Legal
Privacy Policy
Effective Date: December 6, 2024 | Last Updated: December 6, 2024
Introduction
Welcome to Defolt Labs. We build calm, confident technology—starting with Nyaraka Point, our document automation platform. This Privacy Policy explains how we collect, use, protect, and handle your information when you use our services.
We believe privacy is a right, not a luxury. We only collect what we need to deliver our services, and we don't use your data for advertising, profiling, or any purpose beyond what you signed up for.
This policy applies to:
- Nyaraka Point (our document automation platform)
- Defolt Labs website (defoltlabs.com)
- Any future products or services offered by Defolt Labs
If you have questions about this policy, please contact us at info@defoltlabs.com.
What Data We Collect
We collect only the information necessary to provide our services. Here's what we may collect:
1. Account Information
When you create an account, we collect:
- Full name
- Email address
- Phone number (optional)
- Company name (optional)
- Password (encrypted and never stored in plain text)
2. Document Generation Data
When you use Nyaraka Point to generate documents, you may provide:
- Customer names and contact information
- Business addresses
- Invoice details (amounts, descriptions, dates)
- Custom text, logos, or branding elements
- Any other content you choose to include in your documents
Important: This data is only used to generate your documents. Unless you explicitly choose to save a document to your account, this content is deleted immediately after generation.
3. Transaction and Billing Data
To process payments and maintain billing records, we collect:
- Wallet top-up amounts and transaction history
- Payment method details (processed by our payment provider; we do not store full credit card numbers)
- Billing addresses
- Usage-based billing logs (e.g., number of documents generated, API calls made)
4. Template Marketplace Data
If you use or upload templates in the Nyaraka Point Template Marketplace:
- Template designs (HTML, CSS, layouts)
- Template metadata (title, description, category)
- Usage history (which templates you've used)
- Attribution information (designer/creator details)
5. API Developer Data
If you use the Nyaraka Point API:
- API keys (generated by you, managed in your dashboard)
- API usage logs (endpoints called, request timestamps, response codes)
- Developer documentation access history
6. Automatically Collected Data
When you visit our website or use our services, we automatically collect:
- IP address
- Browser type and version
- Device information (type, operating system)
- Pages visited and time spent
- Referral source (how you found us)
We use this data only for technical diagnostics, security monitoring, and service improvement—not for advertising or tracking.
How We Use Your Data
We process your data solely to deliver the services you requested. Here's how:
Service Delivery
- Account Management: To create, maintain, and secure your account
- Document Generation: To produce the documents you request based on your input
- Billing & Payments: To process wallet top-ups, track usage, and generate invoices
- API Access: To authenticate your requests and provide programmatic access to our platform
- Customer Support: To respond to your inquiries and troubleshoot issues
Security & Compliance
- Fraud Prevention: To detect and prevent unauthorized access, abuse, or fraudulent transactions
- Legal Compliance: To comply with applicable laws, regulations, and legal processes
- Audit & Record-Keeping: To maintain financial records for accounting and tax purposes
Service Improvement
- Error Monitoring: To identify and fix technical issues
- Performance Optimization: To improve speed, reliability, and user experience
- Feature Development: To understand which features are most valuable and build better tools
What we DON'T do with your data:
- ❌ We do not use your data for targeted advertising
- ❌ We do not sell, rent, or trade your data to third parties
- ❌ We do not build user profiles or track you across the web
- ❌ We do not use your data for analytics beyond service improvement
- ❌ We do not share your data with marketers or data brokers
Document Generation Data Policy
This is the most important part of our privacy commitment.
Temporary Processing by Default
When you generate a document using Nyaraka Point:
- You provide data (names, addresses, invoice details, etc.)
- We process that data to generate your document (PDF, HTML, etc.)
- You receive the document
- We immediately delete the input data unless you choose to save it
Optional Document Storage (Opt-In)
You may choose to save documents to your account for future reference. If you do:
- The document and its associated data are stored in your account
- You can access, download, edit, or delete saved documents at any time
- Saved documents remain in your account until you delete them or close your account
Exception: Transaction Records
Even if you don't save a document, we keep transaction logs (e.g., "User generated 1 invoice on [date], cost: 500 TSH"). These logs are necessary for billing accuracy, fraud prevention, and financial auditing.
Data Security
We take data security seriously and implement industry-standard practices to protect your information.
Encryption
- In Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security)
- At Rest: Sensitive data (passwords, API keys, saved documents) is encrypted in our databases
Access Control
- Access to user data is restricted to authorized personnel only
- We use role-based access controls and multi-factor authentication for internal systems
- Contractors and service providers sign confidentiality agreements
No system is 100% secure. While we do everything reasonably possible to protect your data, you should also take precautions (e.g., use strong passwords, enable two-factor authentication, don't share API keys).
User Rights
You have the following rights regarding your personal data:
1. Right to Access
You can request a copy of all personal data we hold about you. We will provide this in a machine-readable format (e.g., JSON, CSV).
2. Right to Correction
If any of your personal data is inaccurate or incomplete, you can update it in your account settings or contact us for assistance.
3. Right to Deletion
You can request deletion of your account and associated data, except transaction records (required for legal compliance) and anonymized or aggregated data used for analytics.
4. Right to Data Portability
You can export your saved documents, templates, and account data at any time from your dashboard.
How to Exercise Your Rights
To exercise any of these rights:
- Email us: info@defoltlabs.com
- Subject Line: "Data Subject Request - [Your Name]"
- Include: Your account email, the specific right you're exercising, and any relevant details
We will respond within 30 days (or sooner if required by law).
Data Retention Overview
Here's a summary of how long we keep different types of data:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Until account deletion | Service delivery |
| Document Generation Data (unsaved) | Immediately deleted | Privacy by design |
| Saved Documents | Until you delete or close account | User choice |
| Transaction Records | 7–10 years (or as required by law) | Legal compliance, audit |
| Template Marketplace Designs | Indefinitely (if used at least once) | Attribution, licensing, availability |
| API Usage Logs | 12 months | Billing, abuse prevention |
Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Defolt Labs
Wastaafu St, Mikocheni B
Dar es Salaam, Tanzania
Email: info@defoltlabs.com
Website: defoltlabs.com
Phone: +255 797 140 800
For data subject requests (access, deletion, correction), please use the subject line: "Data Subject Request - [Your Name]"
We will respond within 30 days.
Thank you for trusting Defolt Labs with your data. We take that responsibility seriously.
If you have feedback on how we can improve our privacy practices, we'd love to hear from you at info@defoltlabs.com.
This policy is designed to be transparent, fair, and easy to understand. If any part is unclear, please don't hesitate to reach out.
Also see: Terms of Service