie consent banner when you first visit our website
  • Your MaltPOS account privacy settings
  • Industry opt-out tools like the Digital Advertising Alliance

Note: Disabling certain cookies may affect Service functionality.

Children's Privacy

Our Services Are for Businesses

MaltPOS Services are designed for business use by adults. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us immediately at privacy@maltpos.com and we will take steps to delete such information.

If you are a school or educational institution using MaltPOS, you are responsible for obtaining any necessary parental consent for student data and complying with applicable child protection laws in your country.

Policy Changes

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements.

Notification of Changes

We will notify you of material changes by:

  • Email notification to the address associated with your account
  • In-app notifications within the MaltPOS platform
  • Updating the "Last Updated" date at the top of this policy
  • Posting a notice on our website for significant changes

Your Continued Use

Your continued use of MaltPOS Services after we make changes constitutes acceptance of those changes. If you do not agree to the updated policy, you may discontinue using our Services.

Policy Archive

We maintain an archive of previous versions of this Privacy Policy. You can request previous versions by contacting privacy@maltpos.com.

Contact Us

Data Protection Officer

MaltPOS Data Protection Officer

Email: dpo@maltpos.com

Phone: +256 414 123 456 (Ext. 2)

Address: Plot 24, Acacia Avenue, Kampala, Uganda

Our Data Protection Officer oversees MaltPOS's privacy program and ensures compliance with data protection laws across East Africa.

Regional Privacy Contacts

Kenya

privacy-ke@maltpos.com

Tanzania

privacy-tz@maltpos.com

Rwanda

privacy-rw@maltpos.com

Complaints

If you have concerns about how we handle your data, please contact our DPO first. If unsatisfied, you may lodge a complaint with the data protection authority in your country.

Uganda: Personal Data Protection Office
Kenya: Office of the Data Protection Commissioner
Tanzania: Fair Competition Commission
Rwanda: Rwanda Utility Regulatory Authority

Response Time

We aim to respond to all privacy inquiries within 7 business days. For complex requests, we will acknowledge receipt within 48 hours and provide a timeline for full response.

Your Privacy Matters

At MaltPOS, we're committed to protecting your business data as we help you grow across East Africa. Trust is the foundation of our relationships with thousands of businesses.

Contact Privacy Team View Terms of Service
Back to Top