Get in Touch

Privacy Policy

How we collect, use, and protect your information

Controller: NEI SHOT WEBX SOLUTIONS CC (Reg. No. CC/2025/02042), Windhoek, Namibia.
Contact: hello@neishot.com · +264 85 798 3217
Effective: 01 April 2026 · Last updated: 25 April 2026

This Privacy Policy explains how NEI SHOT WEBX SOLUTIONS CC ("Nei Shot", "we", "us") collects, uses, shares, and protects personal information when you use our websites, applications, and services (the "Service") including Tuma SMS, LendCore, PropFlow Namibia, eVoting, and BookLovers Namibia.

By using the Service, you agree to this Policy. If you do not agree, please do not use the Service.

Contents
  1. Our role
  2. Information we collect
  3. How we use information
  4. Lawful basis for processing
  5. How we share information
  6. Cookies & analytics
  7. International transfers
  8. Data retention
  9. Security
  10. Your rights
  11. Children's privacy
  12. Third-party services
  13. Changes to this Policy
  14. Contact & complaints

1. Our Role

For visitors to our marketing websites and direct customers, Nei Shot is the controller of the personal information we process.

For our multi-tenant business platforms (LendCore, PropFlow, Tuma SMS, eVoting), where a business customer (a "tenant") uses the Service to process information about its own end-customers, employees, voters, or borrowers, the tenant is the controller of that information and Nei Shot is the processor acting on the tenant's instructions. Tenants are responsible for the lawful basis on which they collect and use information through the Service.

2. Information We Collect

2.1 Information you give us

  • Account information — name, email address, phone number, organisation name, role, password (stored as a salted hash).
  • Billing information — billing address, VAT number, payment method tokens (full card numbers are processed and stored by our PCI-DSS-certified payment provider, not by us).
  • Identity & verification information — identity document numbers and copies where required for KYC, regulator (e.g. NAMFISA), or compliance purposes.
  • Customer Data — data you upload, generate, or send through the Service (loan records, contact lists, votes, listings, orders, messages).
  • Communications — emails, support tickets, and other correspondence with us.

2.2 Information we collect automatically

  • Usage data — pages and features accessed, actions taken, timestamps.
  • Device & technical data — IP address, browser type, operating system, device identifiers, referring URL.
  • Cookies & similar technologies — see Section 6.

2.3 Information from third parties

  • Payment providers — transaction status, last four digits of card, card brand, settlement reports.
  • Public registers — where we verify business or licence details (e.g. BIPA, NAMFISA, NEAB).
  • Service providers — SMS delivery reports, email open/bounce data, hosting and security alerts.

3. How We Use Information

We use personal information to:

  • provide, operate, and maintain the Service;
  • create and manage your account, authenticate you, and prevent unauthorised access;
  • process payments, issue invoices and receipts, and manage refunds;
  • send transactional and service messages (security alerts, billing notices, scheduled maintenance);
  • provide customer support and respond to enquiries;
  • improve, troubleshoot, and develop new features (using aggregated, de-identified data where possible);
  • detect, investigate, and prevent fraud, abuse, and security incidents;
  • comply with applicable law, regulatory requirements (e.g. NAMFISA, FIA/FIC), court orders, and lawful requests;
  • send marketing communications about our own products where you have given consent or where permitted by law (you may opt out at any time).

4. Lawful Basis for Processing

We process personal information on one or more of the following bases:

  • Performance of a contract — to deliver the Service you have purchased.
  • Legitimate interests — to operate, secure, and improve the Service, prevent fraud, and inform you about features relevant to your use, provided these interests are not overridden by your rights.
  • Legal obligation — to comply with tax, regulatory, and other legal duties.
  • Consent — for optional communications, certain cookies, and processing of sensitive information where required.

