Privacy Policy
This Privacy Policy explains how Clausely ("we", "us", or "our") collects, uses, discloses, and safeguards your personal information when you use our platform to generate lease agreements, collect e-signatures, and manage your rental property portfolio.
We are committed to protecting your personal information and ensuring it is processed in accordance with the Protection of Personal Information Act, 2013 (POPIA) of South Africa.
Effective Date: 11 May 2026
1. Information We Collect
1.1 Personal Information
We collect the following personal information from landlords and tenants:
- Identity Information: Full name, identity number (encrypted), date of birth
- Contact Information: Email address, phone number, physical address
- Property Information: Property addresses, lease details, rental amounts
- Payment Information: Payment history, transaction references (processed via Paystack)
- Account Information: Username, password (hashed), subscription tier
1.2 Automatically Collected Information
- IP address and browser information
- Device type and operating system
- Usage patterns and interaction data
- Cookies and similar tracking technologies
2. Purpose of Processing
We process your personal information for the following purposes:
- Contract Generation: Creating legally compliant lease agreements
- E-Signatures: Collecting and verifying electronic signatures under ECTA
- Payment Collection: Processing rent payments via Paystack
- Account Management: Managing your subscription and user account
- Communications: Sending lease documents, payment reminders, and updates
- Legal Compliance: Meeting statutory obligations (tax, rental housing acts)
- Security: Detecting and preventing fraud and unauthorized access
3. Legal Basis for Processing
We process your personal information under the following lawful grounds:
- Consent: Where you have provided explicit consent for specific processing activities
- Contract Performance: Where processing is necessary for the performance of a contract (lease agreement)
- Legal Obligation: Where processing is necessary to comply with applicable laws
- Legitimate Interest: Where processing serves our legitimate business interests (account security, service improvement)
4. Data Sharing
We may share your personal information with the following third parties:
- Paystack: For payment processing. Their privacy policy applies: paystack.com/privacy
- Email Service Provider: For sending transactional emails
- Cloud Infrastructure: AWS (hosted in eu-west-1 region) for data storage
- Legal Advisors: When required for legal proceedings or dispute resolution
We do not sell, rent, or trade your personal information to third parties for marketing purposes.
5. Data Retention
We retain your personal information for the following periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Lease Agreements | 7 years after lease termination | Tax and dispute resolution |
| Tenant Personal Data | 3 years after lease end | Dispute resolution |
| Payment Records | 5 years | PAISA compliance |
| Account Data | Until account deletion | Service provision |
| Marketing Data | Until consent withdrawn | Consent-based |
6. Security Measures
We implement the following technical and organizational measures to protect your data:
- Encryption: AES-256-CBC encryption for sensitive data (ID numbers)
- Transmission Security: TLS 1.2+ for all data in transit
- Access Controls: Role-based access control, principle of least privilege
- Authentication: JWT tokens with httpOnly cookies, no XSS exposure
- Monitoring: Logging and audit trails for access and modifications
- Backups: Encrypted backups stored securely
7. Your Rights (POPIA)
Under POPIA, you have the following rights:
- Right to Access: Request a copy of your personal information
- Right to Correction: Request correction of inaccurate personal information
- Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)
- Right to Object: Object to processing based on legitimate interests
- Right to Data Portability: Request your data in a machine-readable format
- Right to Withdraw Consent: Withdraw consent at any time (where processing is consent-based)
- Right to Lodge Complaint: Lodge a complaint with the Information Regulator
To exercise any of these rights, please contact us at hello@clausely.co.za or use the Data Management features in your Account Settings.
8. Cookies
We use cookies and similar technologies to:
- Keep you logged in securely
- Remember your preferences
- Analyze site usage and performance
- Improve our services
You can manage your cookie preferences using our Cookie Consent Banner or your browser settings. Essential cookies are required for the service to function and cannot be disabled.
9. Children's Privacy
Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Effective Date" at the top. We encourage you to review this policy periodically.
11. Contact Information
Information Officer
For POPIA-related queries, you may also contact the Information Regulator:
Information Regulator (South Africa)
Email: complaints.IR@justice.gov.za
Phone: +27 12 406 4818
Website: www.justice.gov.za/inforeg/