Privacy Policy

Privacy Policy

Effective Date: 10 October 2018
Last Updated: 27 May 2026
Company: NextByte ICT Solutions Co. Ltd
Platform: NextSMS (nextsms.co.tz)
Registered Address: Victoria House, Regent Estate, Plot. No. 37, Bagamoyo Road, Sixth Floor, Wing C, Kinondoni, Dar es Salaam
Contact: support@nextsms.co.tz

1. Introduction

NextSMS recognizes the importance of protecting privacy. This Privacy Policy describes what personal information we may collect and how we may use and protect any personal information that is made available to us. Save where the context indicates otherwise, this Privacy Policy applies to all registered or non-registered Users of our messaging or other Services as defined in our standard Terms and Conditions, including visitors to any of our websites, mobile applications, or APIs.

This Policy is issued in compliance with the Personal Data Protection Act No. 11 of 2022 of the United Republic of Tanzania, the Electronic and Postal Communications Act (EPOCA) No. 3 of 2010, and applicable regulations issued by the Tanzania Communications Regulatory Authority (TCRA).

By using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and processing of your personal information as described herein. If you do not agree, you must not use our Services.

2. Definitions

Where used in this Policy, the following terms shall have the meanings below:

  • "Personal Information" means any information identifying or describing an identifiable individual, including but not limited to information relating to their name, age, gender, reproductive status, marital status, national, ethnic or social origin, sexual orientation, physical or mental health, disability, conscience, belief, culture, language and birth of the individual; educational, criminal or employment history of the individual; financial status or information relating to financial transactions in which they have been involved; and any identifying number, address, or contact information of the individual.
  • "User" means any person, business, or organisation that registers for, accesses, or uses the NextSMS platform.
  • "Recipient" means any person who receives a message sent through the platform by a User.
  • "Services" means the Bulk SMS Service, WhatsApp messaging, mobile SMS, API access, and any related features provided through the platform.
  • "Processing" means any operation performed on personal data, including collection, storage, use, disclosure, transfer, or deletion.
  • "PDPA" means the Personal Data Protection Act No. 11 of 2022 of Tanzania.

3. Commitment to Privacy

We are committed to maintaining the confidentiality, integrity, and security of personal information. We will take all appropriate technical and organisational security measures to ensure that where any personal information is provided to us, it will be protected against loss, destruction, and damage, and against unauthorised or accidental access, processing, erasure, transfer, use, modification, disclosure, or other misuse.

We shall not disclose to any person any personal data of a data subject that is processed or hosted by us where any such disclosure would not comply in all respects with the provisions of any applicable data protection legislation or regulations relating to the data subject concerned.

4. Information We Collect

4.1 Account Information

Our Users may be required to submit limited personal information when accessing the Services, including:

  • Full name or business name;
  • Email address and password (for protecting User accounts against unauthorised access);
  • Phone number and physical address;
  • Business registration details and Sender ID information;
  • Payment and billing information for credit purchases.

4.2 Usage and Activity Data

We may automatically record certain information about the use of our Services, including:

  • Account activity (e.g. usage, log-ins, actions taken);
  • Data displayed or clicked on (e.g. links, buttons);
  • Log information (e.g. browser type, operating system, IP address, date and time of access);
  • Message volume, delivery reports, and campaign history.

We may use this information to provide authorised persons with usage reports and internally to deliver the best possible service to our clients and Users, such as improving software user interfaces and maintaining a consistent, reliable, and secure user experience.

4.3 Location and IP Address

We may detect and log a User's location and IP address in order to identify the User's geographic region or time zone, for routing traffic to geographically based servers, or for managing time-sensitive tasks such as the sending of notifications or delivery of messages.

4.4 Message Content and Phonebook Data

A User's phonebook and message content indicating to whom messages were sent or received belong exclusively to that User and will not be disclosed to any third parties without the User's written permission, or unless compelled to do so by a court of law or regulatory authority. Messages, files, or other data contained in the Services may also contain the personal information of third parties, which the User is solely responsible for handling in compliance with applicable law.

4.5 Cookies and Tracking Technologies

Like many reputable online companies, our Services — including our website, other online services, applications, email messages, and advertisements, if any — may use cookies and other technologies such as pixel tags and web beacons to collect information. A cookie is a small data file stored on the web browser on your computer's hard drive. Cookies and other technologies allow us to:

  • Count how many Users visited certain web pages within our website;
  • Record Users' personal preferences for a better browsing experience;
  • Measure the effectiveness of our website and electronic advertisements for different computing devices and regions.

We use this information to understand and analyse trends, to administer our websites, and to learn about user behaviour on our websites. If a User blocks cookies from being stored on a computer, the functionality of our Services may be negatively affected.

4.6 Information from Third Parties

We may receive information about you from third parties such as payment processors, identity verification services, or network operators where this is necessary to provide the Services or comply with legal obligations.

5. How We Use Your Information

We use personal information collected through the Services for the following purposes:

  • To create and manage your account;
  • To process credit purchases and billing;
  • To provide, operate, and improve the Services;
  • To transmit your messages to the intended Recipients via mobile network operators;
  • To provide customer support and respond to enquiries;
  • To send transactional communications related to your account (e.g. activation confirmation, invoices, service alerts);
  • To send promotional communications about our Services, where you have opted in to receive such communications;
  • To detect and prevent fraudulent, abusive, or illegal activity;
  • To comply with legal obligations, regulatory requirements, and TCRA directives;
  • To carry out analytics and improve our platform's features and performance.

5.1 Analytics and Non-Personal Data

We may carry out functional, statistical, textual, semantic, and other forms of analysis of non-personally identifiable data that is hosted or processed by us in relation to our Services. We do this to improve the performance of our Services, to understand the way in which our Services are being utilised, to identify usage patterns and market trends, to gain insights, and to formulate new products and service offerings.

We may also process, aggregate, and anonymise personal data such that it does not reveal any confidential, personal, or sensitive data or any features from which confidential, personal, or sensitive data may be ascertained. We will never disclose confidential, personal, or sensitive data without the direct or indirect consent of the party to whom we owe the duty of confidentiality and/or the data subject concerned. We may process and transfer anonymised data at our reasonable discretion, including within NextByte ICT Solutions Co. Ltd's group of companies.

6. Legal Basis for Processing

Under the Personal Data Protection Act No. 11 of 2022, we process your personal information on the following lawful bases:

  • Contract performance — processing is necessary to provide the Services you have subscribed to;
  • Legal obligation — processing is required to comply with TCRA regulations, tax laws, court orders, or other legal requirements;
  • Legitimate interests — processing is necessary for our legitimate business interests, including fraud prevention, platform security, and service improvement, where such interests are not overridden by your rights;
  • Consent — where you have given your explicit consent, such as for promotional communications.

7. Sender Identity and Recipient Rights

Any Recipient of any message has the right to know the identity of the sender, and this will be disclosed on request to the Recipient. Users are required to ensure that all messages sent through the platform clearly identify the sender, in accordance with our Terms and Conditions and TCRA regulations.

8. Disclosure and Sharing of Personal Information

8.1 No Sale of Data

NextSMS does not sell, rent, or trade your personal information or your Recipients' data to third parties for marketing or commercial purposes.

8.2 Permitted Disclosures

We may share your personal information only in the following circumstances:

  • Network operators and delivery partners — to facilitate message delivery to Recipients;
  • Payment processors — to process credit purchases and billing transactions securely;
  • Regulatory and legal authorities — where required by TCRA, a court of law, or any competent government authority under applicable Tanzanian law;
  • Service providers — third parties who assist us in operating the platform (e.g. cloud hosting, analytics), subject to strict data processing agreements;
  • Business transfers — as described in Section 12 below, in the event of a merger or acquisition.

8.3 Cross-Border Data Transfers

Where the personal data of any User is transferred to NextSMS or a third party in a non-local jurisdiction for processing, NextSMS undertakes to ensure that appropriate technical and organisational security measures are in place that provide a level of protection appropriate to the risks represented by the processing of such data, in order to protect such data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access, or any other unlawful form of processing.

9. Data Security

We implement appropriate technical and organisational security measures to protect your personal information, including:

  • Encryption of data in transit using industry-standard protocols (HTTPS/TLS);
  • Secure storage of passwords using strong hashing algorithms;
  • Access controls limiting data access to authorised personnel only;
  • Regular security assessments and monitoring of our systems;
  • Incident response procedures for detecting and addressing data breaches.

While we take all reasonable steps to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to continuously improving our security practices.

10. Communications With You

We may communicate with Users, resellers, and other persons by email and other messaging applications. Communications fall into two categories:

  • Transactional communications — these relate directly to the Services, such as account activation, password resets, invoices, delivery alerts, and service notices. These are necessary for the provision of the Services and cannot be opted out of while your account is active.
  • Promotional communications — these include updates about new features, offers, or industry news. You may opt out from promotional communications from us that are not strictly related to the provision of the Services to you at any time by contacting us at support@nextsms.co.tz or using the unsubscribe link provided in such communications.

11. Personal Information of Minors

We do not intentionally collect personally identifiable information from anyone who is a minor (under 18 years of age). Our Services are not directed at minors. If it is discovered that we have unintentionally collected personally identifiable information from a minor other than for a legitimate purpose associated with the Services, we will delete that information immediately. If you believe we have collected information from a minor, please contact us at support@nextsms.co.tz.

12. Your Rights as a Data Subject

Under the Personal Data Protection Act No. 11 of 2022, you have the following rights in relation to your personal information:

  • Right of access — you have the right to request a copy of the personal information we hold about you;
  • Right to rectification — you have the right to request correction of any inaccurate or incomplete personal information;
  • Right to erasure — you have the right to request deletion of your personal information where it is no longer necessary for the purpose for which it was collected, subject to our legal retention obligations;
  • Right to object — you have the right to object to the processing of your personal information for direct marketing or where processing is based on legitimate interests;
  • Right to data portability — you have the right to receive your personal data in a structured, commonly used format;
  • Right to withdraw consent — where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please submit a written request to support@nextsms.co.tz. We will respond to your request within 30 days. We may require proof of identity before processing your request.

13. Data Retention

We retain your personal information for as long as is necessary to fulfil the purposes described in this Privacy Policy, or as required by law. Specifically:

  • Account data — retained for the duration of your account and for a minimum of three (3) months after termination of your relationship with NextSMS, and as long as is reasonably necessary to assist us in meeting our legal compliance obligations;
  • Message logs and delivery records — retained for a period necessary to resolve disputes and comply with regulatory requirements;
  • Financial records — retained for the period required by Tanzanian tax and financial laws;
  • Anonymised analytics data — may be retained indefinitely as it cannot be linked back to any individual.

If you terminate your relationship with NextSMS, portions of your personal information may be retained in back-ups and archives for at least three (3) months and as long as is reasonably necessary to assist us in meeting our legal compliance obligations, after which it will be securely deleted.

14. Cookies Policy

You can control the use of cookies at the browser level. Most web browsers allow you to manage cookie preferences through their settings. You may choose to block all cookies or to be notified when a cookie is set. Please note that if a User blocks cookies from being stored on a computer, the functionality of our Services may be negatively affected and some features may not work as intended.

We use the following types of cookies:

  • Essential cookies — necessary for the platform to function (e.g. session management, login authentication). These cannot be disabled.
  • Analytics cookies — help us understand how Users interact with our platform so we can improve it (e.g. Google Analytics).
  • Preference cookies — remember your settings and personalisation choices.

15. Revisions to This Policy

Our Privacy Policy may be updated from time to time at our discretion. Changes will become effective upon posting to the site with an updated effective date. Where changes are material, we will endeavour to notify you by email or in-platform notification in advance.

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the revised Policy. If you do not agree to the changes, you must stop using the Services.

16. Merger or Acquisition

If NextSMS merges with, or is acquired by, any other business, you will be requested three (3) months in advance to acknowledge that your personal information will fall under the control of another business. If not acknowledged within that period, it shall be taken to indicate the termination of your relationship with NextSMS, and your personal information will be handled in accordance with our data retention policy in Section 13.

17. Third-Party Links

Our platform or communications may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of any external websites. We encourage you to read the privacy policies of any third-party sites you visit.

18. Governing Law

This Privacy Policy is governed by and construed in accordance with the laws of the United Republic of Tanzania, including the Personal Data Protection Act No. 11 of 2022 and applicable TCRA regulations. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the courts of Dar es Salaam, Tanzania.

19. Contact Us and Questions

If you have questions, comments, concerns, or feedback regarding this Privacy Policy, or wish to exercise any of your data subject rights, please contact us:

NextByte ICT Solutions Co. Ltd
Victoria House, Regent Estate, Plot. No. 37, Bagamoyo Road, Sixth Floor, Wing C, Kinondoni, Dar es Salaam
Dar es Salaam, Tanzania

Phone: +255 745 680 053 | +255 787 275 482 | +255 713 366 303
Email: support@nextsms.co.tz
Website: nextsms.co.tz

Last updated: June 2026