Last updated: November 3, 2025
This Privacy Policy explains how Mateza ("we," "our," "us") collects, uses, discloses, and protects personal information when you visit our websites, use our platforms, or communicate with us (collectively, the "Services").
Digital Services Scope: Where the Services are used strictly for digital goods or SaaS via a Merchant of Record, the personal data collection and processing described herein applies only to those digital-services transactions; personal data will not be processed for the purpose of shipping physical goods or manual delivery of services. In connection with services processed via the Merchant of Record, personal data will not be used or shared for purposes that violate the Acceptable Use Policy defined by the Merchant of Record.
We use personal information to:
For jurisdictions that require a legal basis (e.g., GDPR), we rely on: performance of a contract, legitimate interests (service improvement, security), consent (where required for marketing/cookies), and compliance with legal obligations.
We use cookies, SDKs, and similar technologies for authentication, preferences, analytics, and performance. You can control cookies via browser settings; disabling cookies may affect functionality. For jurisdictions requiring consent, we provide a cookie banner with options to accept, reject, or customize categories (essential, analytics, marketing).
See our Cookie Policy for a detailed list of cookies used, their purposes, durations, and providers.
We share personal information with:
We do not sell personal information.
We use reasonable technical and organizational measures to protect personal information, including encryption in transit, access controls, logging, and vulnerability management. No system is perfectly secure; notify us of suspected incidents.
We retain personal information for as long as necessary to provide the Services, meet legal obligations, resolve disputes, and enforce agreements. Specific retention periods include:
We will delete or anonymize data when it is no longer needed, subject to lawful retention requirements.
We may transfer personal information across borders to jurisdictions such as the United States, European Union, and Rwanda. Where required, we use safeguards such as Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms to ensure appropriate protection.
Subject to applicable law, you may request to access, correct, delete, or restrict processing of your personal information; object to certain processing; and request data portability. You may withdraw consent where processing is based on consent. To exercise these rights, contact us using the details in Section 16. We will respond within 30 days, subject to verification of identity and any legal exemptions.
Where legally permitted, we may charge a reasonable fee for excessive or complex requests. See our Rights Request Portal for more details.
The Services are not directed to or intended for minors. Do not submit personal information of minors. If we become aware we have collected a minor's personal information, we will delete it without undue delay.
You may opt out of non-essential marketing communications by using the unsubscribe link or contacting us. We will continue to send transactional or service-related notices.
Where a payment partner or MoR (such as Polar) is used, they may process personal information for identity verification, fraud prevention, tax handling, and chargebacks according to their policies. We do not receive or store full payment card numbers, but may store masked card details, transaction IDs, and related billing data for up to 7 years.
Data Controller/Processor Roles: Mateza acts as data controller for data submitted by you in connection with the Services. The Merchant of Record acts as controller for transactions. Where we act as processor, we process personal data only according to the instructions of the controller and under our internal security safeguards.
The Merchant of Record also has its own privacy and processing practices for transactions; we recommend you review their privacy policy in addition to this one. For more on the relationship, see our Terms of Use.
We maintain a list of key subprocessors (hosting, analytics, email, support tools). We require appropriate data protection commitments from subprocessors. You can view the current list of subprocessors here.
We will provide advance notice of new subprocessors where possible, and you may object to new subprocessors by contacting us.
We may update this Privacy Policy periodically. We will post updates and update the "Last updated" date, and notify you where required by law.
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us: