AAccessCore

Legal

Privacy Policy

Effective 2026-07-08

AccessCore is a billing and access-management platform used by internet service providers and Wi-Fi hotspot operators. This policy explains what personal data flows through the platform, why, and what rights you have — whether you run a business on AccessCore or buy internet from one.

On this page
  1. 1. Overview: the two roles we play
  2. 2. Information we process
  3. 3. How we use information
  4. 4. Legal bases
  5. 5. Payment information
  6. 6. How we share information
  7. 7. Our commitments as a processor
  8. 8. International transfers
  9. 9. Security
  10. 10. Data retention
  11. 11. Your rights and choices
  12. 12. If you are a customer of a business on our platform
  13. 13. Cookies
  14. 14. Children
  15. 15. Changes to this policy
  16. 16. Contact

#1. Overview: the two roles we play

We play two distinct roles, and your rights depend on which one applies to you:

  • For the businesses that hold an account with us ("Operators") — we are the data controller of your account data. We decide how it is processed, as described in this policy.
  • For the customers of those businesses ("subscribers") — the Operator you buy internet from is the controller of your data. AccessCore is the Operator's data processor: we handle subscriber data only to provide the Service, on the Operator's instructions.

#2. Information we process

Operator account data (we are controller)

  • Registration and identity: business name, contact name, email, phone number.
  • Credentials: login usernames and passwords (stored hashed, never in plain text), two-factor secrets, session records.
  • Billing: platform wallet balance and ledger, metered-usage records, invoices, payment references.
  • Activity: audit logs of console actions (who did what, when, from which IP address) — kept for security and accountability.
  • Communications: support messages and contact-form submissions.

Subscriber data (we process on the Operator's behalf)

  • usernames, names and contact numbers the Operator collects;
  • plan, voucher, recharge and payment records;
  • network session and accounting records (connection times, data volumes, assigned IP addresses) needed to authenticate access and bill correctly;
  • device identifiers (such as MAC addresses) used to recognise a paying device on the network.

Technical data (both roles)

  • IP addresses, timestamps, request logs and error logs used for security, fraud prevention and troubleshooting.

#3. How we use information

We use personal data to: provide and secure the Service; authenticate network access; calculate and collect platform fees; detect and prevent fraud and abuse; provide support; send service notices (billing alerts, security warnings, material changes); and meet legal obligations. We do not sell personal data, and we do not use subscriber data for advertising or profiling.

Where data-protection law requires a legal basis, we rely on: performance of a contract (running your account and the Service); legitimate interests (securing the platform, preventing fraud, improving the Service in ways you would reasonably expect); legal obligation (tax and accounting records, lawful requests); and consent where we ask for it specifically. For subscriber data we act on the Operator's documented instructions.

#5. Payment information

Payments are executed by the mobile-money, card and bank providers each Operator configures. Payment instructions (amount, phone number or account reference) pass to the relevant provider to complete the transaction. AccessCore does not store full card numbers or mobile-money PINs and does not hold subscriber funds. Each provider's own privacy policy governs its processing.

#6. How we share information

We share personal data only with:

  • Infrastructure providers that host the platform and store encrypted backups;
  • Communication providers (email and SMS gateways) used to deliver messages you or the platform send;
  • Payment providers configured by the Operator, to execute transactions;
  • Authorities, where a request is legally binding on us — we review every request and disclose the minimum required;
  • A successor entity, if we are involved in a merger or acquisition — with notice to account holders.

We never sell personal data, and we do not share it with advertisers.

#7. Our commitments as a processor

For subscriber data we commit, as processor, to: process it only to provide the Service and on the Operator's instructions; keep it confidential; protect it with the security measures in section 9; engage sub-processors (our infrastructure and communication providers) only under equivalent obligations; assist Operators with data-subject requests and breach notifications; and delete or return it when the Operator's account ends, per the retention schedule in section 10. Operators who need a signed data-processing agreement can request one at [email protected].

#8. International transfers

The platform is operated from the United Republic of Tanzania, and our infrastructure or service providers may store or process data in other countries. Wherever data moves, it stays protected by this policy, by contracts with our providers, and by lawful transfer safeguards where required.

#9. Security

Security measures include: encryption in transit (TLS) on all connections; encryption at rest for sensitive credentials; hashed passwords; two-factor authentication; role-based access with per-user accounts and audit logging; network firewalls and intrusion mitigation; encrypted off-site backups with tested restores; and restricted, logged access to production systems.

No system is perfectly secure. If we discover a breach that affects your data, we will notify affected account holders without undue delay and give Operators the information they need for their own obligations to their subscribers.

#10. Data retention

We keep personal data for as long as the relevant account is active and as needed afterwards for billing, dispute, audit and legal purposes. In practice: account and billing records are kept for the period required by tax and accounting law; audit and security logs are kept on a rolling schedule; and network accounting records are pruned on a defined cycle. When an account closes, data is available for export for at least 30 days, then deleted or anonymised on schedule — except records we must keep by law.

#11. Your rights and choices

Depending on your jurisdiction, you may have the right to access, correct, export or delete your personal data, to object to or restrict certain processing, and to complain to a supervisory authority. Operators can exercise most of these directly in the console (account details, data export) or by contacting us at [email protected]. We respond to verified requests within the time limits applicable law sets.

#12. If you are a customer of a business on our platform

If you buy internet from a business that runs on AccessCore, that business controls your data — contact them first; their name and contact details are on the portal you bought from and on your receipts. They are responsible for honouring your privacy rights. If you contact us directly, we will refer your request to them and assist them in resolving it, as their processor.

#13. Cookies

The platform uses strictly necessary cookies only: session cookies that keep you signed in and security tokens that protect forms against forgery. We do not use advertising or cross-site tracking cookies, and we do not run third-party analytics trackers on the console or on customer portals.

#14. Children

The Service is a business tool and is not directed at children. We do not knowingly collect personal data from children; if you believe a child has provided us data, contact us and we will delete it.

#15. Changes to this policy

We may update this policy as the Service and the law evolve. Material changes are notified in the console or by email before they take effect. The current version is always at https://app.access-core.org/legal/privacy.

#16. Contact

Privacy questions and data requests: [email protected], or through the contact page. AccessCore is operated from the United Republic of Tanzania.