Back to Home

Privacy Policy

Last updated: April 18, 2026

Commuza Ltd ("Commuza", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use the Commuza platform.

1. Information We Collect

Personal Information

When you register and use the Service, we may collect:

  • Account information: Name, phone number (+256), email address, national ID or passport number.
  • Community information: Community name, address, unit assignments, ownership and residency records.
  • Financial information: Payment history, invoice records, mobile money transaction references.
  • Communication data: Announcements, support tickets, and messages sent through the platform.

Automatically Collected Information

  • Device type, operating system, and browser information.
  • IP address and approximate location.
  • Usage patterns, pages visited, and features accessed.
  • Crash reports and performance data.

2. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service.
  • Process payments and manage billing on behalf of Communities.
  • Send transactional notifications (payment confirmations, visitor alerts, OTP codes).
  • Enforce community rules and manage access control.
  • Respond to support requests and provide customer service.
  • Analyze usage patterns to improve the platform.
  • Comply with legal obligations under Ugandan law.

3. Data Sharing & Disclosure

We do not sell your personal information. We may share data with:

  • Community administrators: Managers and board members can access data for residents within their Community as needed for management functions.
  • Payment processors: Pesapal and DPO for processing mobile money and card transactions.
  • Communication providers: Africa's Talking (SMS), SendGrid (email), and Firebase Cloud Messaging (push notifications) for delivering platform notifications.
  • Legal authorities: When required by law, court order, or to protect the rights and safety of users.

4. Data Isolation & Security

We employ industry-standard security measures including:

  • Tenant isolation: Each Community's data is stored in a separate database schema, ensuring strict data separation.
  • Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
  • Authentication: RS256 JWT-based authentication with phone OTP verification.
  • Access control: Role-based permissions ensure users only access data they are authorized to view.
  • Row-level security: Database-level enforcement prevents cross-tenant data access.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Financial records are retained for a minimum of 7 years in compliance with Ugandan tax and accounting regulations. You may request deletion of your account and associated data, subject to legal retention requirements.

6. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal obligations.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your data for certain purposes.

To exercise these rights, contact us at privacy@commuza.ug.

7. Cookies & Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party advertising cookies. Analytics cookies may be used to understand usage patterns and improve the Service. You can manage cookie preferences through your browser settings.

8. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

9. International Data Transfers

Your data is primarily stored and processed in Uganda. Some service providers (e.g., cloud infrastructure, email delivery) may process data in other jurisdictions. We ensure appropriate safeguards are in place for any international data transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 14 days before changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

11. Contact Us

For privacy-related inquiries: