Privacy

Last updated: 2026-05-07

This page is a plain-language summary of what eBillio collects, why, and how long we keep it. We are a small team — if anything is unclear, email support@ebillio.net and we'll answer in person.

What we collect

• Tenant operator info: the name, email, phone number, and password (hashed, never stored in plain text) that the ISP operator provides on signup.
• Subscriber info that operators upload: PPPoE / hotspot customer names, phone numbers, payment receipts, and session logs. This data belongs to the operator, not to us — we process it on their behalf.
• M-Pesa payment data: phone numbers, amounts, M-Pesa receipt IDs, and Daraja callback payloads, for the purpose of crediting subscriptions and reconciling settlements.
• Server logs: standard web-server access logs (IP, user agent, timestamp). Kept for 30 days, used for debugging and security only.

What we don't collect

• No third-party analytics. No Google Analytics, no tracking pixels.
• No advertising trackers.
• No social-media SDKs.

Where it lives

All data is stored on our DigitalOcean droplet in Amsterdam (closest EU region with reliable Kenyan latency). Encrypted at rest in MySQL via Laravel's encrypted casts for sensitive fields (API credentials, gateway secrets). Backups are taken daily and retained for 14 days.

Sharing

We don't sell or share operator or subscriber data with anyone. The only outbound traffic is to:

• Safaricom Daraja (M-Pesa payment processing) — only when you initiate STK Push or B2B settlement.
• Your configured SMS gateway (Africa's Talking / TextSMS / Twilio / Blessed Texts / TalkSasa) — only when an SMS template fires for a subscriber event.

Your rights

If you're an operator, you can delete your tenant at any time — that wipes everything we hold for you. If you're a subscriber whose ISP uses eBillio, contact your ISP first; we don't have a direct relationship with you and they own your record.

Contact

Questions, concerns, or formal data requests: support@ebillio.net.