5. How We Share Information

We do not sell personal information. We share it only as follows:

  • Service providers and sub-processors — cloud hosting, payment processing, SMS and email delivery, analytics, customer-support tooling, identity verification, and security providers, under written agreements requiring appropriate protection.
  • Within tenant workspaces — for our multi-tenant platforms, your information is visible only to authorised users of your tenant workspace.
  • Regulators and authorities — where required by law, court order, or to enforce our rights or protect users from harm.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to confidentiality.
  • With your consent — for any purpose disclosed at the time consent is sought.

A current list of our principal sub-processors is available on request from hello@neishot.com.

6. Cookies & Analytics

We use cookies and similar technologies for the following purposes:

TypePurposeExamples
Strictly necessaryRequired for the Service to function (login, security, load balancing)Session cookies, CSRF tokens
PreferenceRemember your settings (language, theme, dismissed banners)UI preferences
AnalyticsUnderstand how the Service is used and improve performanceSelf-hosted analytics, error monitoring

You can control cookies through your browser settings. Disabling strictly necessary cookies may break parts of the Service.

7. International Transfers

Some of our service providers are located outside Namibia (for example, in South Africa, the European Union, or the United States). Where personal information is transferred internationally, we take reasonable steps to ensure equivalent protection through contractual safeguards, recognised certifications, or other lawful transfer mechanisms.

8. Data Retention

We retain personal information only for as long as necessary for the purposes set out above, including any legal, accounting, or regulatory retention period. Indicative retention periods:

CategoryRetention
Account & profile dataFor the lifetime of the account, then up to 90 days after termination
Customer Data in tenant workspacesPer tenant instruction; up to 30 days after subscription ends, then deleted from active systems
Billing & tax records5 years (or longer where required by law)
Transaction logs & audit trailsUp to 7 years
Marketing dataUntil you unsubscribe, then suppression-list only
BackupsUp to 35 days, after which superseded

9. Security

We apply administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, alteration, disclosure, or destruction. These include:

  • encryption in transit (HTTPS/TLS) and at rest for sensitive fields;
  • role-based access controls and least-privilege principles for staff;
  • regular backups and tested disaster-recovery procedures;
  • logging, monitoring, and security alerting;
  • vendor due diligence on sub-processors handling personal information.

No system is perfectly secure. If we become aware of a security incident affecting your personal information, we will notify you and any relevant authority without undue delay where required.

10. Your Rights

Subject to applicable law, you have the following rights in relation to personal information we hold about you:

  • Access — request a copy of the personal information we hold about you.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Deletion — ask us to delete your information, subject to legal retention obligations.
  • Restriction — ask us to limit how we process your information in certain cases.
  • Objection — object to processing based on our legitimate interests.
  • Portability — receive your information in a structured, machine-readable format where technically feasible.
  • Withdraw consent — for any processing based on consent, without affecting the lawfulness of prior processing.
  • Opt out of marketing — using the unsubscribe link or by contacting us.
  • Lodge a complaint — with the relevant data-protection authority.

To exercise any of these rights, contact us at hello@neishot.com. We may need to verify your identity before responding.

If you are an end-customer of one of our tenants (e.g. a borrower in a microlender's LendCore workspace), please contact the tenant directly first, as they are the controller of your information.

11. Children's Privacy

The Service is not directed to children under the age of 18, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can delete it.

12. Third-Party Services

The Service may contain links to or integrate with third-party websites and services. We are not responsible for the privacy practices of those third parties. Please review their privacy notices before providing them with personal information.

13. Changes to this Policy

We may update this Policy from time to time. The revised version will be posted here with an updated "Last updated" date. Material changes will be notified by email or in-product notice and take effect 30 days after notice. Continued use after the effective date constitutes acceptance.

14. Contact & Complaints

If you have questions about this Policy or wish to exercise any of your rights, please contact us:

  • NEI SHOT WEBX SOLUTIONS CC (Reg. No. CC/2025/02042)
  • Windhoek, Namibia
  • Email: hello@neishot.com
  • Phone: +264 85 798 3217

If you remain unhappy with our response, you may lodge a complaint with the relevant data-protection authority in your jurisdiction.

Questions about your data? Get in touch.

Contact Us