Privacy policy

Overview

Badrama Tech operates Tranzra, a non-custodial payment switch and routing infrastructure platform. This policy describes how we collect, process, and protect data in connection with providing the Tranzra service to tenants and their end-users.

Because Tranzra is a business-to-business infrastructure layer, most data we process relates to the tenants (businesses) that integrate our API, not to consumer end-users directly. Tenants are responsible for their own compliance obligations toward their end-users under applicable law.

Data we collect

• — Account data: name, email address, organisation name, contact details provided at registration.
• — API usage data: request logs, intent identifiers, routing outcomes, timestamps. No payment card numbers or mobile money PINs are stored by Tranzra.
• — Credential references: provider API keys you supply are stored encrypted at rest. We do not log credential values in plaintext.
• — Technical data: IP addresses, browser/client agent strings, request headers — retained in access logs for security and debugging purposes.

How we use data

We use the data above to:

• —Deliver, operate, and improve the Tranzra routing service.
• —Authenticate API requests and enforce access controls.
• —Detect and investigate fraud, abuse, or security incidents.
• —Meet regulatory and legal obligations where applicable.
• —Communicate service notices, updates, and billing information to account holders.

We do not sell personal data. We do not use routing or intent data to train models or for advertising purposes.

Data sharing

We share data only as necessary to deliver the service: with hosting infrastructure providers (under data processing agreements), with your configured payment providers (only the data required to execute an intent), and with law enforcement when legally required. We do not share data with third parties for marketing purposes.

Data retention

API usage logs and intent records are retained for a minimum of seven years to support reconciliation, audit, and regulatory requirements common in financial services. Account data is retained for the duration of the tenant relationship plus a run-off period of two years, unless a longer retention period is required by law.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal data we hold about you, or to object to certain processing. To exercise these rights, contact us at the address below. We will respond within 30 days.

Note: some data — particularly intent records — cannot be deleted while required by financial regulation or active contractual obligations.

Security

Tranzra uses encryption at rest and in transit, access controls, and audit logging for all systems that process tenant or intent data. Credential values are encrypted at application level before storage. No payment credential plaintext is logged.

Changes to this policy

We will update the effective date at the top of this page when material changes are made. Continued use of the service after a policy update constitutes acceptance of the revised terms. For significant changes, we will notify account holders via the registered email address.