Privacy Policy

Maphari Technologies (Pty) Ltd ("Maphari", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, share, and protect information obtained through our website (mapharitechnologies.com), client portal, and related services.

We are a South African company and comply with the Protection of Personal Information Act 4 of 2013 (POPIA). Where we process data of individuals in other jurisdictions, we also comply with applicable international data protection laws including the EU General Data Protection Regulation (GDPR) and the UK GDPR.

In terms of POPIA, every responsible party must appoint an Information Officer. Our designated Information Officer can be contacted at:

• Email: privacy@maphari.co.za
• Postal: Maphari Technologies (Pty) Ltd, South Africa
• Response time: We aim to respond to all privacy-related requests within 5 business days

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator (South Africa) at inforegulator.org.za.

We collect personal information through several channels. The type of information depends on how you interact with us:

Information you provide directly:

• Contact details — name, email address, phone number, company name
• Project details — requirements, briefs, specifications, and related documents you share with us
• Account information — login credentials, profile details, and preferences when using our client portal
• Financial information — billing details, invoicing information, and payment records (we do not store full card numbers)
• Communications — emails, messages, meeting notes, and other correspondence
• Contact form submissions — name, email, company name, budget range, selected service, and message content

Information collected automatically:

• Device and browser information — IP address, browser type and version, operating system, device type
• Usage data — pages visited, time spent on pages, click patterns, referral source
• Technical data — error logs, performance metrics, and diagnostic information

Under POPIA and GDPR, we process personal information only where we have a lawful basis to do so:

• Consent: Where you have given us explicit consent to process your data (e.g., subscribing to communications, accepting analytics cookies)
• Contract: Where processing is necessary to perform a contract with you or to take steps at your request before entering into a contract (e.g., delivering project work, managing your portal account)
• Legitimate interest: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your rights (e.g., improving our services, security monitoring)
• Legal obligation: Where we are required to process data to comply with a legal obligation (e.g., financial record keeping, tax requirements)

We use the information we collect for the following purposes:

• Service delivery: To deliver, manage, and improve the software development, design, and technology services you have engaged us for
• Communication: To respond to enquiries, provide project updates, and communicate about our services
• Portal access: To provide and maintain your client portal account, including project tracking, document sharing, and billing
• Billing and payments: To process invoices, track payments, and manage financial records
• Service improvement: To understand how our website and portal are used and to improve the user experience
• Security: To detect, prevent, and respond to fraud, abuse, security incidents, and technical issues
• Legal compliance: To comply with applicable laws, regulations, and legal processes

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

Our website uses the following categories of cookies:

• Essential cookies: Required for basic site functionality such as page navigation, security, and session management. These cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously. These are only set with your consent.

When you first visit our site, a cookie consent banner will appear allowing you to accept or decline analytics cookies. You can change your preferences at any time by clearing your browser cookies and revisiting the site.

We do not use advertising cookies, social media tracking pixels, or any form of cross-site tracking.

We use the following categories of third-party service providers who may have access to personal information as necessary to perform their functions:

• Cloud infrastructure: Hosting and data storage services for our website, portal, and internal systems
• Payment processing: Secure payment gateways for invoice and subscription payments
• Communication platforms: Email delivery, messaging, and video conferencing tools
• Analytics: Website usage analytics (only when you have consented)
• Security: Malware scanning, intrusion detection, and monitoring services

All third-party service providers are contractually obligated to handle your data securely and in accordance with applicable data protection laws. We conduct due diligence on all providers and maintain data processing agreements where required.

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
• Encryption at rest: Stored data is encrypted using industry-standard encryption algorithms
• Access controls: Role-based access controls ensure only authorised personnel can access client data on a need-to-know basis
• Infrastructure security: Our systems are protected by firewalls, intrusion detection, regular vulnerability scanning, and security monitoring
• Incident response: We maintain a documented incident response plan and will notify affected individuals and the Information Regulator of any data breach as required by POPIA within the prescribed timeframes

Some of our infrastructure and third-party service providers operate outside of South Africa. Where your personal information is transferred to a country outside of South Africa, we ensure that:

• The recipient country has adequate data protection legislation, or
• Appropriate safeguards are in place, such as binding corporate rules, standard contractual clauses, or your explicit consent
• The transfer is necessary for the performance of a contract between you and us

This is in compliance with Section 72 of POPIA regarding the trans-border flow of personal information.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

• Active client data: Retained for the duration of the engagement plus 12 months after project completion
• Contact form submissions: Retained for up to 12 months, or until the enquiry is resolved
• Financial records: Retained for 5 years as required by the South African Tax Administration Act and Companies Act
• Portal account data: Retained for the duration of the account plus 6 months after account closure
• Website analytics data: Aggregated and anonymised after 26 months
• Security and access logs: Retained for 12 months for security monitoring and incident response purposes

After the applicable retention period, personal information is securely deleted or irreversibly anonymised.

Under the Protection of Personal Information Act, you have the following rights regarding your personal information:

• Right of access: You may request confirmation of whether we hold personal information about you, and request a copy of that information
• Right to correction: You may request that we correct or update inaccurate or incomplete personal information
• Right to deletion: You may request that we delete your personal information, subject to our legal obligations and legitimate interests
• Right to object: You may object to the processing of your personal information on reasonable grounds
• Right to restrict processing: You may request that we restrict the processing of your personal information in certain circumstances
• Right to data portability: You may request that your personal information be provided in a structured, commonly used, machine-readable format
• Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal
• Right to complain: You have the right to lodge a complaint with the Information Regulator if you believe your rights have been infringed

To exercise any of these rights, contact our Information Officer at privacy@maphari.co.za. We will respond within 5 business days and fulfil valid requests within 30 days.

If you are located in the European Union or United Kingdom, you have additional rights under the GDPR/UK GDPR:

• Right to be informed: You have the right to be informed about how your data is collected and used, which this policy aims to fulfil
• Right to erasure: You may request deletion of your personal data in certain circumstances ("right to be forgotten")
• Automated decision-making: We do not make decisions based solely on automated processing that produce legal effects concerning you

For GDPR-related requests, contact us at privacy@maphari.co.za. You also have the right to lodge a complaint with your local supervisory authority.

Our services are not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information as soon as possible. If you believe we may have collected information from a child, please contact us at privacy@maphari.co.za.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes:

• The updated policy will be posted on this page with a new effective date and version number
• Active clients will be notified via email or through the client portal
• A summary of changes will be provided for significant updates

Continued use of our services after changes are posted constitutes acceptance of the revised policy. We encourage you to review this page periodically.

For any privacy-related questions, requests, or concerns, you can reach us through the following channels:

• Privacy enquiries: privacy@maphari.co.za
• General enquiries: hello@mapharitechnologies.com
• Contact form: mapharitechnologies.com/#contact