Privacy Policy

Last updated: 1 January 2026 • Compliant with the Protection of Personal Information Act 4 of 2013 (POPIA)

1. Introduction

Connexify (Pty) Ltd (“Connexify”, “we”, “us”, or “our”) is committed to protecting your Personal Information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and the Electronic Communications and Transactions Act 25 of 2002 (“ECTA”).

This Privacy Policy explains what Personal Information we collect, how we use it, how we protect it, and your rights as a data subject.

2. Responsible Party

For the purposes of POPIA, the responsible party is:

Connexify (Pty) Ltd

Republic of South Africa

Email: admin@connexify.co.za

Information Officer: The Managing Director

3. Personal Information We Collect

We collect only the minimum Personal Information necessary to provide our Services:

3.1 Information you provide directly

  • Account registration: Name, email address, company name.
  • Contact form: Name, email address, company name, message content.
  • Licence purchase: Name, email address, company name, billing information (processed by PayFast — we do not store payment card details).
  • Support requests: Name, email address, description of issue.

3.2 Information collected automatically

  • Licence validation: Licence key, software version, device count, and IP address (used solely to validate your licence).
  • Website usage: Pages visited, browser type, referring page, and access timestamps. We do not use third-party analytics or tracking cookies.

3.3 Information we do NOT collect

  • Network device configurations, credentials, or traffic data — the Software runs on your own infrastructure and this data never leaves your network.
  • Customer data you manage in the CRM — this is stored locally on your server.
  • Special personal information as defined in section 26 of POPIA (race, ethnicity, religion, health, biometric data, etc.).

4. Purpose of Processing

We process your Personal Information for the following purposes, as permitted under section 11 of POPIA:

  • Service delivery: To provide, maintain, and support the Software and Services you have purchased.
  • Licence management: To validate your licence and manage your subscription.
  • Communication: To respond to your enquiries, provide support, and send essential service notifications.
  • Legal compliance: To comply with applicable laws, regulations, and legal processes.

We will not use your Personal Information for direct marketing without your explicit opt-in consent, in accordance with section 69 of POPIA.

5. Legal Basis for Processing

We process your Personal Information on the following legal grounds under POPIA:

  • Contract performance (section 11(1)(b)): Processing necessary to perform our obligations under our agreement with you.
  • Legitimate interest (section 11(1)(f)): Processing necessary for our legitimate interests (e.g., fraud prevention, security), provided these interests do not override your rights.
  • Consent (section 11(1)(a)): Where required (e.g., marketing communications), we will obtain your explicit consent.
  • Legal obligation (section 11(1)(c)): Processing required to comply with a legal obligation.

6. Data Sharing & Third Parties

We do not sell, rent, or trade your Personal Information. We may share your information with:

  • PayFast: Our payment processor, to facilitate secure transactions. PayFast is POPIA-compliant and operates under their own privacy policy.
  • Google Cloud Platform: Our hosting infrastructure provider, which stores licence validation data. Data is processed in South Africa (africa-south1 region) where available.
  • Law enforcement: When required by law, subpoena, or court order.

We require all third-party service providers to process Personal Information in accordance with POPIA and only for the specified purpose.

7. Cross-Border Transfers

Your Personal Information may be transferred to and processed in countries outside the Republic of South Africa (e.g., cloud infrastructure). In accordance with section 72 of POPIA, such transfers will only occur where the recipient country has adequate data protection laws, or we have implemented appropriate safeguards (e.g., binding contractual agreements).

8. Data Retention

We retain your Personal Information only for as long as necessary to fulfil the purposes described in this Privacy Policy, in accordance with section 14 of POPIA:

  • Account data: For the duration of your subscription, plus 12 months after cancellation (for reactivation purposes).
  • Contact form submissions: 24 months from date of submission.
  • Licence validation logs: 12 months from the date of the request.
  • Financial records: 5 years, as required by the Tax Administration Act 28 of 2011.

After the retention period, Personal Information is securely deleted or anonymised.

9. Security Measures

We implement appropriate technical and organisational measures to protect your Personal Information, as required by section 19 of POPIA:

  • All data in transit is encrypted using TLS (HTTPS).
  • Data at rest is encrypted using industry-standard encryption.
  • Access to Personal Information is restricted to authorised personnel only.
  • Regular security reviews and updates are performed.
  • The Software stores device credentials encrypted at rest on your local server.

10. Your Rights as a Data Subject

Under POPIA (sections 23–25), you have the following rights:

  • Right of access: Request confirmation of whether we hold your Personal Information and access to that information.
  • Right to correction: Request correction or deletion of inaccurate, irrelevant, excessive, out-of-date, incomplete, or misleading Personal Information.
  • Right to deletion: Request the destruction or deletion of your Personal Information where we are no longer authorised to retain it.
  • Right to object: Object to the processing of your Personal Information on reasonable grounds.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time.
  • Right to lodge a complaint: Lodge a complaint with the Information Regulator if you believe your rights have been infringed.

To exercise any of these rights, contact us at admin@connexify.co.za. We will respond within 30 days.

11. Data Breach Notification

In the event of a security compromise that affects your Personal Information, we will, in accordance with section 22 of POPIA:

  • Notify the Information Regulator as soon as reasonably possible.
  • Notify affected data subjects as soon as reasonably possible.
  • Take immediate steps to address the breach and prevent recurrence.

12. Cookies

Our website uses only essential, first-party cookies necessary for the functioning of the website (e.g., session management). We do not use tracking cookies, third-party analytics cookies, or advertising cookies. No consent banner is required for essential cookies under POPIA and ECTA.

13. Children’s Information

Our Services are not directed at children under the age of 18. We do not knowingly collect Personal Information from children. If we become aware that we have collected Personal Information from a child without appropriate consent, we will delete it promptly in accordance with section 35 of POPIA.

14. Information Regulator

If you are not satisfied with how we handle your Personal Information, you may lodge a complaint with the Information Regulator:

The Information Regulator (South Africa)

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

P.O Box 31533, Braamfontein, Johannesburg, 2017

Email: enquiries@inforegulator.org.za

Complaints: complaints.IR@justice.gov.za

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users. The “Last updated” date at the top of this page indicates the most recent revision.

16. Contact Us

For questions about this Privacy Policy or to exercise your data subject rights: