Privacy Policy

1. Introduction

ISPCentre ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our platform and services.

By accessing or using ISPCentre, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our Service.

This policy complies with the Kenya Data Protection Act 2019 and international data protection standards.

2. Information We Collect

2.1 Personal Information You Provide

We collect information that you directly provide to us when using our Service:

• Account Information: Name, email address, phone number, company name, physical address
• Business Information: ISP license details, tax identification numbers, business registration information
• Payment Information: M-Pesa phone numbers, bank account details, card payment details, billing addresses (we do not store full credit card numbers - processed by Paystack and Pesapal)
• Customer Data: Information about your customers that you input into the system (names, contact details, subscription information, payment history)
• Network Configuration: MikroTik router details, IP addresses, network topology, RADIUS server credentials
• Support Communications: Information you provide when contacting our support team, including tickets, emails, and chat messages

2.2 Automatically Collected Information

When you use our Service, we automatically collect certain information:

• Device Information: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages viewed, features used, time spent on pages, click patterns, session durations
• Log Data: Server logs, error reports, API call logs, authentication attempts
• Network Performance Metrics: Router uptime, bandwidth usage, connection statistics, service quality metrics
• Location Data: General geographic location based on IP address (not precise GPS data)
• Cookies and Similar Technologies: Information collected via cookies, web beacons, and similar tracking technologies

2.3 Information from Third Parties

We may receive information from third-party services:

• Payment processors (M-Pesa, Paystack, Pesapal) - transaction confirmation data
• MikroTik routers - network statistics and user connection data
• Analytics providers - aggregated usage statistics
• Authentication providers - if you use single sign-on services

3. How We Use Your Information

We use the collected information for the following purposes:

3.1 Service Provision

• Provide, operate, and maintain the ISPCentre platform
• Process transactions and send billing statements
• Manage customer subscriptions and accounts
• Configure and monitor MikroTik routers
• Facilitate RADIUS authentication
• Generate reports and analytics

3.2 Communication

• Send service-related notifications (downtime, maintenance, security alerts)
• Respond to support requests and inquiries
• Send marketing communications (with your consent, opt-out available)
• Provide updates about new features and services

3.3 Service Improvement

• Analyze usage patterns to improve platform functionality
• Develop new features and services
• Conduct research and analytics
• Optimize performance and user experience

3.4 Security and Compliance

• Detect, prevent, and respond to security incidents
• Monitor for fraudulent activity
• Enforce our Terms of Service
• Comply with legal obligations and regulatory requirements
• Protect our rights and the rights of our users

4. Data Protection and Security

We implement comprehensive security measures to protect your information:

4.1 Encryption

• Data in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
• Data at Rest: Sensitive data (passwords, API keys, payment credentials, RADIUS secrets) is encrypted using AES-256 encryption
• Database Encryption: Customer data is stored in encrypted databases

4.2 Access Controls

• Multi-factor authentication (MFA) available for all accounts
• Role-based access control (RBAC) for ISP admin users
• Strict employee access policies - access granted on a need-to-know basis only
• Regular access audits and reviews

4.3 Infrastructure Security

• Hosting on secure, certified data centers
• Firewalls and intrusion detection systems
• Regular security updates and patches
• DDoS protection

4.4 Monitoring and Auditing

• 24/7 security monitoring
• Regular security audits and penetration testing
• Comprehensive logging and audit trails
• Incident response procedures

4.5 Backup and Recovery

• Automated daily backups
• Encrypted backup storage
• Point-in-time recovery capability
• Disaster recovery and business continuity plans

Important: While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but strive to use commercially acceptable means to protect your data.

5. Data Sharing and Third Parties

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our platform:

• Payment Processors: M-Pesa (Safaricom), Paystack, Pesapal - for payment processing
• Cloud Hosting: Our infrastructure provider - for hosting and data storage
• Email Services: Email delivery providers - for transactional and marketing emails
• SMS Providers: SMS gateway services - for SMS notifications
• WhatsApp Gateway: WhatsApp Business API providers - for WhatsApp notifications
• Analytics: Usage analytics providers - for platform improvement

All service providers are bound by data protection agreements and are prohibited from using your data for any purpose other than providing services to us.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Court orders or subpoenas
• Government or regulatory requests
• Law enforcement inquiries
• Legal proceedings or investigations

5.3 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change and the choices you may have.

5.4 With Your Consent

We may share your information with third parties when you have given explicit consent to do so.

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Your Rights and Choices

Under the Kenya Data Protection Act 2019, you have the following rights regarding your personal information:

6.1 Access and Portability

• Request a copy of the personal information we hold about you
• Export your customer data in machine-readable formats (CSV, JSON)
• Receive information about how your data is processed

6.2 Correction and Updates

• Update inaccurate or incomplete information through your account settings
• Request correction of any errors in your personal data

6.3 Deletion

• Request deletion of your personal information (subject to legal retention requirements)
• Close your account and request data deletion
• Note: We may retain certain information as required by law or for legitimate business purposes

6.4 Marketing Communications

• Opt out of marketing emails by clicking "unsubscribe" in any marketing email
• Manage communication preferences in your account settings
• Note: You cannot opt out of service-related communications (billing, security alerts, etc.)

6.5 Object to Processing

• Object to certain types of data processing
• Request restriction of processing in specific circumstances

To exercise any of these rights, please contact us at privacy@ispcentre.com. We will respond to your request within 30 days.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

7.1 Retention Periods

• Active Accounts: Information is retained while your account is active
• Closed Accounts: Data is retained for 90 days after account closure for recovery purposes, then deleted
• Financial Records: Billing and payment records are retained for 7 years as required by Kenyan tax law
• Support Communications: Retained for 2 years for quality assurance and dispute resolution
• Logs and Security Data: Retained for 1 year for security and audit purposes

7.2 Legal Holds

We may retain information beyond normal retention periods when required for legal proceedings, audits, or regulatory investigations.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience and collect information about how you use our Service.

8.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security, session management)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how users interact with the Service
• Performance Cookies: Measure and improve platform performance

8.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of the Service. Most browsers allow you to:

• View and delete cookies
• Block third-party cookies
• Block all cookies
• Clear cookies when closing the browser

9. Children's Privacy

ISPCentre is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 18, we will take steps to delete that information promptly.

If you believe we have collected information from a child, please contact us immediately at privacy@ispcentre.com.

10. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify affected users within 72 hours of becoming aware of the breach
• Report the breach to relevant data protection authorities as required by law
• Provide information about the nature of the breach and steps being taken
• Offer guidance on steps you can take to protect yourself

11. Third-Party Links

Our Service may contain links to third-party websites, services, or integrations (such as payment gateways, MikroTik router interfaces, etc.). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email or through a prominent notice in the Service
• Provide at least 30 days' notice before the changes take effect for material changes

Your continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days.