Privacy Policy

Last Updated: February 17, 2025

Your privacy is critically important to us. This Privacy Policy explains how TenantHub collects, uses, discloses, and safeguards your information.

1. Introduction

TenantHub operates a multi-tenant Software-as-a-Service platform that enables businesses to manage their operations through a shared application infrastructure while maintaining strict data isolation between tenants.

This Privacy Policy describes our policies and procedures on the collection, use, disclosure, and protection of your information when you use our Service. It applies to all users of the TenantHub platform, including:

  • Super Administrators: Platform owners who manage the overall system
  • Tenant Administrators: Business owners who manage their organization account
  • Tenant Users: Staff members who access the platform within their organization
  • Website Visitors: Individuals who visit our marketing website

By using TenantHub, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

2. Definitions

Personal Data: Any information relating to an identified or identifiable natural person, including but not limited to name, email address, phone number, IP address, and usage data.

Tenant: An organization or business entity that subscribes to and uses the TenantHub platform.

Tenant Data: All data, content, and information submitted, stored, or processed by a Tenant and its users through the Service.

Service: The TenantHub multi-tenant SaaS platform, including all associated websites, applications, APIs, and services.

Data Controller: The entity that determines the purposes and means of processing Personal Data. For Tenant Data, the Tenant is the Data Controller.

Data Processor: The entity that processes Personal Data on behalf of the Data Controller. TenantHub acts as a Data Processor for Tenant Data.

3. Information We Collect

3.1 Information You Provide Directly

Account Registration Information:

  • Full name
  • Email address
  • Password (encrypted and hashed using BCrypt)
  • Phone number (optional)
  • Job title or role within your organization
  • Organization name and details

Tenant Organization Information:

  • Business name and legal entity information
  • Business address and contact details
  • Tax identification numbers (for billing purposes)
  • Industry and business type
  • Number of employees and users

Billing and Payment Information:

  • Billing address
  • Payment method details (processed securely through third-party payment processors)
  • Transaction history and invoices
  • Subscription plan and pricing tier

Communications:

  • Support requests and correspondence
  • Feedback and survey responses
  • Email communications with our team

3.2 Tenant Data

Important: Tenant Data is any information, content, or data that you or your users upload, submit, or create within the TenantHub platform. This may include:

  • Business records and documents
  • Customer information managed by your organization
  • User-generated content and files
  • Configuration settings and preferences
  • Any other data you choose to store in the platform

You retain all ownership rights to your Tenant Data. TenantHub acts solely as a Data Processor for Tenant Data and processes it only according to your instructions and this Privacy Policy.

3.3 Automatically Collected Information

Usage Data:

  • Pages visited and features used
  • Time spent on pages and in the application
  • Click patterns and navigation paths
  • Search queries within the platform
  • Actions performed (create, read, update, delete operations)
  • Error messages and system logs

Device and Technical Information:

  • IP address and geolocation data
  • Browser type and version
  • Operating system and device type
  • Screen resolution and display settings
  • Referring website or source
  • Date and time of access

Authentication and Security Data:

  • Login timestamps and session duration
  • Authentication tokens (JWT access and refresh tokens)
  • Failed login attempts and security events
  • Two-factor authentication settings
  • Password reset requests

3.4 Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track activity on our Service and store certain information. Types of cookies we use:

Essential Cookies: Required for the platform to function properly, including authentication and session management.

Performance Cookies: Help us understand how users interact with the Service to improve functionality.

Functional Cookies: Remember your preferences and settings.

Analytics Cookies: Collect aggregated usage statistics to help us improve the Service.

For more detailed information about our use of cookies, please see our Cookie Policy.

4. How We Use Your Information

4.1 Service Provision and Operations

  • Create and manage your account and tenant organization
  • Authenticate users and maintain secure access
  • Process transactions and manage subscriptions
  • Provide customer support and respond to inquiries
  • Send service-related notifications and updates
  • Enforce our Terms of Service and platform policies

4.2 Platform Improvement and Development

  • Analyze usage patterns to improve features and user experience
  • Develop new features and functionality
  • Conduct research and analytics on platform performance
  • Test and optimize system performance
  • Identify and fix bugs and technical issues

4.3 Security and Fraud Prevention

  • Monitor for suspicious activity and security threats
  • Prevent fraud, abuse, and unauthorized access
  • Maintain audit logs for security and compliance
  • Investigate and respond to security incidents
  • Enforce tenant isolation and data protection measures

4.4 Communications

  • Send account-related notifications (password resets, security alerts)
  • Provide billing and subscription updates
  • Share product updates and new feature announcements
  • Send marketing communications (with your consent, where required)
  • Request feedback and conduct surveys

4.5 Legal and Compliance

  • Comply with legal obligations and regulatory requirements
  • Respond to legal requests and court orders
  • Protect our rights, property, and safety
  • Enforce our agreements and policies
  • Resolve disputes and prevent illegal activities

5. How We Share Your Information

Important Privacy Commitment:

We do not sell, rent, or trade your Personal Data or Tenant Data to third parties for their marketing purposes. We only share information in the limited circumstances described below.

5.1 Within Your Tenant Organization

Information is shared among users within your tenant organization according to the roles and permissions you configure. Tenant Administrators control access to data within their organization.

