POPIA Compliance

Protection of Personal Information Act, 2013

1. What is POPIA?

The Protection of Personal Information Act, 2013 (POPIA) is South African legislation that regulates how organisations collect, process, store, and use personal information. It applies to all public and private entities that process personal information, including Aleph Safety (Pty) Ltd. POPIA came into force on July 1, 2020, and establishes critical principles for responsible data handling.

2. Aleph Safety's Commitment

Aleph Safety (Pty) Ltd is committed to complying fully with POPIA. We process personal information responsibly, transparently, and securely. We implement measures to protect personal data from misuse, loss, and unauthorized access. Our Privacy Policy and Terms of Service align completely with POPIA's eight fundamental conditions of lawfulness.

3. The Eight Conditions of Lawfulness

1. Accountability

Aleph Safety (Pty) Ltd is unequivocally responsible for all personal information we process. We maintain detailed records of our data processing activities and have implemented robust internal policies to ensure ongoing compliance. Furthermore, we commit to responding promptly to any requests or inquiries from the Information Regulator.

2. Processing Limitation

We only collect personal information that is adequate, relevant, and not excessive for our explicitly stated purposes. We process this data strictly when you have provided consent, when the processing is necessary to fulfill our contractual obligations to you, or when we are legally required to do so.

3. Purpose Limitation

Your personal information is collected for specified and explicit purposes, namely providing our software services, managing your billing, delivering technical support, and ensuring legal compliance. We absolutely do not use personal information for any purposes other than what was disclosed at the point of collection, unless you provide us with additional, explicit consent.

4. Further Processing Limitation

If we ever need to use your personal information for purposes extending beyond the original scope, we will obtain your explicit consent first. You retain the right to withdraw this consent at any time by contacting our privacy team.

5. Information Quality

We take all reasonable steps to ensure that the personal information we hold is accurate, complete, and not misleading. If you identify any inaccurate information within your account or profile, you are empowered to request immediate correction or deletion.

6. Openness

We believe in absolute transparency regarding our data processing practices. Our overarching Privacy Policy clearly explains what information we collect, exactly how we use it, with whom we share it, and your rights as a data subject. You may request access to view your personal information at any time.

7. Security

We implement appropriate technical and organizational measures to actively protect personal information against unauthorized access, loss, or damage. This protection includes data encryption, stringent access controls, regular security audits, and highly secure data storage. However, we acknowledge that no technological system is entirely secure, and we cannot guarantee absolute protection against all conceivable threats.

8. Data Subject Rights

Under POPIA, you have the protected right to request access to your personal information, mandate the correction of inaccuracies, object to how we process your data, request comprehensive deletion through the right to be forgotten, and lodge formal complaints directly with the Information Regulator. We ensure responses to these requests within 20 business days.

4. Your Rights Under POPIA

Right to Access

You have the unalienable right to access all personal information Aleph Safety (Pty) Ltd holds about you. To initiate an access request, please contact privacy@alephsafe.co.za with your full name and registered email address. We will compile and provide your information within 20 business days.

Right to Correct

If the personal information we currently hold is inaccurate, outdated, or incomplete, you can request immediate correction. We will diligently verify the request and update our database records within 20 business days.

Right to Deletion

You can formally request the deletion of your personal information, exercising your right to be forgotten. However, we may be required to retain specific information if mandated by law—such as maintaining financial billing records for 7 years—or to fulfill binding contractual obligations. In such events, we will delete all applicable data and clearly explain what information we cannot delete and why.

Right to Object

You can object to the ongoing processing of your personal information at any time. Upon receiving your objection, we will immediately cease processing unless we have compelling, legally justifiable reasons to continue or are mandated to do so by South African law.

Right to Lodge Complaint

If you believe Aleph Safety (Pty) Ltd has violated your POPIA rights or mishandled your data, you are encouraged to lodge a formal complaint with the Information Regulator of South Africa. You can find their contact details and procedures at https://www.justice.gov.za/inforeg/.

5. How We Collect Your Data

We collect personal information directly from you through digital forms, the initial signup process, and your profile completion. Additionally, we collect data automatically through session cookies, usage analytics, and standard server logs. We also receive transactional information from our third-party payment processor, PayFast. Across all channels, we stringently limit collection to only the information necessary for service provision and legal compliance.

6. How We Store and Protect Your Data

Your personal information is stored exclusively on highly secure, encrypted servers hosted by Supabase, located physically within South Africa. Access to these databases is restricted to authorized personnel under strict auditing. We conduct regular security audits and maintain comprehensive incident response procedures. Should a data breach occur, we will notify affected individuals and the Information Regulator as legally required by POPIA.

7. Data Retention

We adhere to the principle of minimal data retention, keeping personal information only for as long as functionally necessary. Your account data is retained while your account is active and deleted upon account closure. The documents you generate are kept per your specific subscription terms. Legally, we must retain billing records for 7 years. Usage logs are stored for 30 days exclusively for diagnostic security purposes, and communications are kept only as long as necessary to effectively resolve your inquiries.

8. Third-Party Data Sharing

To deliver a modern software experience, we may share personal information with carefully vetted, trusted third parties. This includes our payment processor, PayFast, for billing operations, our cloud hosting provider, Supabase, for secure data storage, enterprise email service providers for transactional notifications, and AI cognitive services such as Anthropic Claude for intelligent document generation. All of these third parties are contractually bound to protect your data and operate in strict compliance with POPIA.

9. International Transfers

Aleph Safety (Pty) Ltd does not arbitrarily transfer personal information outside the borders of South Africa without obtaining your explicit consent and ensuring appropriate legal safeguards are active. Our primary data infrastructure is firmly located within South Africa.

10. Automated Decision-Making

Aleph Safety (Pty) Ltd does not employ automated decision-making engines for any significant decisions that legally or functionally affect you. All critical account status decisions, including suspension or termination, are evaluated and executed exclusively by human personnel after thorough review.

11. Children's Privacy

The Aleph Safe platform is strictly not intended for use by children under the age of 18. We do not knowingly collect or solicit personal information from children. If we ever discover that we have inadvertently collected information from a child, we will delete that data immediately and notify the respective parents or guardians.

12. Contact Us

If you have any questions regarding our POPIA compliance posture or wish to exercise your rights, please contact us. You can reach Aleph Safety (Pty) Ltd via email at privacy@alephsafe.co.za, or visit our headquarters in Johannesburg, South Africa. We commit to a response time within 20 business days.

For formal complaints, you may contact the Information Regulator of South Africa at https://www.justice.gov.za/inforeg/ or via email at enquiries@inforeg.org.za.

13. Updates to this POPIA Compliance Statement

We may proactively update this compliance statement as our operational practices evolve or as formal POPIA regulations are amended. We will explicitly notify you of any material changes via email or by posting prominent notices on our website interface.

This POPIA Compliance statement is for informational purposes. For legal interpretation of POPIA requirements, consult with a South African data protection attorney. Aleph Safety (Pty) Ltd is committed to POPIA compliance but makes no guarantee of absolute compliance with all interpretations of the Act.
Table of Contents