Privacy Policy

EFRIS Simplified ("we", "our", or "us") operates the website efrissimplified.com and the associated EFRIS integration middleware service (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account information. When you register, we collect your name, email address, business name, and TIN (Taxpayer Identification Number) as required to provision your EFRIS integration.

EFRIS credentials. To communicate with Uganda Revenue Authority's EFRIS system on your behalf, we store your EFRIS device number, virtual device number, and RSA private key. Your RSA private key is encrypted at rest using AES-256 and is never stored in plaintext.

Transaction data. Every API request you make through the Service — including invoice payloads, URA responses, and error logs — is stored to provide you with a complete audit trail and to assist with support queries.

Usage data. We automatically collect standard web server logs including your IP address, browser type, pages visited, and timestamps. This data is used solely for security monitoring and service improvement.

Payment information. We do not store your payment card details. Payments are processed by third-party payment providers and subject to their privacy policies.

2. How We Use Your Information

We use the information we collect to:

Provide, operate, and maintain the Service
Communicate with URA's EFRIS API on your behalf
Authenticate your requests and rotate your AES encryption keys daily
Provide your transaction audit trail and dashboard
Send service-related notices (downtime, key rotation failures, billing)
Respond to support enquiries
Detect and prevent fraud or abuse
Comply with applicable Ugandan law, including obligations under the Uganda Data Protection and Privacy Act 2019

We do not sell, rent, or share your personal information with third parties for marketing purposes.

3. RSA Key Storage and Security

Your RSA private key is the most sensitive piece of information we hold. It is:

Encrypted with AES-256 before being written to disk
Stored in an isolated vault, separate from application databases
Never logged, never returned via any API response, and never transmitted in plaintext
Decrypted only in memory, at the moment a request must be signed, and immediately discarded

If you believe your credentials have been compromised, contact us immediately at ronaldngzgadro@gmail.com. We will revoke and regenerate your keys on your behalf.

4. Data Sharing

We share your data only in the following limited circumstances:

Uganda Revenue Authority (URA). We transmit your invoice data to URA's EFRIS API as the core function of the Service. This is the entire purpose of the integration.
Service providers. We use trusted third-party providers for hosting, monitoring, and email delivery. These providers are contractually bound to handle your data only as instructed by us.
Legal requirements. We may disclose information if required by Ugandan law, court order, or government authority.

5. Data Retention

We retain your account and transaction data for as long as your account is active and for a minimum of 5 years thereafter, in line with Uganda Revenue Authority record-keeping requirements for fiscal receipts and invoices.

You may request deletion of your personal account data at any time by contacting us. Note that transaction records (invoice data submitted to URA) may be retained for legal and compliance reasons even after account deletion.

6. Your Rights

Under the Uganda Data Protection and Privacy Act 2019, you have the right to:

Access the personal data we hold about you
Correct inaccurate or incomplete data
Request deletion of your personal data (subject to legal retention obligations)
Object to or restrict certain processing
Receive a copy of your data in a portable format

To exercise any of these rights, contact us at ronaldngzgadro@gmail.com.

7. Cookies

The Service uses only essential session cookies necessary for authentication and security. We do not use tracking cookies, advertising cookies, or third-party analytics that collect personal information.

8. Third-Party Links

Our website contains links to URA's EFRIS portal and other third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies separately.

9. Children's Privacy

The Service is intended for businesses and adult individuals. We do not knowingly collect personal information from anyone under the age of 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page and, for material changes, notify active subscribers by email. Continued use of the Service after any change constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data:

Email: ronaldngzgadro@gmail.com
Phone / WhatsApp: +256 704 031 764
Address: Kyaliwajala Naalya Road, Before Naalya Market, 500M off Naalya Round About, Kampala, Uganda