Your Data, Your Rights
We are committed to protecting your personal data and upholding your privacy rights under the world's most rigorous data protection frameworks.
Regulatory Framework
We comply with leading data protection regulations across every jurisdiction we operate in
GDPR
European Union
The General Data Protection Regulation governs how we collect, process, and store personal data of individuals in the EU and EEA.
POPIA
South Africa
The Protection of Personal Information Act regulates the processing of personal information by public and private bodies in South Africa.
CCPA
California, USA
The California Consumer Privacy Act provides California residents with enhanced rights regarding their personal information.
How We Handle Your Data
Transparency in every step of the data lifecycle
Collection
We collect only the data necessary to provide our services: account data (name, email, credentials), usage data (interactions, preferences), payment data (processed via PCI-compliant providers), and device data (browser type, operating system).
Processing
Your data is processed for specific, lawful purposes: service delivery, security and fraud prevention, analytics to improve our platforms, and communications you have opted into.
Storage
All data is encrypted at rest using AES-256 and stored in regional data centers. We maintain strict retention schedules and automatically purge data that is no longer needed.
Sharing
We share data only with vetted service providers under Data Processing Agreements (DPAs) and when required by law. We never sell your personal data to third parties.
Your Rights
You have comprehensive rights over your personal data under applicable law
Right to Access
Request a copy of the personal data we hold about you, free of charge.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data when it is no longer necessary.
Right to Portability
Receive your data in a structured, machine-readable format for transfer.
Right to Restrict Processing
Request that we limit how we process your data in certain circumstances.
Right to Object
Object to processing based on legitimate interests or direct marketing.
Right to Withdraw Consent
Withdraw previously given consent at any time without affecting prior processing.
Right to Non-Discrimination
Exercise your rights without receiving discriminatory treatment or reduced service.
Data Retention Schedule
How long we retain your data and why
| Data Type | Retention Period | Purpose | Legal Basis |
|---|---|---|---|
| Account Data | Duration of account + 30 days | Service provision | Contractual necessity |
| Transaction Records | 7 years | Financial reporting | Legal requirement |
| Usage Analytics | 24 months | Product improvement | Legitimate interest |
| Marketing Preferences | Until withdrawal | Communications | Consent |
| Support Tickets | 3 years | Service improvement | Legitimate interest |
| Security Logs | 12 months | Threat detection | Legitimate interest |
International Data Transfers
Our primary data processing takes place in the European Union and South Africa. Where we transfer personal data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers outside the EEA.
- Adequacy decisions where the European Commission has determined a country provides adequate data protection.
- Supplementary measures including encryption in transit and at rest, access controls, and transfer impact assessments.
Data Protection Officer
Data Protection Office
We aim to respond to all data protection inquiries within 30 days in accordance with GDPR requirements.
Data Breach Notification
72-Hour Supervisory Authority Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware, as required by GDPR Article 33.
Individual Notification
Where a breach is likely to result in a high risk to your rights and freedoms, we will notify affected individuals without undue delay with clear information about the breach and recommended protective measures.
Incident Response Process
Our comprehensive incident response procedures are detailed in our Security & Trust Center.
Exercise Your Rights
To exercise any of your data protection rights, contact our Data Protection Office. For full details on how we process your data, see our Privacy Policy.