5.2 Service Providers and Partners

We share information with trusted third-party service providers who assist us in operating the platform:

  • Cloud Infrastructure: Render (hosting), Neon (database)
  • Payment Processors: Stripe, M-Pesa, and other payment gateways
  • Email Services: For transactional and notification emails
  • Analytics Providers: For usage analytics and performance monitoring
  • Customer Support Tools: For managing support tickets and communications

All service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders, search warrants)
  • Government or regulatory requests
  • National security or law enforcement requirements
  • Protection of our rights, property, or safety
  • Prevention of fraud or illegal activities

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such change and provide options regarding your information.

5.5 With Your Consent

We may share your information for any other purpose with your explicit consent or at your direction.

6. Data Storage and Security

6.1 Data Storage Location

Your data is stored on secure servers provided by our infrastructure partners:

  • Application Hosting: Render (cloud infrastructure)
  • Database: Neon PostgreSQL (serverless database)
  • Geographic Location: Data centers may be located in various regions. Contact us for specific location information.

6.2 Security Measures

We implement industry-standard security measures to protect your information:

Encryption:

  • Data in transit: TLS/SSL encryption (HTTPS)
  • Data at rest: Database-level encryption
  • Password storage: BCrypt hashing algorithm

Access Controls:

  • Role-Based Access Control (RBAC)
  • Multi-factor authentication (MFA) support
  • JWT-based authentication with short-lived tokens
  • Principle of least privilege for system access

Tenant Isolation:

  • Strict tenant_id filtering on all database queries
  • Application-level data isolation
  • Separate logical data boundaries per tenant
  • Regular security audits of isolation mechanisms

Monitoring and Logging:

  • Comprehensive audit logs for sensitive operations
  • Real-time security monitoring and alerts
  • Regular security assessments and penetration testing
  • Incident response procedures

Infrastructure Security:

  • Regular security patches and updates
  • Firewall protection and network segmentation
  • DDoS protection and rate limiting
  • Automated backups and disaster recovery

Security Disclaimer:

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your information. You are responsible for maintaining the confidentiality of your account credentials.

6.3 Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

  • Active Accounts: Data is retained while your account is active
  • Closed Accounts: Data may be retained for up to 90 days after account closure for recovery purposes
  • Legal Requirements: Some data may be retained longer to comply with legal obligations
  • Audit Logs: Security and audit logs retained for up to 7 years
  • Billing Records: Financial records retained as required by tax and accounting laws

6.4 Data Backups

We maintain regular automated backups of all data to ensure business continuity and disaster recovery. Backup data is subject to the same security measures as production data and is retained according to our backup retention policy.

7. Your Privacy Rights

Depending on your location and applicable laws, you may have the following rights regarding your Personal Data:

7.1 Access and Portability

  • Request access to your Personal Data
  • Receive a copy of your data in a structured, machine-readable format
  • Export your Tenant Data at any time through the platform

7.2 Correction and Update

  • Correct inaccurate or incomplete Personal Data
  • Update your account information through your profile settings
  • Request corrections to data you cannot modify yourself

7.3 Deletion

  • Request deletion of your Personal Data (right to be forgotten)
  • Close your account and request data deletion
  • Note: Some data may be retained for legal or legitimate business purposes

7.4 Restriction and Objection

  • Restrict or object to certain processing of your Personal Data
  • Opt-out of marketing communications
  • Object to automated decision-making or profiling

7.5 Withdraw Consent

Where we process your data based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

7.6 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

Email: alvinondieki5@gmail.com

Subject Line: Privacy Rights Request

We will respond to your request within 30 days. We may need to verify your identity before processing your request.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country.

When we transfer your Personal Data internationally, we ensure appropriate safeguards are in place, including:

  • Standard contractual clauses approved by relevant authorities
  • Data processing agreements with service providers
  • Compliance with applicable data protection frameworks
  • Encryption and security measures during transfer

9. Children's Privacy

Age Restriction: Our Service is not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children under 18. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us immediately. We will take steps to delete such information from our systems.

10. Third-Party Links and Services

Our Service may contain links to third-party websites, applications, or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

We strongly advise you to review the privacy policy of every site you visit. This Privacy Policy applies only to information collected by TenantHub.

Third-Party Services We Use:

  • Render: Cloud hosting infrastructure
  • Neon: PostgreSQL database hosting
  • Stripe: Payment processing (subject to Stripe's privacy policy)
  • M-Pesa: Mobile payment processing (subject to Safaricom's privacy policy)

11. Changes to This Privacy Policy

We may update our Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification to registered users (for material changes)
  • Displaying a prominent notice on our platform

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes constitutes your acceptance of the updated Privacy Policy.

Material Changes: If we make material changes that significantly affect your rights, we will provide at least 30 days notice before the changes take effect and may require you to affirmatively accept the new terms.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

TenantHub Privacy Team

Email:alvinondieki5@gmail.com
Phone:+254 700 921 906
Location:Nairobi, Kenya
Response Time:We aim to respond to all privacy inquiries within 48 hours

Data Protection Officer: For EU/EEA residents or GDPR-related inquiries, you may contact our Data Protection Officer at the email address above with the subject line "ATTN: Data Protection Officer"

Supervisory Authority: If you are located in the European Economic Area, you have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your privacy concerns.

Acknowledgment

By using TenantHub, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our Service immediately.