Privacy
Policy.

Sakurahost ("we", "us", "our", "the Company") is committed to protecting the privacy and personal data of our customers, website visitors, and users. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website (sakurahost.co.tz), billing portal (billing.sakurahost.co.tz), and all associated services.

By using our services, creating an account, or visiting our website, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use our services.

This policy applies to all Sakurahost services including web hosting, VPS, dedicated servers, domain registration, business email, Google Workspace, SSL certificates, bulk SMS, website design, and any related digital services.

Account information: When you create an account, we collect your full name, email address, phone number, physical/postal address, company name (if applicable), and Tax Identification Number (TIN) for business accounts. This information is required to provision services, generate invoices, and comply with Tanzanian tax regulations.

Payment information: We collect transaction records including payment amount, date, payment method (M-Pesa, Airtel Money, Tigo Pesa, Selcom, bank card), and transaction reference numbers. We do NOT store credit card numbers, CVV codes, mobile money PINs, or bank account credentials. All payment processing is handled by third-party payment processors (Selcom, mobile network operators, and bank acquirers).

Domain registration data: When you register a domain, we collect and submit registrant contact information (name, organisation, address, email, phone) to the relevant domain registry (TZNIC for .tz domains, ICANN-accredited registries for generic TLDs). This data is required by registry policy and may appear in public WHOIS records.

Technical data (automatic): When you visit our website or use our services, we automatically collect: IP address, browser type and version, operating system, device type, referring URL, pages visited, time and date of visits, session duration, and geographic location (country/city level from IP). This data is collected through server logs, cookies, and analytics tools.

Support data: When you contact support, we collect the content of your tickets, emails, live chat messages, and phone call records to provide assistance and improve our services.

Website design clients: For website design projects, we collect content provided by you including text, images, logos, brand guidelines, and any other materials submitted for use in the design project.

Service delivery: To create and manage your account; provision and maintain hosting, domain, email, and other services; process payments and generate invoices; send service-related notifications (activation, renewal reminders, maintenance windows, security alerts).

Communication: To respond to your support requests and inquiries; send important account and service updates; deliver invoices and payment receipts. We may also send promotional communications about new services, features, and special offers — you can opt out of marketing emails at any time.

Service improvement: To analyse usage patterns and optimise our website and services; monitor server performance and uptime; identify and fix technical issues; develop new features based on customer needs.

Security: To detect and prevent fraud, abuse, and security threats; enforce our Acceptable Use Policy; protect our infrastructure and other customers; comply with legal obligations.

Legal compliance: To comply with Tanzanian tax and business regulations; respond to lawful requests from government authorities and courts; fulfil our obligations under domain registry policies (TZNIC, ICANN).

We use the following cookies and tracking technologies on our website:

Essential cookies: Required for website functionality (login sessions, shopping cart, language preferences). These cannot be disabled without breaking core features.

Analytics cookies: Google Analytics (GA4) — collects anonymised data about website usage including pages visited, session duration, traffic sources, and user demographics. We use this data to understand how visitors use our website and improve the user experience. Google Analytics data is retained for 14 months.

Advertising cookies: Meta Pixel (Facebook) — used to measure the effectiveness of our advertising campaigns and deliver relevant ads. You can opt out via Facebook Ad Settings.

Managing cookies: You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. However, disabling essential cookies may prevent some features from working properly. We honour Do Not Track (DNT) browser signals — when detected, we disable non-essential tracking.

Third-party cookies: Our website may contain embedded content (YouTube videos, Google Maps) that sets third-party cookies. We have no control over these cookies. Please refer to the respective third-party privacy policies.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We share data only in the following limited circumstances:

Domain registries: Registrant contact information is shared with TZNIC (for .tz domains) and ICANN-accredited registries (for .com, .net, .org, etc.) as required for domain registration. This data may appear in public WHOIS records. ICANN requires certain registrant data to be publicly accessible; TZNIC may have similar requirements.

Payment processors: Transaction data is shared with Selcom, mobile network operators (Vodacom, Airtel, Tigo, Halotel), and bank card processors to complete payment transactions. These processors are bound by their own privacy policies and PCI-DSS compliance requirements.

Service providers: We use the following third-party services that may process your data: cPanel/WHM (hosting control panel), WHMCS (billing and support platform), Google Workspace (for resold email accounts), Certificate Authorities (Sectigo, Let's Encrypt for SSL), and cloud infrastructure providers. All service providers are bound by confidentiality agreements.

