Mosiflow Digital Platform – Privacy Policy

Effective Date: 29 December 2025

1. Introduction

This Privacy Policy explains how Mosiflow SURL / Mosiflow Digital Platform ("Mosiflow", "we", "us", "our") collects, uses, stores, shares, and protects personal data when you access or use our websites, applications, and services (collectively, the "Services").

Mosiflow is committed to transparency, security, and compliance with applicable data protection laws, including GDPR principles, African data protection frameworks, and international best practices.

This policy applies to all users, customers, partners, and visitors.

2. Information We Collect

We collect personal and non-personal information necessary to operate and improve our Services.

2.1 Information You Provide Directly

Note: Payment card details are processed exclusively by certified third-party payment providers and are never stored by Mosiflow.

2.2 Information Collected Automatically

2.3 Cookies & Tracking Technologies

Mosiflow uses cookies and similar technologies to ensure platform functionality and performance.

• Essential Cookies – required for security and core features
• Performance Cookies – analytics and service improvement
• Preference Cookies – language and regional settings

Users can control cookies through browser settings.

3. How We Use Your Information

We process personal data for legitimate business purposes, including:

• Providing, operating, and maintaining the Services
• Managing subscriptions, billing, and customer support
• Improving product performance and user experience
• Ensuring security, fraud prevention, and system integrity
• Legal compliance and regulatory obligations
• Research, analytics, and AI model improvement (aggregated and anonymized only)

Mosiflow does not sell personal data.

4. Legal Basis for Processing

Where applicable, Mosiflow relies on the following legal bases:

• Contractual necessity
• Legitimate business interests
• Legal obligations
• User consent (where required)

5. Data Sharing and Disclosure

Mosiflow may share data only under controlled and lawful circumstances.

5.1 Service Providers and Partners

We may share personal data with trusted third-party service providers, including:

• Cloud hosting and infrastructure providers;
• Payment processors and billing platforms;
• Messaging, notification, and analytics services;
• AI infrastructure and processing partners.

These third parties act strictly on Mosiflow’s instructions and are bound by confidentiality and data protection obligations.

5.2 Service Improvement and Analytics

• Mosiflow may use and share aggregated or anonymized data with partners to:

  • Improve platform performance;
  • Enhance AI models and automation;
  • Conduct analytics, benchmarking, and research;

• Such data does not identify individual users or companies.

5.3 Legal and Regulatory Disclosure

We may disclose data if required by law, court order, or governmental authority.

5.4 Business Transfers

Data may be transferred in connection with a merger, acquisition, restructuring, or sale of assets, subject to continued protection.

5.5 AI and Customer Data Safeguards

Customer-identifiable data used for AI services is governed by Data Processing Agreements (DPAs) and is never shared for third-party model training without explicit contractual authorization.

6. International Data Transfers

Your data may be processed in countries other than your own. Mosiflow ensures appropriate safeguards such as contractual protections and security controls.

7. Data Retention

Mosiflow retains personal data only for as long as it is necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce agreements.

7.1 Account Inactivity and Non-Payment

• If a customer account becomes inactive or unpaid, Mosiflow may retain the data for a grace period of up to forty-five (45) days;
• During this period, the customer may reactivate the Services and recover data, subject to payment of outstanding fees;
• After the grace period, Mosiflow reserves the right to delete or irreversibly anonymize customer data.

7.2 Anonymized Data

• Anonymized data may be retained indefinitely;
• Such data can no longer be linked to an individual or company;
• Anonymized data may be used for analytics, reporting, AI model improvement, and service optimization.

7.3 Legal Retention Obligations

Certain data may be retained longer where required by law, accounting rules, tax regulations, or legal proceedings.

8. Data Security Measures

Mosiflow implements industry-standard safeguards including:

• Encryption in transit and at rest
• Role-based access control
• Audit logs and monitoring
• Secure cloud infrastructure

Despite our efforts, no system is entirely risk-free.

9. Your Data Protection Rights

Depending on jurisdiction, you may have rights to:

• Access your data
• Correct inaccuracies
• Request deletion
• Restrict or object to processing
• Data portability
• Withdraw consent

Requests are handled within a reasonable timeframe and subject to verification.

10. Children’s Privacy

Mosiflow Services are not intended for individuals under 18. We do not knowingly collect data from minors.

11. Third-Party Links

Mosiflow is not responsible for privacy practices of third-party websites or services linked from our platform.

12. Changes to This Privacy Policy

We may update this policy periodically. Material changes will be communicated via the platform or website.

13. Contact Information

Mosiflow SURL Website: https://www.mosiflow.com Email: support@mosiflow.com Address: Bujumbura, Burundi, East Africa, Africa

Last Updated: 29 December 2025