Privacy Policy

1.1 Information You Provide

• Account Information: Full name, email address, phone number, and password when you register.
• Profile Information: Profile photo, bio, and preferred location settings.
• Verification Data: National Identification (NIDA) number, passport number, or driving license number, along with photographs of your identity documents and a selfie for identity verification purposes.
• Listing Information: Property details, photographs, location data, and pricing information provided by landlords.
• Payment Information: Transaction history, subscription details, and billing records. Payment processing is handled by third-party providers; we do not store full payment card details.

1.2 Information Collected Automatically

• Device information (browser type, operating system, device identifiers)
• IP address and approximate geographic location
• Usage data (pages visited, search queries, interaction patterns)
• Cookies and similar tracking technologies

We process your personal data based on legitimate interest, contractual necessity, and your explicit consent, as required under the PDPA 2022. We use your information to:

• Provide, maintain, and improve our rental marketplace services
• Verify your identity through NIDA and other government-issued identification to ensure trust and safety on the platform
• Process subscriptions, payments, and listing promotions
• Facilitate communication between landlords and tenants
• Send service-related notifications, updates, and promotional communications (with your consent)
• Analyze usage patterns to improve search relevance and user experience
• Detect and prevent fraud, unauthorized access, and other security threats
• Message Compliance Monitoring: We scan in-app messages for phone numbers and contact information to enforce our anti-circumvention policy and protect user safety. Detected violations are logged (pattern detected, original content, timestamp) for compliance purposes.
• Comply with applicable laws and regulatory requirements

Your data is processed and stored securely using the following third-party services:

• Supabase (database & storage) — Encryption at rest (AES-256) and in transit (TLS 1.2+), row-level security policies, SOC 2 Type II compliant
• Firebase (authentication) — Google Cloud infrastructure, handles email/phone/social sign-in. Makazi does not store your raw passwords.
• PesaPal (payments) — Processes Mobile Money and card transactions. Makazi does not store your Mobile Money PIN, credit card number, or raw payment credentials.

While we implement industry-standard security measures, no method of electronic storage is 100% secure. We encourage users to take steps to protect their account credentials.

We may share your information with:

• Other Users: Limited profile information is visible to other users when you list a property or contact a landlord.
• Service Providers: Third-party services that help us operate the platform (hosting, analytics, payment processing).
• Government Authorities: When required by law or in response to valid legal process from Tanzanian courts or regulatory bodies.
• Contact Disclosure: Landlord phone numbers and WhatsApp details are only shared with tenants after explicit landlord approval or completion of the contact unlock payment process. Contact details are never exposed in client-side code or API responses until authorized.

Under the Tanzania PDPA 2022, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention requirements.
• Right to Restrict Processing: Request limitation on how we use your data.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, please contact us using the details below. We will respond to your request within 30 days.

Your data may be processed on servers located outside the United Republic of Tanzania. In accordance with Sections 31-32 of the PDPA 2022, any cross-border transfers are conducted only where adequate safeguards are in place, including contractual data protection agreements with our service providers. Where required, we obtain permits from the Personal Data Protection Commission (PDPC) before transferring data internationally.

By creating an account on Makazi, you provide informed, specific, and freely given consent for the processing of your personal data as described in this policy.

• Withdrawal of Consent: You may withdraw your consent at any time, without providing a reason, and at no cost. To withdraw consent, email privacy@makazi.io or use the account deletion option in your dashboard settings.
• Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
• Upon withdrawal, we will cease processing your personal data except where retention is required by law or for legitimate legal claims.

In the event of a security breach affecting your personal data, we will promptly notify the Personal Data Protection Commission (PDPC) without undue delay, as required by the PDPA 2022. Where the breach is likely to result in a high risk to your rights, we will also notify affected users via email and an in-platform notification, describing the nature of the breach, the data affected, and the measures taken to address it.

We use essential cookies to maintain your session and preferences. Analytics cookies are used only with your consent to help us understand how users interact with the platform. You can manage cookie preferences through your browser settings.

Makazi is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on the platform. Your continued use of Makazi after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: