Legal
Privacy Policy
Last updated: June 2026
1. Who we are
Statotech Systems ("Statotech", "we", "us") operates accounts.statotec.com — the single sign-on and subscription service for all Statotech products, such as ZimRate, AfriRate, MenuWise, Shop POS, School ERP, Health, ToraShaout, and Requirements Collector, among others as they become available.
This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have. It applies to your Statotech account and to the products that rely on it for sign-in.
2. Information we collect
We collect the following categories of information:
- Account data — your name, email address, password (stored only as a secure hash), and profile picture if you sign in with Google.
- Organization data — the organizations you create or join, and your role within them.
- Product content — information and documents you create or submit inside a Statotech product (for example, the requirements you provide in Requirements Collector). This content is stored to provide that product to you, is associated with your account, and is removed when you delete your account (see “Data retention”).
- Subscription and payment records — your plan, subscription status, billing periods, and a record of payments (amount, currency, and gateway). We do not store full card numbers; card and mobile-money details are handled by our payment processors.
- Technical and usage data — information such as your IP address, device and browser information, and log data generated when you use the Services, used for security and to keep the Services working.
- Cookies — see the “Cookies and sessions” section below.
3. How we use your information
We use your information to:
- authenticate you and provide single sign-on across Statotech products;
- create and manage your account, organizations, and subscriptions;
- process payments and renewals through our payment processors;
- send you essential service messages, such as account verification, billing notices, and security alerts;
- protect the Services against fraud and abuse, and comply with our legal obligations.
4. We do not sell your data
We do not sell your personal information, and we do not share it with third parties for their own marketing.
5. Cookies and sessions
When you sign in, we set an essential session cookie that is shared across statotec.com and its subdomains. This is what allows a single login to be recognized across all Statotech products (single sign-on). These cookies are strictly necessary to provide the Services; without them you cannot stay signed in.
6. Signing in with Google
If you choose to sign in with Google, we receive your name, email address, and profile picture from Google. We use this information only to create and identify your Statotech account. We do not receive your Google password.
7. Sharing across Statotech products
When you sign in to a Statotech product — directly or by authorizing an external application that connects to your Statotech account — that product receives a user identifier and your basic profile information (name, email address, and profile picture) so it can identify you and check your subscription. Products do not receive your password. You are shown a consent screen before an external application is granted access to your account.
8. Service providers
We rely on a small number of trusted providers to operate the Services. They process personal information only on our behalf and in line with this policy:
- Google — sign-in (when you choose Google sign-in);
- Stripe — card payment processing;
- Paynow — EcoCash and other Zimbabwe payment processing;
- Neon — database hosting;
- Vercel — application hosting and delivery.
9. International data transfers
Our hosting and database providers store and process data in data centres located outside Zimbabwe, including in the European Union and the United States. By using the Services you consent to your information being transferred to and processed in these locations. We take reasonable steps to ensure your information remains protected wherever it is processed.
10. Data retention
We retain your account data for as long as your account is active. When you delete your account, your identity data is removed and the deletion is propagated to connected products. We may retain certain records — such as payment and transaction records — for longer where we are required to do so by law or to resolve disputes.
11. Your rights
Subject to applicable law, including Zimbabwe’s Cyber and Data Protection Act, you have the right to access the personal information we hold about you, to correct it, to request its deletion, and to object to or restrict certain processing. You can update much of your information, or delete your account, directly from your account settings. To make any other request, contact us using the details below.
If you believe we have not handled your information properly, you may lodge a complaint with the data protection authority (the Postal and Telecommunications Regulatory Authority of Zimbabwe, POTRAZ).
12. Security
We protect your information with measures including encryption of data in transit, hashing of passwords, and access controls limiting who can reach your data. No method of transmission or storage is completely secure, but we work to protect your information and to respond promptly to any incident that affects it.
13. Children
The Services are intended for adults and are not directed at children. If you are under the age of majority in your jurisdiction, you should use the Services only with the involvement of a parent or guardian. If you believe a child has provided us personal information without appropriate consent, contact us and we will take steps to remove it.
14. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date below and, for material changes, take reasonable steps to notify you.
15. Contact
For privacy inquiries, or to exercise your rights, contact us at privacy@statotec.com