Privacy Policy

Effective Date: May 26, 2026
Last Updated: May 26, 2026
Version: 2.0
This Privacy Policy explains how Melsoft Quanta ("we", "us", "our") collects, uses, shares, and protects information when you use the Quanta Accounting System and related services (the "Service"). Please read this policy carefully. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

Table of Contents

  1. Information We Collect
  2. How We Use Information
  3. Legal Bases for Processing
  4. Sharing & Disclosure
  5. Data Retention
  6. Security
  7. Your Rights & Choices
  8. Cookies & Similar Technologies
  9. Data Transfers
  10. Third-Party Links & Integrations
  11. Children's Privacy
  12. Business Continuity & Disaster Recovery
  13. Incident Response & Breach Notification
  14. Employee & Staff Data
  15. Changes to this Policy
  16. Contact Us

1. Information We Collect

We collect information in the following categories depending on how you interact with the Service:

1.1 Information You Provide Directly

  • Account & Identity Information: full name, email address, username, job title, department, and authentication credentials (passwords are stored in hashed form and never in plaintext).
  • Organisation Details: company name, registered business address, tax identification numbers (e.g., VAT/TIN), and bank account details where required for payment reconciliation features.
  • Business & Accounting Data: customer and supplier records, inventory items, pricing lists, invoices, quotations, purchase orders, goods received vouchers (GRVs), credit notes, debit notes, journals, general ledger (GL) accounts, trial balance data, financial statements, and all other records you create, import, or upload within the Service.
  • Support Communications: messages, attachments, and any other content you send when you contact our support team.

1.2 Information Collected Automatically

  • Usage & Activity Data: pages visited, features used, actions performed (e.g., "Process", "Post", "Approve", "Void"), report parameters, export requests, timestamps, session duration, and navigation paths within the Service.
  • Device & Technical Data: IP address, browser type and version, operating system, screen resolution, time zone, and device identifiers collected via standard server logs and analytics.
  • Log Data: error logs, API request logs, and audit trails of user actions generated for security, debugging, and compliance purposes.
  • Performance Data: page load times, query response times, and other telemetry used to maintain and improve system performance.

1.3 Information from Third Parties

  • We may receive information from your organisation's administrator when accounts are provisioned, including name, email, and assigned role/permission level.
  • Where you integrate the Service with third-party platforms (e.g., payment gateways, banking APIs, or ERP systems), we may receive data transmitted through those integrations as authorised by your organisation.

2. How We Use Information

We use the information we collect for the following purposes:

2.1 Service Delivery

  • Provision, operate, and maintain all features of the Service including accounting modules, reporting, and document management.
  • Authenticate users, enforce role-based access controls (RBAC), and manage permissions across branches and departments.
  • Generate and export documents such as invoices, statements, purchase orders, financial reports, PDF exports, and Excel/CSV files.
  • Execute workflows including processing transactions, posting journals, reconciling accounts, and managing approval chains.

2.2 Communication

  • Send administrative notices, service announcements, and system alerts.
  • Respond to support queries, bug reports, and feedback submissions.
  • Notify designated contacts of critical events such as failed scheduled tasks or data integrity issues.

2.3 Security & Compliance

  • Detect, investigate, and prevent fraudulent, unauthorised, or illegal activity.
  • Maintain audit logs and access records for compliance and accountability purposes.
  • Enforce our Terms of Service and other applicable policies.

2.4 Improvement & Analytics

  • Analyse usage patterns to improve system performance, reliability, and user experience.
  • Conduct internal research and testing to develop new features and fix bugs.
  • Monitor system health and capacity to ensure availability.

2.5 Legal Obligations

  • Comply with applicable laws, regulations, court orders, and lawful requests from public authorities.
  • Establish, exercise, or defend legal claims.
We do not use your business accounting data for advertising, profiling unrelated to the Service, or any purpose beyond what is described in this policy.

3. Legal Bases for Processing

Where required by applicable data protection law, we process personal information on one or more of the following legal bases:

  • Contract Performance: processing is necessary to deliver the Service under our agreement with you or your organisation.
  • Legitimate Interests: we have a legitimate interest in maintaining security, preventing abuse, improving the Service, and managing our business operations, provided these interests are not overridden by your rights.
  • Legal Obligation: processing is necessary to comply with a legal obligation, such as retaining financial records as required by law.
  • Consent: where we rely on consent (e.g., for certain optional communications), you may withdraw consent at any time by contacting us or adjusting your preferences.

4. Sharing & Disclosure

We do not sell, rent, or trade your personal information or business data. We may disclose information only in the following limited circumstances:

4.1 Service Providers & Sub-processors

We engage trusted third-party companies to assist in operating the Service, including hosting and cloud infrastructure providers, database services, email delivery providers, and customer support platforms. These providers access information only as necessary to perform their functions and are contractually bound to maintain appropriate confidentiality and security standards.

4.2 Within Your Organisation

Information you enter is accessible to other authorised users within your organisation according to the roles and permissions configured by your system administrator.

4.3 Legal & Regulatory Requirements

We may disclose information where required to comply with applicable law, regulation, legal process (such as a court order or subpoena), or a valid request from a governmental or regulatory authority. Where permitted, we will endeavour to notify you before disclosing your information.

4.4 Business Transfers

In the event of a merger, acquisition, reorganisation, bankruptcy, or sale of all or a portion of our assets, information may be transferred as part of that transaction, subject to the acquiring party's agreement to honour the commitments in this Privacy Policy or to provide you with notice and choice.

4.5 Protection of Rights

We may disclose information where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Melsoft, our users, or the public, including to prevent fraud or security incidents.

5. Data Retention

We retain information for as long as necessary to fulfil the purposes described in this policy, unless a longer retention period is required or permitted by law. Key considerations include:

  • Account Data: retained for the duration of your account and for a reasonable period thereafter to allow for reactivation requests or dispute resolution.
  • Business & Accounting Records: retained in accordance with applicable financial reporting, tax, and auditing regulations, which may require retention for periods of up to seven (7) years or more depending on jurisdiction.
  • Audit Logs & Security Logs: typically retained for a minimum of twelve (12) months or as required by law.
  • Support Communications: retained for as long as necessary to resolve the matter and for a reasonable period to handle any follow-up.
  • Anonymised / Aggregated Data: data that has been de-identified may be retained indefinitely for analytical and statistical purposes.

When data is no longer required, it is securely deleted or anonymised in accordance with our data disposal procedures.

6. Security

We take the security of your information seriously and implement a layered approach to protection:

  • Encryption: data is encrypted in transit using TLS (Transport Layer Security) and at rest using industry-standard encryption protocols.
  • Access Controls: access to production systems and databases is restricted to authorised personnel on a need-to-know basis, enforced through role-based access controls and multi-factor authentication (MFA).
  • Audit Trails: the Service maintains detailed audit logs of user actions, login events, and data modifications to support accountability and forensic investigation.
  • Vulnerability Management: we regularly review and update our systems, apply security patches, and conduct periodic security assessments.
  • Physical Security: our hosting infrastructure is maintained in facilities with appropriate physical access controls, environmental safeguards, and redundancy measures.

Despite these measures, no system is completely immune to security risks. We cannot guarantee the absolute security of information transmitted over the internet or stored electronically. You should also take steps to protect your account, such as using a strong password and not sharing your credentials.

7. Your Rights & Choices

Depending on your jurisdiction and applicable law, you may have the following rights regarding your personal information:

  • Right of Access: the right to request confirmation of whether we process your personal data and to receive a copy of that data.
  • Right of Rectification: the right to request correction of inaccurate or incomplete personal data.
  • Right of Erasure: the right to request deletion of personal data in certain circumstances (e.g., where it is no longer necessary for the purpose for which it was collected), subject to legal retention obligations.
  • Right to Restrict Processing: the right to request that we limit how we use your data in certain situations.
  • Right to Data Portability: the right to receive your data in a structured, commonly used, and machine-readable format where technically feasible.
  • Right to Object: the right to object to processing based on legitimate interests in certain circumstances.
  • Right to Withdraw Consent: where processing is based on consent, the right to withdraw consent at any time without affecting the lawfulness of processing prior to withdrawal.
  • Right to Lodge a Complaint: the right to lodge a complaint with a relevant data protection authority if you believe your rights have been violated.

To exercise any of these rights, please contact us using the details in Section 16. We will respond within the timeframe required by applicable law and may need to verify your identity before processing your request. Note that some rights are subject to limitations — for example, we may not be able to delete data that we are legally required to retain.

Your organisation's administrator also has tools within the Service to manage user accounts and access permissions on your behalf.

8. Cookies & Similar Technologies

The Service uses cookies and similar client-side technologies to support its operation. Specifically:

  • Session Cookies: strictly necessary cookies used to authenticate your login session, maintain your logged-in state, and enforce security controls. These are deleted when you close your browser or log out.
  • Preference Cookies: used to remember settings such as language preferences, default views, and UI configurations.
  • CSRF Tokens: security tokens used to protect against cross-site request forgery attacks.
  • Analytics Cookies: where used, these help us understand aggregate usage patterns to improve the Service. We use anonymised or pseudonymised data for this purpose.

You can control cookie settings through your browser. Blocking or deleting session cookies will prevent you from using core features of the Service. We do not use cookies for third-party advertising.

9. Data Transfers

The Service may be hosted on infrastructure located in various jurisdictions. If you are accessing the Service from outside the jurisdiction where our servers are located, your information may be transferred across international borders. We take appropriate steps to ensure such transfers comply with applicable data protection law, including through the use of standard contractual clauses or other approved transfer mechanisms where required.

10. Third-Party Links & Integrations

The Service may contain links to external websites or support integrations with third-party systems (e.g., banking portals, payment processors, government tax portals). This Privacy Policy applies only to the Quanta Service. We are not responsible for the privacy practices of third-party services and encourage you to review their privacy policies before sharing information with them.

11. Children's Privacy

The Service is a business accounting platform intended solely for use by adults in a professional or organisational capacity. We do not knowingly collect personal information from individuals under the age of 18 (or the applicable age of majority in your jurisdiction). If you become aware that a minor has provided personal information to us, please contact us immediately and we will take steps to delete that information.

12. Business Continuity & Disaster Recovery

We maintain business continuity and disaster recovery plans to protect the availability and integrity of the Service and the data it holds. This includes regular automated backups of customer data, geographically redundant storage where feasible, and documented recovery procedures to restore service in the event of a disruption. Backups are encrypted and access-controlled consistent with our security standards.

13. Incident Response & Breach Notification

In the event of a confirmed data security incident that affects personal information, we will:

  • Promptly investigate and contain the incident.
  • Notify affected organisations and individuals as required by applicable data breach notification laws, within the legally required timeframes.
  • Cooperate with relevant regulatory authorities as required.
  • Take appropriate remediation steps to prevent recurrence.

You should notify us immediately at info@melsoftzim.co.zw if you suspect unauthorised access to your account or any data within the Service.

14. Employee & Staff Data

Where your organisation uses the Service to store records relating to your own employees or staff (e.g., payroll-related data, user profiles), your organisation acts as the data controller for that information and is responsible for ensuring that the collection and use of such data complies with applicable employment and data protection laws. We process that information on your organisation's behalf in accordance with this policy and any applicable data processing agreements.

15. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page.
  • Post the revised policy on this page.
  • Where appropriate, provide in-app notice or email notification to affected users or administrators.

Your continued use of the Service after the effective date of a revised policy constitutes your acceptance of the changes. We encourage you to review this page periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us:

We aim to respond to all legitimate privacy-related enquiries within a reasonable timeframe and no later than as required by applicable law.