Daffaa
Get started
Legal

Privacy policy

Last updated: April 30, 2026

This Privacy Policy describes how Daffaa ("we", "us", or "our") collects, uses, shares and protects information about you when you use our website, dashboard, mobile applications and related services (the "Service"). By using the Service, you agree to the practices described in this policy.

1. Information we collect

a. Information you provide

  • Account details: name, username, email, phone number, password, and (where applicable) business information.
  • Store and product information you upload to the Service.
  • Billing information processed by our payment partners (we do not store full payment-card numbers).
  • Support requests, messages, and any other content you choose to send us.

b. Information from your devices and customers

  • SMS metadata and content from the Android device you connect to the Service, limited to messages from e-wallet senders we recognize. We use these messages only to confirm payment transactions for your store.
  • Device identifiers, app version, battery and connectivity status of the connected SMS device.
  • Customer transaction data such as amounts, references, sender numbers, and timestamps that pass through your store.

c. Information collected automatically

  • Log data: IP address, browser type, pages viewed, referring URLs, and access times.
  • Cookies and similar technologies used to keep you signed in, remember your preferences, and measure usage.

2. How we use your information

We use the information we collect to:

  • Provide, operate and maintain the Service.
  • Match incoming e-wallet SMS messages to your transactions and notify your store.
  • Process payments, billing and subscriptions.
  • Communicate with you about service updates, security alerts and support requests.
  • Detect, investigate and prevent fraud, abuse and security incidents.
  • Comply with legal obligations and enforce our Terms of Use.
  • Improve and develop new features based on aggregated, non-identifying usage data.

3. Legal bases for processing

Where applicable data-protection laws require a legal basis for processing your personal data, we rely on: (i) the performance of our contract with you to deliver the Service, (ii) compliance with legal obligations, (iii) our legitimate interests in operating, securing and improving the Service, and (iv) your consent — for example, when you choose to enable optional integrations.

4. Sharing of information

We do not sell your personal data. We share information only as described below:

  • Service providers: hosting, infrastructure, email delivery, analytics and customer-support tools that process data on our behalf under confidentiality obligations.
  • Payment partners and telecom operators: when needed to confirm payments and route SMS notifications.
  • Your team: staff members and devices you authorize to access your account will see relevant data within their scope.
  • Legal and safety: when required to comply with law, respond to a valid legal request, protect our rights, or prevent fraud or harm.
  • Business transfers: in connection with a merger, acquisition or sale of assets, in which case we will continue to protect your information consistent with this policy.

5. Data retention

We retain personal data for as long as your account is active and for a reasonable period afterwards to comply with legal, accounting and dispute-resolution requirements. Transactional records may be retained for longer periods where required by tax or financial regulations. When data is no longer needed, we either delete it or irreversibly anonymize it.

6. Security

We implement administrative, technical and physical safeguards designed to protect your data, including encryption in transit, access controls, audit logging and regular reviews. However, no system is completely secure; you are responsible for keeping your password and connected devices safe and for promptly reporting any suspected unauthorized access.

7. Your rights

Depending on your location, you may have the right to access, correct, update, port or delete your personal data; to object to or restrict certain processing; and to withdraw consent where processing is based on consent. You can exercise most of these rights directly from your dashboard, or by contacting us using the details below. We will respond within the timeframes required by applicable law.

8. Cookies

We use cookies and similar technologies to keep you signed in, remember your language and theme preferences, and understand how the Service is used. You can control cookies through your browser settings, but disabling them may limit your ability to use parts of the Service.

9. International transfers

Your information may be processed in countries other than the one where you reside, including by our service providers. When we transfer personal data internationally, we take steps to ensure it receives an adequate level of protection consistent with this policy and applicable law.

10. Children's privacy

The Service is not directed to children under 18, and we do not knowingly collect personal data from them. If you believe a child has provided us with personal data, please contact us so we can delete it.

11. Third-party links and services

Our Service may contain links to or integrations with third-party websites and services. We are not responsible for their privacy practices and encourage you to review their privacy notices.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Service or by email and update the "Last updated" date above. Your continued use of the Service after the changes take effect means you accept the updated policy.

13. Contact

If you have any questions or requests regarding this Privacy Policy or how we handle your data, please contact us: noreply@blast-media.net