1. Who we are
Avril Capital Co. Ltd. ("AvCap", "we", "our") is a Tanzanian private limited company registered in Dar es Salaam. AvCap is the data controller for personal information processed through this website (avcap.co.tz) and through the products AvCap builds and operates, currently including Sentinel (sentinel.avcap.co.tz), the Tanzanite Crypto Index Fund (TCIF, tcif.finance), Anzisha (anzisha.xyz), and any additional product AvCap launches in the future.
Contact for any privacy or data-protection matter: info@avcap.co.tz. Postal correspondence: Avril Capital Co. Ltd., Dar es Salaam, Tanzania.
2. Scope
This umbrella policy applies to every public-facing surface and product operated by AvCap. Where a specific product has additional product-specific terms (for example, a Statement of Work for a Sentinel engagement, a Token Sale Agreement for TCIF, or an Anzisha subscription agreement), the product-specific terms supplement, not replace, this policy.
3. What we collect
The categories of personal information we may collect depend on which AvCap surface you interact with:
avcap.co.tz (this site)
- Contact-form submissions: name, email, phone, organization, message body.
- Calendly booking metadata when you schedule a consultation: name, email, selected time, optional notes.
- Standard web-server logs: IP address, user-agent string, referrer, request timestamps, retained for diagnostic and abuse-prevention purposes.
Sentinel (sentinel.avcap.co.tz)
- The website URL or domain you submit for audit.
- Your contact email address.
- Submission timestamp and IP address retained by the form processor.
- For commissioned engagements: any additional scope, contact, and authorization information required by the signed Rules of Engagement.
TCIF (tcif.finance)
- For website visitors: standard web-server logs only.
- For token-sale participants: KYC/AML information required by the sale terms, which may include legal name, date of birth, nationality, government-issued identification, proof of address, source-of-funds declaration, and wallet address.
- On-chain interaction data is, by the nature of public blockchains, permanently recorded on the BNB Chain and is not under AvCap's exclusive control.
Anzisha (anzisha.xyz)
- Account information: name, email, phone, optional business name.
- Business-plan inputs you enter into the platform, including sector, location, financial projections, and any sensitive commercial details you choose to share.
- Payment metadata for premium tiers: M-Pesa transaction reference, amount, and timestamp. Payment card details, where used, are processed by a PCI-DSS compliant payment processor and are not stored by AvCap.
4. Why we collect it
We process personal information only for the purposes you would reasonably expect, including:
- Delivering the service you have requested (an audit, a consultation, an Anzisha feasibility report, a TCIF token allocation).
- Following up about that service and providing customer support.
- Meeting legal and regulatory obligations, including KYC/AML requirements for token-sale participants and tax/accounting record-keeping under Tanzanian law.
- Securing and improving our systems, including investigating abuse or attempted compromise.
- Where you have explicitly opted in, occasional updates about new AvCap products or insights.
Lawful bases for processing under the Tanzania Personal Data Protection Act (PDPA) 2022 and, where applicable, the EU GDPR Article 6: performance of a service you have requested, compliance with legal obligation, our legitimate interests in operating and securing the business, and your consent where relied upon.
5. Third-party processors and recipients
We use a small number of third-party services to operate our products. Each acts as a data processor on our behalf:
| Processor | Purpose | Where |
|---|---|---|
| Hostinger | Web hosting, server logs | EU |
| Calendly | Consultation booking | USA |
| Web3Forms | Sentinel intake form relay | USA |
| Anthropic (Claude) | Anzisha AI feasibility analysis | USA |
| M-Pesa (Vodacom Tanzania) | Mobile money payments | Tanzania |
| BNB Chain (public) | TCIF on-chain transactions | Public blockchain |
We do not sell, rent, or trade personal information. Disclosure to law enforcement or regulators occurs only where compelled by valid legal process or where required by Tanzanian or applicable foreign law.
6. How long we keep it
Retention varies by data category:
- Contact-form and consultation submissions: up to 24 months from last contact unless an active engagement extends the period.
