NamBiz Data Usage Policy

This Data Usage Policy defines what NamBiz may and may not do with customer and personal data processed through the platform.

It is intended to give customers clear operational rules for compliance, auditability, and trust.

Customer organizations retain ownership of their business and employee records.

NamBiz processes data under customer instruction to provide contracted platform services and required security operations.

We use data for service delivery, security, troubleshooting, billing, legal compliance, and platform reliability improvements.

NamBiz does not sell customer data.

NamBiz does not use customer-controlled content to train third-party AI models without explicit written customer authorization.

Access is role-based and tenant-scoped, with activity logs for privileged and high-risk operations.

Support and engineering access to production data is restricted, time-bound, and audited.

Retention periods are mapped by document type and persona in the approved retention matrix.

At retention end, data is deleted or irreversibly anonymized unless legal hold or statutory duties require continued storage.

Where subprocessor services are used, NamBiz applies contractual controls, security due diligence, and least-data principles.

Customers may request current subprocessor categories relevant to their configured modules.

NamBiz maintains incident-response procedures for detection, containment, investigation, and communication.

Where notification duties apply under law or contract, affected customers are informed within the required timeframe.

This policy is versioned and may be updated as Namibian law and platform architecture evolve.

Material updates are communicated via the public site and in-product notices.