Privacy Policy

This Privacy Policy explains how Akha Integrated Platform (Pty) Ltd ("Akha", "we", "us", or "our") collects, uses, stores, and discloses your personal information when you use our platform at akha.co.za and related services. We are committed to protecting your privacy in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and all applicable South African law.

1Responsible Party

The responsible party for the purposes of POPIA is:

Akha Integrated Platform (Pty) Ltd

Registration No.: [CIPC Registration Number]

Email: privacy@akha.co.za

Website: akha.co.za

Our designated Information Officer is responsible for ensuring compliance with POPIA. You may contact the Information Officer at the address above for any privacy-related enquiries or complaints.

2Information We Collect

We collect personal information in the following categories:

Identity & Contact Information

Full name, email address, phone number
National ID / passport number (for director verification)
Physical and postal address

Company & Business Information

CIPC registration number and certificate
SARS tax number and tax clearance pin
B-BBEE certificate and rating
Financial statements, bank statements, and accounting data
Beneficial ownership declarations

Assessment & Scoring Data

Questionnaire responses across all 6 assessment dimensions
Akha Score history and remediation roadmap data
Shadow account and scenario planning inputs

Usage & Technical Data

IP address, browser type, and device identifiers
Pages visited, features used, and session duration
Log files and error reports

Communications

Messages sent through in-platform chat and collaboration tools
Support requests and correspondence
WhatsApp Bot interactions (where enabled)

3How We Use Your Information

Platform delivery: To operate and provide all features of the Akha platform, including assessment scoring, document verification, and opportunity matching.

Identity & compliance verification: To validate CIPC registration, SARS tax clearance, and Beneficial Ownership declarations against authoritative registers.

Matching & deal origination: To generate and rank funding opportunity matches based on your Akha Score and verified readiness profile.

AI-generated insights: To produce remediation roadmaps, scenario plans, and strategic recommendations powered by AI models. All AI outputs are reviewed for accuracy before being presented.

Communication: To send transactional notifications (document verification status, match alerts, access requests) and, with your consent, platform updates and newsletters.

Security & fraud prevention: To monitor for suspicious activity, enforce our Terms of Use, and protect users and the platform from misuse.

Legal compliance: To comply with applicable South African law, regulatory obligations, and to respond to lawful requests from authorities.

Platform improvement: To analyse aggregated, anonymised usage data to improve features, performance, and the quality of our scoring model.

4Lawful Basis for Processing

We process your personal information on one or more of the following lawful grounds under POPIA section 11:

Contract

Processing is necessary to perform the contract for platform services you have entered into with us.

Consent

You have given specific, informed, and voluntary consent for certain processing activities, such as marketing communications.

Legal obligation

Processing is necessary to comply with a legal obligation under South African law, including FICA and POPIA.

Legitimate interest

Processing is necessary for our legitimate business interests (e.g., fraud prevention, security) where those interests are not overridden by your rights.

6Data Retention

We retain your personal information for as long as necessary to fulfil the purposes in this policy and to comply with our legal obligations. Specific retention periods:

Data Category	Retention Period
Account & profile data	Duration of account + 5 years
Financial & compliance documents	7 years (FICA / tax record requirements)
Assessment responses & Akha Score history	Duration of account + 3 years
Audit trail & access logs	5 years (immutable)
Communication records	3 years
Technical / usage logs	12 months rolling

You may request early deletion of your data (see Your Rights below) subject to overriding legal retention obligations.

7Security Measures

We implement technical and organisational measures proportionate to the risk of processing. These include AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, immutable audit logs, and regular penetration testing. See our Security page for full details.

In the event of a security breach that poses a risk to your rights, we will notify the Information Regulator and affected data subjects within the timeframes required by POPIA.

8Your Rights

Under POPIA, you have the following rights with respect to your personal information:

Access

Request confirmation of whether we hold your personal information and obtain a copy.

Correction

Request correction of inaccurate, misleading, or incomplete personal information.

Deletion

Request destruction or deletion of personal information we are no longer authorised to retain.

Objection

Object to the processing of your personal information on grounds relating to your particular situation.

Withdraw consent

Withdraw any consent you previously gave, without affecting the lawfulness of prior processing.

Complaint

Lodge a complaint with us or with the Information Regulator of South Africa.

To exercise any of these rights, email privacy@akha.co.za. We will respond within 30 days. You may also contact the Information Regulator of South Africa at inforegulator.org.za.

9Cookies & Tracking

We use essential cookies necessary for platform operation (authentication tokens, session state) and, with your consent, analytics cookies to understand platform usage in aggregate. We do not use advertising cookies or share tracking data with advertisers.

You can manage cookie preferences at any time through your browser settings. Disabling essential cookies will impair platform functionality.

10Children's Privacy

The Akha platform is intended for use by businesses and professionals. We do not knowingly collect personal information from persons under the age of 18. If we become aware that a minor has submitted personal information, we will delete it promptly.

11Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or applicable law. Material changes will be communicated to registered users via email or in-platform notification at least 14 days before taking effect. The "last updated" date at the top of this page will always reflect the current version.

12Contact Us

For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact:

Information Officer, Akha Integrated Platform (Pty) Ltd