MojaWave
Login Get Started →
Home/Legal & Privacy

Legal & Privacy

Our legal documents are drafted in compliance with Tanzanian law, including the Tanzania Personal Data Protection Act (TDPA) 2022.

These Terms of Service constitute a legally binding agreement. By using MojaWave's services, you agree to be bound by them. Last updated: April 1, 2026.

1. Agreement to Terms

These Terms of Service ("Terms") govern your access to and use of the services, APIs, and platform provided by MojaWave Technologies Ltd ("MojaWave," "we," "us," or "our"), a company incorporated under the laws of the United Republic of Tanzania.

By registering for an account, accessing the MojaWave dashboard, or making any API call to our services, you agree that you have read, understood, and agree to be bound by these Terms. If you are entering into these Terms on behalf of a business or legal entity, you represent that you have the authority to bind that entity.

2. Description of Services

MojaWave provides programmatic access to the following communication and payment services via API:

  • SMS Gateway: Sending and receiving SMS messages on Tanzanian mobile networks.
  • Email API: Sending transactional emails via connected customer domains.
  • WhatsApp Channel: Sending approved template messages via the WhatsApp Business API (currently in beta).
  • Payments API: Initiating Mobile Money collections and disbursements across supported Tanzanian networks (currently in beta).

Services are provided on an "as available" basis. We reserve the right to modify, suspend, or discontinue any part of the services at any time with reasonable notice.

3. Your Account

You must register for an account to use MojaWave services. You are responsible for maintaining the confidentiality of your API keys and account credentials. You must promptly notify us at [email protected] of any unauthorized use of your account.

You must provide accurate, complete, and current information during registration and keep this information up to date. You must be at least 18 years of age and a registered business or individual with a valid Tanzanian or East African tax identification number to use the Payments API.

4. Payment Terms

All services are billed in Tanzanian Shillings (TZS) on a pay-as-you-go or prepaid credit basis. Prices are displayed in your dashboard and are inclusive of applicable taxes where required by Tanzanian law.

Credits are non-refundable once used. Unused credits may be refunded at our discretion upon account closure. We reserve the right to modify pricing with 30 days' written notice. Continued use of the services after the effective date of a price change constitutes acceptance of the new pricing.

In the event of non-payment or disputed charges, we reserve the right to suspend access to the services until the matter is resolved.

5. Acceptable Use

You agree to use MojaWave services only for lawful purposes and in accordance with our Acceptable Use Policy. You must not use our services to send unsolicited commercial messages (spam), facilitate illegal transactions, impersonate another person or organization, or transmit content that is unlawful, harmful, threatening, abusive, harassing, defamatory, or otherwise objectionable.

Violations of the Acceptable Use Policy may result in immediate account suspension and forfeiture of remaining credits without refund.

6. Intellectual Property

MojaWave and its licensors own all intellectual property rights in the services, including the platform, APIs, documentation, trademarks, and underlying infrastructure. These Terms do not grant you any right to use MojaWave's trademarks, logos, or brand assets without prior written permission.

You retain all rights to content you submit through the services. By using the services, you grant MojaWave a limited, non-exclusive license to process, transmit, and store your content solely as necessary to provide the services.

7. Limitation of Liability

To the maximum extent permitted by applicable Tanzanian law, MojaWave's total liability for any claim arising out of or related to these Terms or the services shall not exceed the amounts paid by you to MojaWave in the three (3) months preceding the claim.

MojaWave shall not be liable for any indirect, incidental, special, consequential, or punitive damages, including lost profits, lost revenue, loss of data, or business interruption, even if we have been advised of the possibility of such damages.

8. Termination

Either party may terminate these Terms at any time by providing written notice. Upon termination, your right to access and use the services will immediately cease. Sections relating to intellectual property, limitation of liability, and governing law shall survive termination.

MojaWave may immediately terminate or suspend your account if we believe you have violated these Terms, engaged in fraudulent activity, or if required to do so by applicable law or a regulatory authority.

9. Governing Law and Dispute Resolution

These Terms are governed by and construed in accordance with the laws of the United Republic of Tanzania. Any dispute arising from or in connection with these Terms shall first be attempted to be resolved through good-faith negotiation. If unresolved within 30 days, disputes shall be submitted to binding arbitration in Dar es Salaam, Tanzania, in accordance with the Tanzania Arbitration Act.

Nothing in this clause prevents either party from seeking urgent injunctive relief from a court of competent jurisdiction in Tanzania.

This Privacy Policy complies with the Tanzania Personal Data Protection Act (TDPA) 2022. Last updated: April 1, 2026.

1. Introduction

MojaWave Technologies Ltd ("we," "us," or "our") is committed to protecting the personal data of our customers, their end-users, and visitors to our platform. This Privacy Policy explains how we collect, use, store, and protect personal data in compliance with the Tanzania Personal Data Protection Act (TDPA) 2022 and other applicable laws.

MojaWave acts as a data controller in respect of personal data we collect directly from you (account data, billing data). We act as a data processor in respect of personal data you submit through our APIs (your end-users' phone numbers, email addresses, and payment details).

2. Data We Collect

Account Data: Name, email address, company name, phone number, and billing information collected during registration and account management.

API Transaction Data: Phone numbers, email addresses, message content, payment amounts, and Mobile Money identifiers submitted through our APIs as part of your use of the services. This data belongs to your end-users; you are responsible for having appropriate consent to process it.

Usage Data: API request logs, IP addresses, timestamps, error codes, and delivery status data generated through use of our services.

Technical Data: Browser type, operating system, and session data collected via cookies when you access the MojaWave dashboard.

3. How We Use Your Data

  • To provision, operate, and maintain the MojaWave platform and APIs
  • To process payments and maintain billing records as required by Tanzanian tax law
  • To send service notifications, security alerts, and transactional emails
  • To detect, investigate, and prevent fraudulent or abusive use of our services
  • To comply with legal obligations, regulatory requirements, and lawful requests from Tanzanian authorities
  • To improve our services through aggregated, anonymised analytics

We do not sell personal data to third parties. We do not use personal data submitted through your APIs for our own marketing purposes.

4. Data Sharing

We share personal data only with service providers who assist us in delivering the services (listed in our Data Processing Agreement as sub-processors), regulatory authorities when required by law, and successors in the event of a business transfer or acquisition.

All sub-processors are contractually bound to process data only on our instructions and to maintain appropriate security standards.

5. Data Retention

Account data is retained for the duration of your account and for 7 years thereafter as required by Tanzanian tax and financial records legislation. API transaction data (message logs, payment records) is retained for 90 days by default; customers on paid plans may configure longer retention periods up to 2 years. Usage logs are retained for 30 days for security monitoring purposes.

You may request deletion of your account data at any time, subject to retention requirements imposed by applicable law.

6. Your Rights Under the TDPA

Under the Tanzania Personal Data Protection Act 2022, you have the right to:

  • Access your personal data held by MojaWave
  • Correct inaccurate or incomplete personal data
  • Delete your personal data, subject to legal retention obligations
  • Object to processing of your personal data in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format

To exercise any of these rights, contact our Data Protection Officer at [email protected]. We will respond within 30 days.

7. Security

We implement industry-standard technical and organisational measures to protect personal data, including AES-256 encryption at rest, TLS 1.2+ in transit, role-based access controls, regular security audits, and incident response procedures. API keys are stored as one-way hashed values and are never logged in plaintext.

8. Contact Our DPO

Our Data Protection Officer can be reached at [email protected] or by post at MojaWave Technologies Ltd, Dar es Salaam, Tanzania. You also have the right to lodge a complaint with the Personal Data Protection Commission of Tanzania.

Violations of this policy may result in immediate account suspension without refund. Last updated: April 1, 2026.

1. Purpose

This Acceptable Use Policy ("AUP") defines the rules governing how MojaWave's communication and payment APIs may be used. The AUP is designed to protect the integrity of our network, the security of our customers and their end-users, and compliance with Tanzanian law and international carrier guidelines.

2. Prohibited Uses — All Services

You may not use any MojaWave service to:

  • Violate any applicable Tanzanian or international law or regulation
  • Impersonate any person or organisation or misrepresent your identity
  • Transmit content that is unlawful, harmful, threatening, abusive, harassing, defamatory, or obscene
  • Facilitate money laundering, terrorist financing, or any other financial crime
  • Engage in any activity that interferes with or disrupts MojaWave's infrastructure or third-party networks
  • Attempt to gain unauthorised access to MojaWave systems, customer accounts, or carrier infrastructure
  • Resell or sublicense access to MojaWave APIs without prior written authorisation

3. SMS-Specific Rules

All SMS sending must comply with TCRA regulations and the guidelines of the relevant mobile network operators. Specifically:

  • You must have verifiable consent from all recipients before sending marketing or promotional SMS messages
  • You must honour opt-out requests immediately and maintain suppression lists
  • Sender IDs must accurately represent your business name as registered with the TCRA
  • You may not send SMS messages that contain phishing links, malware, or misleading content
  • Bulk commercial sends require prior approval of your campaign and Sender ID by MojaWave's compliance team

4. Email-Specific Rules

  • You may only send emails from domains you own and have verified through MojaWave's domain verification process
  • All commercial email must include a valid physical address and a working unsubscribe mechanism
  • You may not send unsolicited bulk email (spam) under any circumstances
  • Email content must not contain deceptive subject lines or misleading header information

5. Payments-Specific Rules

  • The Payments API may only be used for lawful commercial transactions
  • You must comply with all applicable Bank of Tanzania regulations and anti-money laundering (AML) requirements
  • You must not use the Payments API to process transactions for prohibited industries as defined in our onboarding documentation
  • You are responsible for implementing appropriate fraud detection and KYC procedures for your end-users

6. Enforcement

MojaWave reserves the right to investigate any suspected violation of this AUP. Where a violation is confirmed or suspected, we may take any of the following actions: issue a warning, temporarily suspend the affected API key, permanently terminate the account, report the activity to appropriate authorities including the TCRA, Bank of Tanzania, or law enforcement.

Account termination for AUP violations results in forfeiture of any unused credits and does not entitle the customer to a refund.

This DPA is incorporated into and forms part of the Terms of Service. It applies where MojaWave processes personal data on your behalf as a data processor. Last updated: April 1, 2026.

1. Scope and Application

This Data Processing Agreement ("DPA") applies to all personal data that you (the "Controller") submit through MojaWave's APIs in the course of using our services. MojaWave acts as a "Processor" under the Tanzania Personal Data Protection Act (TDPA) 2022 in respect of this data.

This DPA supplements the Terms of Service and, in the event of any conflict regarding data processing obligations, this DPA shall prevail.

2. Processor Obligations

MojaWave as Processor agrees to:

  • Process personal data only on documented instructions from you, unless required by applicable law
  • Ensure that persons authorised to process the personal data have committed to confidentiality
  • Implement appropriate technical and organisational security measures
  • Assist you in responding to data subject rights requests under the TDPA
  • Delete or return all personal data upon termination of the services, at your election
  • Make available all information necessary to demonstrate compliance with the TDPA and allow for audits

3. Sub-processors

You provide general authorisation for MojaWave to engage sub-processors. Current sub-processors engaged by MojaWave in the delivery of services include cloud infrastructure providers, SMS aggregators, mobile money network operators, and email delivery infrastructure partners. A current list of sub-processors is available upon request at [email protected].

MojaWave will provide 30 days' notice of any intended changes to sub-processors, giving customers the opportunity to object on reasonable grounds related to data protection.

4. Security Measures

MojaWave implements the following technical and organisational measures:

  • Encryption: AES-256 at rest; TLS 1.2 or higher in transit for all data
  • Access Control: Role-based access control (RBAC); multi-factor authentication required for all staff with production access
  • Logging: All data access events are logged with tamper-evident audit trails
  • Vulnerability Management: Regular penetration testing and automated dependency scanning
  • Physical Security: Data hosted in ISO 27001-certified data centres within or directly connected to the East African region

5. Breach Notification

In the event of a personal data breach affecting data processed on your behalf, MojaWave will notify you without undue delay and in any event within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed to address the breach.

6. International Data Transfers

MojaWave processes and stores data primarily within Tanzania and the East African region. Where data is transferred outside Tanzania (for example, to a sub-processor's infrastructure), MojaWave ensures that appropriate safeguards are in place as required by the TDPA, including standard contractual clauses or adequacy decisions recognised by the Personal Data Protection Commission of Tanzania.