kasri.app
Last updated 11 June 2026

Privacy Policy

How Kasri collects, uses, and protects your personal data in compliance with GDPR and Tanzania's data protection regime.

1. Who We Are

Kasri is operated by Mnemba Technologies Ltd, a company registered in the United Republic of Tanzania. We provide a multi-tenant SaaS platform for Tanzanian housing associations under the Unit Titles Act No. 16 of 2008. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the Kasri platform or visit kasri.app.

2. Data Controller & Data Processor

Kasri acts as a data processor for personal data submitted by or on behalf of your housing association. Your association (the body corporate) is the data controller and is responsible for determining the purposes and means of processing. Where we collect data directly from visitors to our marketing website, we act as a data controller. Our Data Processing Agreement is available on request.

3. What Data We Collect

We collect: (a) Account data — name, email address, phone number, role, and association details provided during registration. (b) Usage data — pages visited, features used, timestamps, IP address, browser type, and device information. (c) Financial data — payment records, levy contributions, and transaction history necessary for treasury operations. (d) Communication data — emails, support tickets, and demo booking information. (e) Content data — documents, minutes, resolutions, and other files you upload to the platform.

4. How We Collect Data

We collect data: (a) directly when you register, fill forms, upload documents, or contact us; (b) automatically through cookies and similar technologies when you browse our website or use the platform; (c) from third-party payment processors and identity verification services when required for treasury operations.

5. Legal Basis for Processing (GDPR Art. 6)

We process personal data on the following legal bases: (a) Consent — where you have given clear consent (e.g., marketing communications). (b) Contract — processing necessary for the performance of our service agreement with your association. (c) Legal obligation — where we must comply with Tanzanian law, including the Unit Titles Act and the Data Protection Act. (d) Legitimate interests — for security monitoring, fraud prevention, and service improvement, balanced against your rights and freedoms.

6. How We Use Your Data

We use your data to: (a) provide, maintain, and improve the Kasri platform; (b) process transactions and manage levy collections; (c) send service notifications, updates, and security alerts; (d) comply with legal and regulatory obligations; (e) detect and prevent fraud or abuse; (f) communicate with you about support requests or service changes. We do not sell your personal data to third parties.

7. Data Sharing & Sub-processors

We may share your data with: (a) service providers who process data on our behalf (cloud infrastructure, payment processing, email delivery) under contractual data processing agreements; (b) your housing association administrators as needed for platform operations; (c) regulatory authorities where required by Tanzanian law. We maintain an up-to-date list of sub-processors available on request.

8. International Data Transfers

Your data may be processed in data centres located outside Tanzania. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses as approved by relevant data protection authorities, to maintain an equivalent level of data protection.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. After account termination, data is retained for a grace period of 90 days then anonymised or deleted, unless legal retention obligations require longer storage. Financial transaction records may be retained for up to 10 years as required by Tanzanian financial regulations.

10. Your Rights (GDPR Art. 15–21)

You have the right to: (a) access your personal data (Art. 15); (b) rectify inaccurate data (Art. 16); (c) request erasure of your data (Art. 17), subject to legal retention obligations; (d) restrict processing (Art. 18); (e) data portability (Art. 20); (f) object to processing (Art. 21). To exercise these rights, contact your association administrator or email [email protected]. We fulfil all data subject requests within 30 days.

11. Cookies & Tracking

We use essential cookies to operate the platform and optional analytics cookies to understand usage patterns. You can control cookie preferences through your browser settings. Third-party services we use may set their own cookies. Detailed cookie information is available in our Cookie Notice, which can be requested from [email protected].

12. Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption in transit and at rest, role-based access controls, multi-factor authentication for high-risk actions, and immutable audit logging. Detailed security information is available on our Security & Compliance page.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal obligations. Material changes will be notified via email or through the Service at least 30 days in advance. We encourage you to review this policy periodically.

14. Contact & Complaints

For privacy-related inquiries, data subject requests, or complaints, contact our Data Protection Officer at [email protected] or write to Mnemba Technologies Ltd, Dar es Salaam, Tanzania. If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in Tanzania.

Have a privacy concern?

Contact our Data Protection Officer. We process all data subject requests within 30 days.

Email [email protected]