← Back to sign in

Privacy Policy

Last updated: April 2026

This Privacy Policy describes how Avril Capital Ltd. (“AvCap”, “we”, “us”) collects, uses, and protects personal data in connection with the AvCap Funding platform (funding.avcap.co.tz).

1. What we collect

  • Account data: name, email address, hashed password, role (OWNER / EDITOR / VIEWER), the agency and projects you belong to.
  • Workspace content: opportunities, documents, tasks, messages, and blocking items you (or users you invite) create.
  • Usage data: IP addresses, browser type, pages visited, timestamps of actions — collected for security and analytics.
  • Cookies: a single authentication cookie (NextAuth session token) and one CSRF token. No tracking cookies.

2. How we use data

  • Operate and improve the service.
  • Authenticate users and enforce access control.
  • Send transactional email (invitations, password resets, data-request notifications to your clients).
  • Detect and prevent abuse, fraud, and security incidents.
  • Comply with legal obligations under Tanzanian, Kenyan, and EU data protection law where applicable.

3. Who we share data with

We share personal data only with service providers strictly necessary to run the service:

  • Neon (PostgreSQL database; US-East region)
  • Hostinger (application hosting)
  • Anthropic (AI provider — prompts sent to Claude Sonnet for chat and document generation; Anthropic does not retain content for training by default)
  • Titan / Hostinger SMTP (transactional email)
  • Sentry (error monitoring; EU region)

We never sell personal data to advertisers or brokers.

4. International transfers

Your data is stored in the United States (Neon) and processed in the United States and Europe. Where we transfer personal data of EU or UK residents outside the EEA, we rely on Standard Contractual Clauses.

5. Your rights

Subject to applicable law (EU GDPR, Tanzania Personal Data Protection Act 2022, Kenya Data Protection Act 2019), you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and associated personal data
  • Object to or restrict processing
  • Port your data to another provider
  • Lodge a complaint with your data protection authority

To exercise any of these rights, email privacy@avcap.co.tz. We'll respond within 30 days.

6. Retention

Account data is retained while your account is active and for 90 days after deletion, then hard-deleted. Workspace content belongs to the agency that created it and is deleted when the agency closes its workspace or account. Activity logs are retained for 12 months for audit purposes.

7. Security

Passwords are hashed with bcrypt (cost factor 12). Data in transit is encrypted with TLS 1.2+. Access is gated by role (OWNER / EDITOR / VIEWER) and per-agency row-level isolation. We do not yet hold SOC 2 or ISO 27001 certification — enterprise customers with specific compliance requirements should contact us.

8. Contact

Avril Capital Ltd.
Dar es Salaam, Tanzania
Email: privacy@avcap.co.tz