Privacy Policy

1. Introduction

This Privacy Policy explains how Makuruwan Technologies (Private) Limited (“Makuruwan,” “we,” “us,” or “our”) collects, uses, stores, shares, transfers, and protects personal information in connection with our website, platform, modules, portals, communications, and related services (collectively, the “Services”).

This Privacy Policy applies to visitors, prospects, customers, resellers, tenant users, client users, support contacts, billing contacts, administrators, and other individuals whose personal information is processed in connection with the Services.

By accessing or using the Services, or by otherwise providing personal information to us, you acknowledge the practices described in this Privacy Policy, subject to any mandatory legal rights that may apply to you.

2. Who we are

The provider of the Services is Makuruwan Technologies (Private) Limited.

General compliance contact: compliance@makuruwan.com

Data Protection Officer: Macmillan Murisa

For privacy-related questions, requests, or complaints, please contact us at compliance@makuruwan.com.

3. Categories of personal information we may collect

Depending on how you interact with Makuruwan, we may collect or receive the following categories of personal information:

• Identity and profile information, such as your name, display name, username, title, employer, organization name, reseller name, or client business name.
• Contact information, such as email address, phone number, billing contact details, support contact details, and business correspondence details.
• Account and authentication information, such as login identifiers, password hashes, role assignments, account status, password-reset history, authentication events, forced password change flags, and security-related account metadata.
• Plan, subscription, and billing information, such as chosen plan, subscription period, billing cycle, invoice data, transaction references, payment status, renewal status, expiry reminders, and related commercial records.
• Technical and usage information, such as IP address, browser type, operating system, device identifiers, log data, session timestamps, request metadata, user-agent details, usage analytics, audit history, and system events.
• Communications and support data, such as inquiries, support requests, feedback, sales messages, service tickets, complaint history, and related correspondence.
• Customer-controlled service data, meaning personal information contained in records, contacts, conversations, client profiles, lead data, CRM data, chatbot interactions, domain contact records, hosting account data, or other materials submitted to the Services by customers or their users.
• Compliance and verification data, such as records required to confirm ownership, billing authorization, abuse reports, domain-related verification information, account recovery details, and investigation records.

4. How we collect personal information

We may collect personal information:

• directly from you when you fill in forms, request a demo, sign up, select a plan, contact us, or use the Services;
• from your organization, administrator, reseller, or employer where they provision or authorize your account;
• automatically through use of our website, apps, APIs, logs, authentication systems, and platform infrastructure;
• from payment processors, hosting providers, registrars, messaging providers, analytics services, or integration partners;
• through cookies or similar technologies where deployed; and
• from other lawful sources, including referrals, onboarding materials, support interactions, and commercially relevant service providers.

5. How we use personal information

We may use personal information for one or more of the following purposes:

• to provide, operate, administer, and improve the Services;
• to create, provision, manage, secure, and support accounts;
• to process orders, subscriptions, renewals, and payments;
• to send service notices, billing notices, expiry reminders, account alerts, and transactional communications;
• to provide onboarding, implementation, configuration, and support services;
• to protect the security, integrity, availability, and lawful use of the Services;
• to investigate fraud, abuse, misuse, security incidents, suspicious activity, or policy violations;
• to enforce our Terms of Use, Acceptable Use Policy, billing rules, and other legal rights;
• to comply with legal, regulatory, tax, accounting, audit, or reporting obligations;
• to communicate with prospective or existing customers regarding services, renewals, support, upgrades, and relevant business matters;
• to maintain logs, records, backups, and internal operational history; and
• to develop, test, improve, and optimize current and future modules or platform capabilities.

6. Legal bases for processing

Where applicable law requires a legal basis for processing, we may rely on one or more of the following:

• performance of a contract or steps taken before a contract;
• compliance with legal obligations;
• our legitimate interests in operating, protecting, improving, and commercializing the Services;
• consent, where consent is required by law; and
• other lawful grounds recognized under applicable data protection law.

Because privacy laws differ across jurisdictions, the exact legal basis may vary depending on where you are located, the module being used, and the role in which we process data.

