Privacy Policy
Civic Anchor SA (Pty) Ltd acts as a Responsible Party under the Protection of Personal Information Act 4 of 2013 (POPIA). This policy describes what personal information we collect, why we collect it, how we handle it, and your rights as a data subject. A full legal draft is in review with our legal counsel ahead of GA; the substantive principles below are operative now.
Effective: 2026-05-01 · Jurisdiction: South Africa · Framework: POPIA, Act 4 of 2013
Data handling principles
- Minimal collectionWe collect only what is strictly required for the function you use. No raw biometrics are stored anywhere on our infrastructure.
- Lawful basisProcessing is grounded in user consent (s11(1)(a)), contractual necessity (s11(1)(b)), and legitimate interests (s11(1)(f)) of the verifying institution, in that priority order.
- Purpose limitationData collected for enrollment is not used for marketing, profiling, or any purpose outside the verification function the user explicitly initiated.
- Data subject rightsYou have the right to access, correct, object to, and request deletion of your personal information at any time. Rights requests are actioned within 30 days.
- Cross-border transfersZA-jurisdictioned data does not leave af-south-1 infrastructure without a dual-attestation transfer protocol (PRD W8). Transfers are never silent.
- SecurityAll personal information in transit and at rest is encrypted. Verification events write to a hash-chained audit log. Breach notification follows POPIA s22 within 72 hours of confirmation.
Contact and rights requests
To exercise any data subject right under POPIA — access, correction, objection, or deletion — write to our Information Officer. We respond within 30 days. If you are unsatisfied, you may lodge a complaint with the Information Regulator at inforegulator.org.za.
Information Officer
popi@civicanchor.idGeneral privacy queries
privacy@civicanchor.id