Law enforcement: We may disclose personal data when required by Tanzanian law, court order, or government directive. We will notify you of such requests unless prohibited by law from doing so.

Business transfers: In the event of a merger, acquisition, or sale of assets, customer data may be transferred as part of the business. You will be notified of any such transfer and given the opportunity to close your account.

Your data is stored on servers located in Dar es Salaam, Tanzania (primary data center) and international data centers used for redundancy and content delivery. Our billing and support platform (WHMCS) is hosted on our own infrastructure.

We implement industry-standard security measures including: SSL/TLS encryption for all data in transit (HTTPS); encrypted storage for sensitive account data; server-level firewalls (CSF, ModSecurity, Imunify360); regular security audits and vulnerability scanning; access controls and role-based permissions for staff; DDoS protection at the network level; two-factor authentication (2FA) available for customer accounts.

Despite these measures, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security. In the event of a data breach that affects your personal data, we will notify you and the relevant authorities within 72 hours as required by law.

We retain different types of data for different periods based on legal requirements and business necessity:

Account data: Retained for as long as your account is active. After account closure, basic account records (name, email, billing history) are retained for 7 years as required by Tanzanian tax law (Tanzania Revenue Authority requirements).

Billing records: Invoices, payment records, and transaction logs are retained for 7 years for tax and audit purposes.

Support tickets: Retained for 3 years after resolution for quality assurance and dispute resolution.

Server and access logs: Retained for 90 days for security monitoring and troubleshooting.

Analytics data: Google Analytics data is retained for 14 months. Meta Pixel data follows Meta's retention policies.

Domain WHOIS data: Retained by domain registries according to their own policies (typically 1 year after domain expiry).

You may request earlier deletion of data that is not subject to legal retention requirements. See Section 8 for your rights.

Under Tanzanian data protection laws and international best practices, you have the following rights regarding your personal data:

Right to access: You may request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

Right to correction: You may request correction of inaccurate or incomplete personal data. You can update most account information directly through the billing portal.

Right to deletion: You may request deletion of your personal data, subject to legal retention requirements (see Section 7). Data required for tax compliance or ongoing legal proceedings cannot be deleted until the retention period expires.

Right to data portability: You may request your data in a structured, commonly used, machine-readable format (CSV or JSON). This includes account data, billing history, and support ticket history.

Right to object: You may object to the processing of your data for marketing purposes at any time. You may also object to profiling and automated decision-making.

Right to withdraw consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us at admin@sakurahost.co.tz with the subject line "Data Privacy Request." We may ask you to verify your identity before processing the request. Requests are processed within 30 days.

We may send you promotional emails about new services, features, discounts, and industry news. All marketing emails include a clear unsubscribe link. You can opt out at any time by: clicking the unsubscribe link in any marketing email; updating your preferences in the billing portal; emailing admin@sakurahost.co.tz requesting removal from marketing lists.

Opting out of marketing does not affect service-related communications (invoices, renewal reminders, maintenance notices, security alerts). These are essential to the delivery of your services and cannot be opted out of while your account is active.

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from minors. If you are under 18, you must have a parent or legal guardian create an account on your behalf.

If we become aware that we have collected personal data from a minor without parental consent, we will take immediate steps to delete that information. If you believe we have inadvertently collected data from a minor, please contact us at admin@sakurahost.co.tz.

While our primary data center is in Tanzania, some data may be processed by third-party services located in other countries (Google Analytics — USA, Meta — USA, upstream hosting providers). When data is transferred internationally, we ensure appropriate safeguards are in place through contractual obligations with our service providers.

Domain registration data is transferred to international registries (ICANN, Verisign, etc.) as required for the registration and maintenance of generic TLDs.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. Changes will be posted on this page with an updated "Last updated" date.

Material changes (new data collection, new third-party sharing, changes to your rights) will be communicated via email to all registered customers at least 14 days before taking effect. Continued use of our services after the effective date constitutes acceptance of the revised policy.

For any privacy-related questions, data requests, or concerns, contact our Data Protection team: Sakurahost | Email: admin@sakurahost.co.tz | Phone: +255 753 930 000 | WhatsApp: +255 758 309 999 | Address: Arusha, Tanzania

If you are not satisfied with our response to a privacy concern, you may lodge a complaint with the relevant Tanzanian data protection authority.