7. When Makuruwan acts as platform provider and when customers control data

In some contexts, Makuruwan determines the purposes and means of processing personal information, for example where we manage our own website, sales inquiries, platform accounts, subscription administration, compliance, billing, support, and core operational security.

In other contexts, customers, resellers, tenant administrators, or client operators may control the data they place into the Services, including customer relationship records, chatbot logic, lead data, domain instructions, or hosted content. In those cases, the relevant customer or reseller may be the party primarily responsible for notices, permissions, instructions, and lawful handling of that data.

You are responsible for determining whether you need additional agreements, notices, consent mechanisms, or data protection terms for your own use of the Services.

8. How we share personal information

We may share personal information with:

• employees, contractors, and authorized personnel who need the information to operate or support the Services;
• payment processors, billing tools, financial service providers, and transaction service vendors;
• hosting providers, infrastructure providers, cloud vendors, backup vendors, logging providers, monitoring vendors, and operational service providers;
• domain registrars, registry-linked service providers, DNS vendors, or verification providers where domain services are involved;
• messaging, integration, automation, chatbot, API, or communications platform providers where relevant;
• legal, accounting, compliance, audit, insurance, or other professional advisers;
• authorities, regulators, law enforcement, courts, or dispute bodies where required by law or where reasonably necessary to protect rights or investigate misconduct;
• a buyer, investor, lender, merger counterparty, or successor entity in connection with a financing, restructuring, sale, acquisition, or business reorganization; and
• other parties where you instruct us to do so or where sharing is otherwise lawfully justified.

We do not state that we “sell” personal information in the ordinary commercial sense unless we explicitly say so in an updated notice or are legally required to characterize a data practice that way.

9. Data retention

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to provide the Services, maintain business records, comply with legal obligations, enforce agreements, investigate incidents, support legitimate commercial operations, and resolve disputes.

Retention periods may vary depending on:

• the nature of the information,
• the module or service involved,
• whether the information is tied to billing or audit needs,
• security, fraud, or abuse investigation requirements,
• backup and recovery practices, and
• mandatory legal or regulatory retention rules.

In some cases, deletion may be delayed where records remain necessary for compliance, operational continuity, legal defense, accounting, backup cycles, or legitimate internal archival purposes.

10. Security

We use reasonable administrative, technical, and organizational measures intended to protect personal information against unauthorized access, misuse, disclosure, alteration, or destruction.

These measures may include authentication controls, role-based access controls, logging, password protection, configuration controls, hosting protections, environment separation, operational monitoring, and incident review procedures.

No system is completely secure, no infrastructure is perfectly invincible, and the internet occasionally behaves like it woke up with attitude. For that reason, we cannot guarantee absolute security.

You are also responsible for using the Services securely, including protecting credentials, controlling your internal user access, and using appropriate security practices within your own organization.

11. International transfers and cross-border processing

Personal information may be processed, hosted, backed up, or accessed in countries other than the country in which the data was originally collected.

Where cross-border transfers occur, we may rely on contractual, operational, technical, or legal safeguards that are reasonably appropriate under the circumstances and applicable law.

Because some modules may depend on international providers, third-party platforms, domain registries, or cloud infrastructure, cross-border processing may be inherent to the operation of the Services.

12. Your privacy rights

Depending on the law that applies to you, you may have rights to request access to personal information, correction of inaccurate information, deletion of certain information, restriction of processing, objection to processing, portability of certain information, or withdrawal of consent where consent is the legal basis.

These rights are not absolute and may be limited by legal, security, contractual, technical, operational, or recordkeeping requirements.

To make a privacy-related request, contact compliance@makuruwan.com. We may request enough information to verify your identity, confirm your authority, and understand the scope of your request.

Where Makuruwan processes data on behalf of a customer or reseller, we may direct you to the relevant customer or account owner if they are the party best placed to act on your request.

13. Cookies and similar technologies

We may use cookies, session technologies, local storage, and similar tools for authentication, preferences, security, platform functionality, diagnostics, performance, analytics, and service continuity.

