This draft policy explains how the platform handles client, exchange, and tax data while aligning with POPIA-oriented processing expectations.
Effective version: 2026-04-09
These documents are working launch documents for product operations and consent capture. They still need formal legal review before public launch.
We collect account information, workspace setup data, client profile details, uploaded transaction files, connected exchange metadata, generated reports, and audit records needed to operate the platform.
We avoid collecting more information than is necessary to authenticate users, isolate tenants, process tax data, and evidence key actions.
Personal information is processed to authenticate users, maintain organization boundaries, import and normalize transaction data, generate exports, and retain an audit trail for operational and filing workflows.
Where platform features rely on processors or infrastructure providers, data is used only for delivering the service and maintaining security, reliability, and support.
Users should be able to request access to the data stored about them, export workspace information, and ask for deletion where retention duties do not require continued storage.
Crypto tax records may need to be retained to support SARS filing, reconciliation, and practitioner review obligations. Final retention periods should still be lawyer-reviewed before launch.