- Audit reports and deliverables: duration of the engagement plus seven years, in line with Tanzanian commercial record-keeping norms.
- KYC/AML records for TCIF participants: as required by applicable AML law, currently expected to be seven years from the end of the relationship.
- Anzisha account data: until you request deletion, with a 90-day grace recovery window after request.
- Web-server logs: 90 days for routine logs, longer where retained for security investigation.
7. International transfers
Several of the processors listed in Section 5 are based outside Tanzania. Where personal information is transferred outside Tanzania, we rely on a combination of: your explicit consent at the point of submission, the necessity of the transfer to deliver the service you have requested, and contractual safeguards with the receiving processor where available. We do not transfer personal information to jurisdictions without a recognized data-protection regime except where one of the foregoing bases applies.
8. TCIF and public-blockchain disclosures
Transactions executed against TCIF's smart contracts are recorded on a public blockchain. By the nature of public blockchains, on-chain records cannot be deleted or modified once written, and they are visible to anyone. Wallet addresses are pseudonymous, but on-chain activity associated with a wallet can in some circumstances be correlated with off-chain identity. If you participate in the TCIF token sale or interact with TCIF smart contracts, you acknowledge this immutability. AvCap will, where lawfully required, remove personal information from systems under its direct control, but we cannot remove or modify on-chain records.
9. Anzisha and AI-assisted processing
Anzisha uses Anthropic's Claude AI to analyze the business-plan inputs you provide and generate feasibility scoring, regulatory guidance, and projections. Inputs you submit to Anzisha are transmitted to Anthropic for processing under Anthropic's terms; AvCap does not use your inputs to train AI models, and we have configured our integration to opt out of training where Anthropic offers that control. Feasibility outputs are advisory; they are not professional financial, legal, tax, or accounting advice.
10. Security
We apply technical and organizational measures appropriate to the sensitivity of the data we hold, including HTTPS-encrypted transport, restricted access on a need-to-know basis, secret management for processor credentials, and ongoing Sentinel-style posture audits of our own surfaces. No system is perfectly secure; if you become aware of a security issue affecting an AvCap product, please disclose it responsibly to info@avcap.co.tz.
11. Your rights
Under the Tanzania PDPA 2022 and, where applicable, the EU GDPR, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of your data, subject to the retention obligations described in Section 6 and the on-chain limitations in Section 8.
- Object to processing or restrict processing in defined circumstances.
- Withdraw consent for processing that relies on consent, without affecting the lawfulness of prior processing.
- Request portability of data you have provided to us.
- Lodge a complaint with the Tanzania Personal Data Protection Commission or, if you are in the EU, with your local supervisory authority.
To exercise any of these rights, email info@avcap.co.tz with the subject "Data subject request". We will respond within 30 days. We may need to verify your identity before acting on a request that affects a specific record.
12. Cookies and analytics
As of the date of this policy, avcap.co.tz, sentinel.avcap.co.tz, tcif.finance, and anzisha.xyz do not use third-party analytics tags, advertising trackers, or cross-site cookies. We use only the small number of strictly-functional cookies required by some of the processors listed in Section 5 (for example, Calendly session cookies on the booking page). If we add analytics or advertising cookies in the future, we will update this policy and surface a cookie-consent prompt before deploying them.
13. Children
AvCap products are intended for adults and for business users. We do not knowingly collect personal information from individuals under 18. If you believe a minor has submitted information to us, please contact info@avcap.co.tz and we will delete it promptly.
14. Audit reports and confidentiality
Reports produced by Sentinel are confidential between AvCap and the commissioning client. We do not display, share, or publish reports beyond the URL provided to the client without that client's signed reference consent. AvCap, by long-standing internal practice and by signed non-disclosure obligations, also does not publicly name client organizations on this website without explicit prior consent.
15. Updates
We may update this policy as our practices evolve. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be communicated via the contact channels we have on file for active clients, and the prior version will be archived and available on request.
16. Contact
For any privacy, data-protection, or security-disclosure matter, contact info@avcap.co.tz.