If we deploy non-essential tracking, analytics, profiling, or marketing technologies where law requires notice or consent, we may provide additional cookie notices, preference tools, or consent mechanisms.

Because your final cookie implementation may evolve, this section should be reviewed again once analytics, marketing, and tracking tools are fully decided.

14. Children’s privacy

The Services are not intended for children where such use would be prohibited by law, and we do not knowingly collect personal information from children in violation of applicable legal requirements.

15. Module-specific privacy provisions

The following sections provide additional privacy details for particular Makuruwan modules. These sections supplement the general privacy terms above.

16. CRM module privacy provisions

The CRM module may process personal information such as lead data, customer names, contact details, notes, communication records, pipeline data, account profiles, deal records, follow up history, tasks, and custom fields entered by customers or their users.

Makuruwan may process this information to host, store, display, secure, retrieve, search, organize, and transmit CRM records as part of the Services.

Customers using the CRM module are responsible for ensuring that they have lawful authority to collect and use CRM-related personal information, including for customer relationship management, outreach, follow-up, segmentation, and sales operations.

If you use CRM workflows, reminders, or automations, you remain responsible for the legal and practical implications of the actions triggered by your configuration.

17. WhatsApp chatbot builder privacy provisions

The WhatsApp chatbot builder module may process message content, phone numbers, contact identifiers, channel-linked metadata, prompt inputs, workflow instructions, bot responses, conversation history, delivery events, and related interaction data.

This data may be processed to create, route, deliver, monitor, troubleshoot, store, and improve chatbot-enabled communication services.

Because this module may depend on third-party messaging platforms, APIs, or policies, related personal information may also be processed by those third parties in accordance with their own terms and privacy practices.

Customers remain responsible for ensuring that they have lawful grounds, notices, permissions, and message policies in place for any communications sent using chatbot or automation features.

18. Domain registration privacy provisions

Domain registration services may require the processing of registrant details, administrative contact details, billing details, technical contact details, ownership records, verification information, and renewal instructions.

Such information may be shared with registrars, registries, DNS-related providers, verification vendors, and other relevant third parties where necessary to process registrations, transfers, renewals, validation, compliance, or disputes.

Domain services may also involve public registration databases or registry disclosure rules depending on the domain extension, registrar, applicable law, or ICANN-related framework.

Customers requesting domain services remain responsible for the accuracy of registrant information and for understanding that some domain-related data may be subject to mandatory disclosure or registry-controlled processing.

19. Hosting module privacy provisions

Hosting-related services may involve the processing of account holder data, technical access credentials, IP logs, deployment logs, hosted content data, traffic data, backup metadata, support history, DNS information, and operational monitoring records.

This information may be used to provision infrastructure, maintain hosting environments, monitor health and security, diagnose incidents, provide support, manage access, and enforce legal or acceptable-use obligations.

Because hosting can involve infrastructure partners, datacentre environments, CDN tools, backup tools, DNS vendors, or security services, some personal information may be processed by such third-party providers as part of service delivery.

Customers remain responsible for the lawfulness of the content, data, and services they host through Makuruwan or related infrastructure services.

20. Renewal reminders, billing notices, and service lifecycle communications

We may use your personal information, especially billing and contact details, to send transactional notices relating to subscriptions, renewals, overdue invoices, service expiry, suspension risk, and termination status.

For non-monthly subscriptions, such communications may include reminders sent 30 days before expiry, 7 days before expiry, 3 days before expiry, 2 days before expiry, 1 day before expiry, on the day of expiry, 1 day after expiry, and 2 days after expiry, followed by suspension and eventual termination notices if payment remains outstanding.

These notices are generally treated as service-related communications rather than optional promotional messages.

21. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, modules, vendors, legal obligations, business practices, operational processes, or regulatory expectations.

When material changes are made, we may update the effective date and provide notice through the website, the platform, your account, email, or another reasonable method.

22. Contact and privacy complaints

For privacy questions, data protection requests, or complaints, contact:

Makuruwan Technologies (Private) Limited

Compliance and privacy contact: compliance@makuruwan.com

Data Protection Officer: Macmillan Murisa