Legal

Privacy Policy

Last updated: February 2026

1. Information We Collect

ISPChamp collects information necessary to provide ISP management services. This includes:

  • Account information: name, email, company name, phone number
  • Subscriber data: NID/passport numbers, addresses, connection details (processed on behalf of ISP tenants)
  • Network data: OLT configurations, IP allocations, RADIUS sessions
  • Payment data: transaction records, billing history (payment credentials are handled by payment processors)
  • Usage data: login times, feature usage, API call logs

2. How We Use Your Information

  • To provide and maintain the ISPChamp platform
  • To process subscriber management operations on behalf of ISP tenants
  • To generate billing and invoicing
  • To provide technical support and respond to inquiries
  • To comply with BTRC regulatory requirements
  • To improve our services through anonymized usage analytics

3. Data Processing & Storage

All data is stored on servers located in Bangladesh. ISPChamp acts as a data processor on behalf of ISP tenants (data controllers). Subscriber personal data is processed only as instructed by the ISP tenant and in compliance with applicable Bangladesh data protection laws.

4. Data Sharing

We do not sell personal data. We may share data with:

  • Payment processors (bKash, Nagad, SSLCommerz, etc.) to process transactions
  • Law enforcement authorities when required by valid legal process and BTRC regulations
  • BTRC auditors as required for regulatory compliance

5. Tenant Data Isolation

ISPChamp uses strict multi-tenant data isolation. Each ISP tenant's data is logically separated at the database level using row-level security policies. No tenant can access another tenant's data. All queries are scoped to the authenticated tenant's context.

6. Security

We implement industry-standard security measures including encryption at rest (AES-256) and in transit (TLS 1.3), role-based access control via Darwan authorization, audit logging of all administrative actions, and regular security assessments.

7. Data Retention

Account data is retained for the duration of the service agreement plus 12 months. CGNAT session logs are retained per BTRC requirements (currently 12 months). Subscribers can request data deletion through their ISP, subject to regulatory retention requirements.

8. Contact

For privacy inquiries, contact us at privacy@ispchamp.com.