Important: This privacy policy governs both the TrendWave Connect software platform and the subscriber data processed through our systems by Internet Service Providers (ISPs).
1. Introduction
TrendWave Connect provides specialized billing, network management, and data platform software for Internet Service Providers (ISPs), WISPs, and telecom operators. This Privacy Policy explains how we handle:
- Platform Data: Information from ISP administrators and system users
- Subscriber Data: End-customer information processed through our software
- Technical Data: Network, billing, and system performance information
2. Google AdSense Advertising
Third-Party Advertising
We use Google AdSense to display advertisements on our website. Google AdSense is a third-party advertising service provided by Google LLC.
Information Collected by AdSense:
- Google uses cookies to serve ads based on a user's prior visits to our website or other websites
- Google's use of advertising cookies enables it and its partners to serve ads to users based on their visit to our sites and/or other sites on the Internet
- Users may opt out of personalized advertising by visiting Google Ads Settings
Third-Party Vendors:
Third-party vendors, including Google, use cookies to serve ads based on a user's prior visits to your website or other websites.
Opt-Out Information:
- Users can opt out of personalized advertising by visiting Ads Settings
- Alternatively, users can opt out of a third-party vendor's use of cookies for personalized advertising by visiting www.aboutads.info
For more information about Google AdSense: Google Advertising Policies
3. Definitions
- Data Controller (ISP)
- The Internet Service Provider using our software to process subscriber data
- Data Processor (TrendWave Connect)
- Our role in processing data on behalf of ISP clients
- Subscriber Data
- Personal information of ISP end-customers processed through our systems
- Platform Data
- Information about ISP administrators and system users
- Technical Data
- Network performance, billing transactions, and system metrics
4. Information We Process
4.1 Platform Administration Data
ISP Administrator Information
- Business name, registration details, and contact information
- Administrator names, emails, and authentication credentials
- Billing system configuration and network settings
- API keys and integration credentials for network hardware
- Support tickets and communication history
4.2 Subscriber Data (Processed on behalf of ISPs)
ISP Customer Information
| Data Category | Purpose | Retention Period |
|---|---|---|
| Subscriber identification | Account creation and authentication | Until account termination + 7 years |
| Contact information | Service delivery and notifications | Active service period |
| Billing and payment data | Invoicing and financial processing | 7 years for tax compliance |
| Network usage data | Bandwidth management and billing | 13 months for dispute resolution |
| Service tickets and support | Customer service and issue resolution | 3 years for quality improvement |
4.3 Technical & System Data
Network & System Information
- Network device configurations (Mikrotik, Ubiquiti, Cisco)
- Bandwidth usage patterns and traffic statistics
- System performance metrics and error logs
- API call logs and integration activity
- Security event logs and access records
5. Data Processing Purposes
We process data for these specific business purposes:
5.1 Core Software Functions
- Billing Automation: Processing subscriber invoices, payments, and financial records
- Network Management: Monitoring bandwidth, managing network devices, and optimizing performance
- Customer Support: Handling support tickets and service requests
- Reporting & Analytics: Generating business intelligence and compliance reports
5.2 System Operations
- Software performance monitoring and improvement
- Security incident detection and prevention
- System backups and disaster recovery
- Compliance with legal and regulatory requirements
6. Data Sharing & Third Parties
6.1 Service Providers (Sub-processors)
We engage these trusted service providers:
| Service Provider | Service Type | Data Protected By |
|---|---|---|
| AWS Africa (Cape Town) | Cloud Infrastructure | Data Processing Addendum, Encryption |
| M-Pesa API Services | Payment Processing | PCI DSS Compliance |
| Truehost Kenya | Hosting Services | Local Data Center Compliance |
6.2 Required Disclosures
We may disclose information when required by:
- Legal obligations under Kenyan law
- Court orders or governmental requests
- To protect rights, property, or safety
- During business transfers or acquisitions
7. Data Security
Enterprise Security Measures:
- Encryption: AES-256 encryption for data at rest and TLS 1.3 for data in transit
- Access Controls: Role-based access control (RBAC) and multi-factor authentication
- Network Security: Firewalls, intrusion detection, and regular security audits
- Compliance: Regular security assessments and compliance certifications
8. Data Retention
We retain data based on these principles:
- Active Accounts: Data retained while services are active
- Legal Requirements: 7 years for financial and tax records
- Service Termination: 30-day grace period followed by secure deletion
- Backup Retention: 90 days with incremental, encrypted backups
9. Your Rights (For ISP Administrators)
As an ISP using our platform, you have the right to:
- Access: Request copies of your platform data
- Correction: Update inaccurate or incomplete information
- Deletion: Request account and data deletion (subject to legal holds)
- Portability: Export your configuration and business data
- Restriction: Limit processing in specific circumstances
- Objection: Object to certain processing activities
10. ISP Responsibilities for Subscriber Data
As an ISP using our software, you are responsible for:
- Obtaining proper consent from your subscribers
- Providing your own privacy notice to subscribers
- Responding to subscriber data subject requests
- Ensuring data accuracy and lawful processing
11. International Data Transfers
Data is primarily processed within Kenya. Any international transfers use:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
- Appropriate technical and organizational safeguards
12. Changes to This Policy
We will notify ISP administrators of material changes via:
- Email notification to registered administrators
- In-platform notifications 30 days before changes
- Updated version number and effective date on this page
13. Contact & Data Protection Officer
Data Protection Inquiries:
Email: privacy@trendwaveconnect.com
Postal Address: Data Protection Officer, TrendWave Connect, Nairobi, Kenya
Response Time: We respond to all legitimate requests within 30 days