Privacy Policy

Last updated: June 15, 2026

1. Introduction

Welcome to VillageHub ("we," "our," or "us"), operated by VillageHub Technologies. We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cloud-based ISP billing platform, network management tools, and related applications (collectively, the "Service").

This policy applies to two categories of individuals:

  • Subscribers: ISP operators, WISPs, and hotspot owners who register for and use the VillageHub platform.
  • End Users: Customers of our Subscribers who interact with VillageHub-powered captive portals, payment pages, or receive SMS notifications.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service. This Privacy Policy forms part of our Terms of Service.

2. Information We Collect

2.1 Information You Provide Directly

When you register for or use the Service, we collect:

  • Account Information: Company/ISP name, business email address, phone number, and country
  • Authentication Data: Password (securely hashed using bcrypt; we never store plaintext passwords)
  • Network Configuration: MikroTik router IP addresses, API credentials, RADIUS shared secrets, and network topology details
  • Payment Gateway Credentials: Your own API keys and credentials for M-Pesa (Daraja), Paystack, ClickPesa, AzamPay, PalmPesa, and KopoKopo (stored encrypted; see Section 2.4)
  • Subscriber Data: Information about your end-user customers that you input into the platform (names, phone numbers, account details, package assignments)
  • Support Communications: Messages sent via WhatsApp, email, or the in-app AI chat assistant

2.2 Automatically Collected Information

When you or your end users interact with the Service, we automatically collect:

  • Device Information: Device type, operating system, browser type, and unique device identifiers
  • Network Data: IP addresses, MAC addresses (for hotspot authentication), and connection metadata
  • Usage Data: Session durations, bandwidth consumption, package purchases, voucher redemptions, and transaction history
  • Platform Analytics: Admin panel usage patterns, feature interactions, and login timestamps
  • Location Data: General geographic location derived from IP address or WiFi access point (we do not collect precise GPS coordinates)

2.3 Payment Transaction Data

VillageHub operates on a Bring Your Own Keys (BYOK) model. Your end users' payments are processed directly by your configured payment gateway and settled into your own business accounts. We receive transaction confirmations (callbacks) from the payment gateway to activate services, but we do not process, store, or have access to your end users' payment card numbers, M-Pesa PINs, or bank account details.

Transaction metadata we do process includes: transaction reference IDs, amounts, timestamps, payment status, and the payer's phone number (for M-Pesa STK push confirmations and SMS receipts).

2.4 Credential Storage

Your payment gateway API keys, MikroTik router credentials, and SMS gateway credentials are encrypted at rest using AES-256 encryption and are only decrypted in-memory when the platform needs to communicate with the respective services on your behalf.

3. How We Use Your Information

We use the information we collect to:

  • Provide the Service: Provision your admin panel, manage your MikroTik routers, authenticate PPPoE/hotspot subscribers via RADIUS, process payment callbacks, and generate vouchers
  • Billing & Invoicing: Calculate your VillageHub platform fees based on revenue collected through the Service
  • Communications: Send service-related notifications, OTP verification codes, payment receipts, and expiry alerts via SMS and email
  • AI-Powered Insights: Power the VillageHub AI assistant to provide revenue analytics, subscriber health metrics, and network diagnostics based on your live data
  • Security: Detect and prevent fraud, unauthorized access, and abuse of the platform
  • Platform Improvement: Analyze aggregated, anonymized usage patterns to improve features, performance, and reliability
  • Support: Respond to your inquiries and troubleshoot technical issues
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes

4. Information Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:

4.1 Third-Party Service Providers

We share data with providers who help us deliver the Service:

  • Payment Processors: Safaricom (M-Pesa), Paystack, ClickPesa, AzamPay, PalmPesa, KopoKopo — transaction data is shared as necessary to process payments using your own API keys
  • SMS Gateways: NextSMS and other regional providers — phone numbers and message content for notifications you configure
  • Cloud Infrastructure: Hosting and database providers that store and serve your data under strict confidentiality agreements
  • Analytics Services: Aggregated, anonymized data for platform performance monitoring

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email or prominent notice on the platform before your data becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard technical and organizational security measures to protect your data, including:

  • Encryption in Transit: All data transmitted between your browser, our servers, and third-party APIs is encrypted using TLS 1.2+
  • Encryption at Rest: Sensitive credentials (API keys, router passwords) are encrypted using AES-256
  • Password Security: User passwords are hashed with bcrypt and salted; we cannot retrieve plaintext passwords
  • Access Controls: Role-based access controls within the platform; internal access to production data is restricted and logged
  • Infrastructure: Our servers are hosted in secure data centers with physical access controls, redundancy, and regular backups

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

Data TypeRetention Period
Account & profile dataDuration of subscription + 30 days
Transaction recordsDuration of subscription + 12 months (legal/tax compliance)
Network session logs90 days (rolling)
Support communicationsDuration of subscription + 6 months
Server & access logs30 days (rolling)

Upon account termination, your data is retained for 30 days to allow for recovery or export. After this period, all data is permanently deleted unless a longer retention is required by law.

7. Cookies & Tracking Technologies

We use a minimal set of cookies and local storage for essential functionality:

  • Authentication Cookies: Session tokens to keep you logged into the admin panel (essential; cannot be disabled)
  • Preference Storage: Local storage for UI preferences such as language, theme, and sidebar state
  • Captive Portal Sessions: Session identifiers for end-user hotspot authentication

We do not use third-party advertising cookies or cross-site tracking pixels. We do not participate in ad networks or retargeting programs.

8. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your account and associated data, subject to legal retention requirements
  • Data Export: Request an export of your data in a machine-readable format
  • Restriction: Request that we restrict processing of your data in certain circumstances
  • Objection: Object to processing of your data for specific purposes
  • Opt-out: Opt out of non-essential communications at any time

To exercise any of these rights, contact us at hello@village-hub.net. We will respond to your request within 30 days.

9. End User Data (Your Customers)

As a Subscriber, you are the data controller for your end users' personal information. VillageHub acts as a data processor, processing end-user data only as necessary to provide the Service on your behalf.

  • You are responsible for obtaining any necessary consent from your end users for data collection and processing
  • You are responsible for providing your own privacy notice to your end users
  • We will not use your end users' data for any purpose other than delivering the Service
  • End-user data requests (access, correction, deletion) should be directed to you as the data controller; we will assist you in fulfilling such requests

10. International Data Transfers

VillageHub is based in Kenya. Your data may be stored and processed in data centers located outside your country of residence. Where we transfer data internationally, we ensure appropriate safeguards are in place, including encryption in transit and at rest, and contractual obligations with our hosting providers to maintain data protection standards consistent with applicable laws.

11. Children's Privacy

The Service is intended for business use by individuals who are at least 18 years of age. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email or an in-app notification at least 14 days before taking effect. The "Last updated" date at the top of this page indicates when the policy was last revised. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have a privacy concern, please contact us:

VillageHub Technologies
Email: hello@village-hub.net
Phone: +254 746 613 059
WhatsApp: Chat with us

Related Documents