Legal

Privacy Policy

Last updated: 4 April 2026

Responsible Party

Akha Digital (Pty) Ltd (“Akha”, “we”, “us”) is the responsible party for the processing of your personal information as defined under the Protection of Personal Information Act, 2013 (POPIA).

EntityAkha Digital (Pty) Ltd
RegistrationRepublic of South Africa
Information Officerprivacy@akhadigital.co.za
AddressCape Town, South Africa

Information We Collect

We collect the following categories of personal information:

Account Information

Name, email address, phone number, company name, and role when you register for an account.

Assessment Data

Responses to our funding readiness questionnaire, including financial metrics, compliance status, and business strategy information.

Documents

Files you upload to the Compliance Vault, including CIPC certificates, tax clearance pins, B-BBEE certificates, financial statements, and identification documents.

Usage Data

Information about how you interact with our platform, including pages visited, features used, session duration, and device information.

Communication Data

Messages, enquiries, and correspondence you send to us through the platform or email.

How We Use Information

We process your personal information for the following purposes:

  • Calculate and maintain your Akha Score across six funding readiness dimensions
  • Verify documents against CIPC, SARS, and other regulatory registries
  • Match your profile with relevant funding opportunities and funder mandates
  • Generate AI-powered remediation roadmaps and readiness reports
  • Communicate platform updates, matched opportunities, and account notifications
  • Improve our services through anonymised, aggregated analytics
  • Comply with legal and regulatory obligations
  • Prevent fraud and ensure platform security

Lawful Basis for Processing

We rely on the following grounds under POPIA Section 11:

  • Consent: You provide explicit consent when registering and uploading documents.
  • Contract: Processing is necessary to provide the services you requested.
  • Legal obligation: We process certain data to comply with FICA, POPIA, and other regulations.
  • Legitimate interest: We use anonymised data to improve our platform, where this does not override your rights.

Information Sharing

We share your personal information only in the following circumstances:

  • With funders: Only when you explicitly grant access through the Compliance Vault. Anonymous teaser profiles do not reveal your identity.
  • With consultants: Only when you invite a consultant to your workspace.
  • Service providers: Infrastructure providers (cloud hosting, email) who process data under strict agreements.
  • Regulatory bodies: When required by law or valid legal process.
  • With your consent: For any other purpose, only with your explicit authorisation.

We never sell your personal information to third parties.

Data Retention

We retain your data for the following periods:

Data CategoryRetention Period
Account informationDuration of account + 2 years
Assessment dataDuration of account + 5 years
Vault documentsUntil you delete them or close your account
Audit trail logs7 years (regulatory requirement)
Usage analytics24 months (anonymised)
Communication records3 years

Security Measures

We implement comprehensive security measures to protect your information:

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption for all data in transit
  • Multi-factor authentication (MFA) for account access
  • Role-based and attribute-based access control (RBAC / ABAC)
  • Immutable audit trails on all document access and system actions
  • Regular penetration testing and security audits

For more details, see our Security page.

Your Rights

Under POPIA, you have the right to:

  • Access: Request confirmation of what personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information, subject to legal retention requirements.
  • Objection: Object to the processing of your personal information on reasonable grounds.
  • Restriction: Request that we restrict processing in certain circumstances.
  • Complaint: Lodge a complaint with the Information Regulator if your rights have been violated.

To exercise any of these rights, contact our Information Officer at privacy@akhadigital.co.za.

Cookies & Tracking

We use strictly necessary cookies for authentication and session management. We do not use third-party advertising trackers. Analytics cookies are anonymised and used only to improve platform performance.

Children's Privacy

Akha is a business platform. We do not knowingly collect personal information from anyone under 18 years of age. If you believe we have inadvertently collected such information, contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and an in-platform notification at least 30 days before they take effect.

Contact

For privacy-related enquiries or to exercise your rights, contact:

Information Officer
Akha Digital (Pty) Ltd
Email: privacy@akhadigital.co.za

Information Regulator (South Africa)
Email: enquiries@inforegulator.org.za
Website: inforegulator.org.za

Related: Terms of Use · POPIA Notice · Security