Last updated 29 April 2026

CompliSafe Privacy Policy

Effective Date: 29 April 2026
Version: 1.0

1. Introduction

This Privacy Policy explains how CompliSafe ("we", "us", "our") collects, uses, stores and protects personal information when you use our website, mobile application, and related services ("the Platform").

We are committed to protecting your privacy and processing your personal information in accordance with applicable data protection laws, including the Protection of Personal Information Act, 2013 ("POPIA").

By using the Platform, you agree to the terms of this Privacy Policy.

Relationship to Terms

This Privacy Policy forms part of the CompliSafe Terms of Use and should be read together with those Terms.

Definitions

  • "Personal Information" means information relating to an identifiable natural or juristic person.
  • "Special Personal Information" includes health information, incident injury records and other information requiring additional protection.
  • "Responsible Party" means the customer controlling the processing.
  • "Operator" means CompliSafe, where processing occurs on customer instruction.

2. Information We Collect

We may collect and process the following categories of personal information:

Information You Provide

  • Name and surname
  • Email address
  • Phone number
  • Company details
  • Account login credentials
  • Any information you upload to the Platform (e.g. compliance records, documents)

System-Generated Data

  • Audit Trail records (user actions, timestamps, approvals)
  • Compliance data and reports

Automatically Collected Information

  • Device identifiers and browser information
  • IP addresses
  • Usage data and interaction logs
  • Location data (where enabled)

Special Personal Information

  • Users may upload information that may constitute special personal information, including injury-related or health-related records.
  • Customers are responsible for ensuring they have a lawful basis to process and upload such information.
  • CompliSafe does not assume responsibility for unlawful uploads by users.

3. How We Use Your Information

We process personal information to:

  • Provide and operate the Platform
  • Manage user accounts and access
  • Enable compliance tracking and reporting
  • Improve functionality and user experience
  • Communicate with users (support, updates, notices)
  • Ensure security and prevent fraud
  • Comply with legal and regulatory obligations

4. Lawful Basis for Processing

We process personal information based on one or more lawful grounds, including:

  • Contractual necessity – to provide the Platform
  • Legal obligations – where required by law
  • Legitimate interests – to improve and secure our services
  • Consent – where required (e.g. optional cookies or communications)

Processing is undertaken in accordance with applicable data protection requirements, including POPIA.

Responsible Party and Operator Rules

Depending on context:

  • CompliSafe may act as the Responsible Party for personal information processed in connection with operating the website, user accounts, billing, support and related services.
  • CompliSafe may act as Operator where processing personal information on behalf of Customers through the Platform.

5. Your Rights

In terms of POPIA, you have the right to:

  • Access your personal information
  • Request correction or deletion
  • Object to processing
  • Withdraw consent (where applicable)
  • Lodge a complaint with the Information Regulator

Requests can be submitted via our contact details below.

6. Information Sharing

We may share personal information with:

  • Service providers and subprocessors
  • Professional advisors (legal, audit) where necessary
  • Regulatory authorities where legally required

All third parties are required to process information securely and in accordance with applicable laws.

7. Cross-Border Transfers

Your personal information may be transferred to and stored in countries outside of South Africa where our service providers operate.

We ensure appropriate safeguards are in place to protect your information.

8. Data Security, Data Retention and Data Subject Rights

Data Security

We implement appropriate technical and organisational measures, including:

  • Encryption (in transit and at rest)
  • Access controls and authentication
  • System monitoring and logging
  • Regular backups

While we take reasonable steps to protect your information, no system is completely secure.

Data Retention

We retain personal information only for as long as necessary to:

  • Provide the Platform
  • Comply with legal obligations
  • Resolve disputes and enforce agreements

Data may be deleted or anonymised after applicable retention periods.

Data Subject Rights

Subject to law, data subjects may request:

  • Access
  • Correction
  • Objection
  • Deletion where applicable

Requests may be directed to the Information Officer.

9. Third-Party Services

The Platform may include links or integrations with third-party services. We are not responsible for the privacy practices of those third parties.

Subprocessors

We may engage approved subprocessors to assist in providing the Platform, including hosting, email, analytics or support providers. Appropriate safeguards are applied to such arrangements.

10. Security Incidents

In the event of a data breach or security incident, we will:

  • Investigate and contain the issue
  • Notify affected users or Customer administrators where required by law
  • Notify regulators where required
  • Cooperate with regulatory authorities

11. Cookies and Tracking Technologies

We may use:

  • Strictly necessary cookies
  • Analytics cookies
  • Preference cookies (where enabled)

Where required, users may:

  • Accept all cookies
  • Reject non-essential cookies
  • Manage cookie preferences

Cookie retention periods and controls are described in the Cookie Policy.

12. De-Identified Data

We may use anonymised and aggregated data that cannot identify you to:

  • Improve our services
  • Develop analytics and benchmarks
  • Produce industry insights

13. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes may be notified through:

  • The Platform
  • Email
  • App notification
  • Website notice

Continued use after notice constitutes acceptance.

15. Contact Information

For privacy requests or complaints, contact:

Information Officer
Name: Megan Dinsdale
Email: info@complisafe.co.za

Complaints may also be directed to the Information Regulator.

Read our Terms of Use →