Privacy Policy

Dar Digital Rights Centre (DDRC), Dar es Salaam, Tanzania, operating pan-African. This policy explains what personal data we process and why.

Account data: your email (stored encrypted at rest) and, optionally, your name, language and country.

Learning data: course enrolments, progress, quiz results, and certificates.

Security logs: an append-only audit trail of actions on the platform (with IP for authenticated actions). Anonymous incident submissions are NOT IP-logged.

We do not use tracking or analytics cookies and do not build advertising profiles. Anonymous incident reports carry no account, email, phone, or IP.

Incident submissions are encrypted in your browser before transmission; we store only ciphertext. A tracking code is the only link to a case and is stored as a one-way hash. Only an authorised analyst can decrypt a case.

You may access, correct, or request erasure of your personal data. Signed-in users can update their profile or delete (anonymise) their account in Account settings. Others may use the data-deletion request form.

We retain data while your account is active. On erasure we anonymise personal data while preserving records required for our security audit trail.

For privacy questions, contact us via the Contact page.