Privacy Policy

1. Who We Are

RARIDALI COMPANY LTD ("we", "our", "us") is a technology company based in Gulu, Uganda. We offer software development, IT consultancy, fiber network installations, and technology solutions for businesses across Uganda. We operate the Rarinet platform — a cloud-based ERP and HR management system built for growing African businesses.

RARIDALI COMPANY LTD
P.O. BOX 1309, Gulu, Uganda
Innovation Village Premises
Phone: +256-764-000-690
Email: [email protected]
Website: raridali.co.ug

2. Information We Collect

2.1 Information You Provide

Category	Examples	Purpose
Account Information	Organisation name, subdomain, admin name and email, password (hashed)	Account creation and authentication
Employee Data	Staff names, emails, phone numbers, departments, salaries, leave records, attendance	HR and payroll management within your organisation
Financial Data	Invoices, purchase orders, expenses, accounting entries, bank details	ERP financial operations
Support Data	Ticket descriptions, attachments, messages	Resolving support requests
Profile Photos	Staff and user profile images	User identification within the workspace

2.2 Information Collected Automatically

Session data — login timestamps, session identifiers stored server-side
Log data — error logs, request logs for debugging and security monitoring
Browser information — browser type, operating system (not used for profiling)

2.3 AI Chat Data

When you use the Rari AI assistant, your messages and the AI's responses are stored in our database associated with your user account. Messages are used to maintain conversation context. See Section 7 for more on AI data.

3. How We Use Your Information

We use your information strictly for the following purposes:

To provide the Service — operating your workspace, processing payroll, generating reports, managing HR and ERP data
To authenticate users — verifying identity at login, managing roles and permissions
To improve the Platform — analysing anonymised usage patterns to improve features and performance
To send operational communications — account notifications, billing reminders, security alerts, product updates
To provide support — responding to help desk requests and resolving issues
To comply with legal obligations — retaining records as required by Ugandan law

            We do not use your data for advertising, sell it to third parties, or share it with data brokers.
        

4. Legal Basis for Processing

We process personal data under the following lawful bases:

Contractual necessity — processing required to deliver the Service you subscribed to
Legitimate interests — security monitoring, fraud prevention, platform improvement
Legal obligation — compliance with Ugandan tax, employment, and data regulations
Consent — where we have explicitly asked for and received your agreement

5. Data Storage & Security

5.1 Where We Store Data

Your data is stored on dedicated, access-controlled servers operated by RARIDALI COMPANY LTD. All infrastructure is secured and maintained by our technical team to ensure availability and data integrity.

5.2 Security Measures

All passwords are hashed using bcrypt — we never store plain-text passwords
All data transmission is encrypted using TLS/HTTPS
Database access is restricted to application-level users only — no public database access
CSRF protection on all form submissions and API endpoints
Role-based access control ensures users see only data they are authorised to access
Regular automated database backups

5.3 Breach Notification

In the event of a data breach affecting your organisation's data, we will notify affected administrators within 72 hours of becoming aware of the breach, and provide details of what data was affected and steps taken.

6. Data Sharing & Third Parties

We share data with third parties only in the following limited circumstances:

Recipient	What is Shared	Why
AI Service Provider	Messages you send to the Rari AI assistant	Processing AI chat responses on your behalf
Your Email Provider	Email addresses for notification delivery	Sending platform notifications (configured by your organisation)
Legal / Regulatory Authorities	As required by law	Compliance with Ugandan legal obligations

We do not share data with any marketing, advertising, or analytics companies.

7. AI Features & Data

The Rari AI assistant is a built-in feature that helps you navigate the platform and answer questions about your workspace. When you send a message to Rari:

Your message and recent conversation context are processed by our AI service to generate a response
The AI service does not retain your messages beyond what is needed to generate the response
Your conversation history (your messages and AI responses) is stored in our system associated with your user account
You can delete your AI conversation history at any time from within the Rari widget

We recommend not sharing highly sensitive information (e.g., passwords, banking PINs, national ID numbers) in AI chat messages.

8. Cookies & Session Data

Rarinet uses the following types of cookies and session storage:

Session cookies — required for authentication. Stored server-side (file-based sessions). Expire when you close your browser or log out.
CSRF cookies — security tokens to protect against cross-site request forgery. Automatically managed.
localStorage — we store your last-used organisation subdomain in your browser's localStorage to pre-fill the login form on future visits. No personal data is stored in localStorage beyond this convenience item.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

9. Data Retention

Data Type	Retention Period
Active account data	For as long as your subscription is active
Data after account closure	30 days, then permanently deleted
System logs (error/access)	90 days
AI chat messages	Until you delete them or your account is closed
Billing records	7 years (legal requirement)
Support ticket history	2 years after resolution

10. Your Rights

As a user of Rarinet, you have the following rights regarding your personal data:

Right of Access — request a copy of the personal data we hold about you
Right to Rectification — request correction of inaccurate or incomplete data
Right to Erasure — request deletion of your personal data (subject to legal retention requirements)
Right to Data Portability — request your data in a machine-readable format
Right to Restrict Processing — ask us to limit how we use your data in certain circumstances
Right to Object — object to processing based on legitimate interests

To exercise any of these rights, contact us at [email protected]. We will respond within 14 business days. Some rights may be limited where we have legal obligations to retain data.

Organisation Administrators

As the administrator of an organisation account, you are responsible for ensuring that your employees and other users whose data you process on the Platform have been informed of this Privacy Policy and have provided any necessary consent under applicable law.

11. Children's Privacy

Rarinet is a business management platform intended for use by organisations and their adult employees. We do not knowingly collect personal information from individuals under the age of 18.

If you believe a minor has provided us with personal information, please contact [email protected] and we will delete such information promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify active account administrators by email at least 14 days before the changes take effect
Display a notice within the Platform dashboard

We encourage you to review this Policy periodically. Continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

13. Contact Us

For any privacy-related questions, concerns, or requests:

Data Controller: RARIDALI COMPANY LTD
P.O. BOX 1309, Gulu, Uganda
Innovation Village Premises
Phone: +256-764-000-690
Email: [email protected]
Operating Hours: Monday – Saturday, 8:00 AM – 5:00 PM

We aim to respond to all privacy enquiries within 5 business days.

Contents