TrustEasyGo — Privacy Policy (Draft)

⚠️ AWAITING ATTORNEY REVIEW — NOT LEGALLY BINDING IN THIS FORM

This draft is the Personal Information notice required by POPIA §18 in respect of TrustEasyGo's own data collection from end-users. It must be reviewed by an SA-admitted attorney with POPIA experience before publication.

Version: Draft 1.0

Date prepared: 2026-06-02

Codebase reference: develop post-PR #206

1. About this policy

1.1. This Privacy Policy describes how TrustEasyGo (Pty) Ltd ("TrustEasyGo", "we", "us") collects, uses, stores, shares, and protects the Personal Information of individuals who use the TrustEasyGo Service or visit our website ("you").

1.2. It is published in compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA").

1.3. Scope. This Policy covers Personal Information that TrustEasyGo collects about you in its capacity as Responsible Party — typically information about you as an attorney, staff member, accountant, or other authorised user of the Service.

1.4. Out of scope. Personal Information of the Firm's clients that the Firm enters into the Service is governed separately by the Data Processing Agreement between TrustEasyGo and the Firm — TrustEasyGo processes that information as an Operator, not as Responsible Party. Questions about the Firm's clients' Personal Information should be directed to the Firm.

2. Who is TrustEasyGo

Field	Value
Legal entity	TrustEasyGo (Pty) Ltd
Registration number	`[ATTORNEY TO VERIFY]`
Registered address	`[ATTORNEY TO VERIFY]`
Contact email	`[ATTORNEY TO VERIFY — privacy contact, suggest privacy@trusteasygo.co.za]`
Information Officer (POPIA §55)	`[ATTORNEY TO VERIFY — name, role, contact details]`

3. Personal Information we collect

We collect only the Personal Information necessary to provide the Service. The categories are:

3.1. Account information (when you register)

Email address
First name and last name
Role within your Firm (owner, user, accountant, etc.)
Encrypted password (we never see or store it in plaintext)

3.2. Authentication and security information

Login timestamps
Failed login attempt count and account-lockout status
Two-factor-authentication enrolment status (where enabled)
Session identifiers (held in a secure cookie that expires after one hour of inactivity)

3.3. Activity logging

An immutable audit trail of significant actions you take within the Service (create / update / delete / login / payment / receipt / reconcile / approval)
The IP address from which you took each logged action — used for security investigation
A timestamp and reference to the affected record

3.4. Billing and subscription information

Your Firm's subscription plan, billing cycle, and payment status
Payment method tokens issued by PayFast (we do not see or store your full card number — see §5)
Where you pay by EFT, you may upload a proof of payment file; this is stored against your Firm's subscription record

3.5. Support and correspondence

The contents of any support enquiry you send us
Email correspondence regarding your account

3.6. Information you provide voluntarily in the Service

Profile information (where the Service surfaces it)
Practitioner information you record for your Firm (title, name, email, phone, role)

We do not collect special Personal Information (POPIA §26) about you as an end-user. (Note: this is in contrast to the Personal Information your Firm may enter about its clients — that is governed by the DPA.)

4. Why we collect and use Personal Information

Purpose	Lawful basis under POPIA
To create and maintain your Service account	§11(1)(a) consent / §11(1)(b)(i) contract performance
To authenticate you and protect your account	§11(1)(d)(ii) protection of legitimate interest of TrustEasyGo
To maintain the audit trail required for LPC Rule 54 compliance	§11(1)(c)(i) compliance with an obligation imposed by law
To process subscription payments	§11(1)(b)(i) contract performance
To send transactional emails (password reset, alerts, service notices)	§11(1)(b)(i) contract performance
To respond to your enquiries	§11(1)(a) consent
To investigate security incidents	§11(1)(d)(i) protection of legitimate interest of TrustEasyGo / §11(1)(d)(ii) data subject's

We do not use your Personal Information for marketing without your separate, specific consent.

5. Who we share Personal Information with

We share Personal Information only with the parties below, and only to the extent necessary:

Recipient	What is shared	Jurisdiction (verify)	Purpose
Anthropic, PBC	Aggregated working-session content when the AI-assistant feature is used. The system prompt restricts client identifying information from being transmitted; non-aggregated PI of end-users is not sent	United States `[ATTORNEY TO VERIFY]`	Provide the AI-assistant feature
SendGrid (Twilio Inc.)	Your email address, first name, system-generated email content (e.g. password reset link)	United States `[ATTORNEY TO VERIFY]`	Deliver transactional email
PayFast (Pty) Ltd	Your Firm's billing details (amount, reference, return URL); payment instrument details flow directly between you and PayFast — we never see them	South Africa	Process your subscription payment
BookXperts	Your email address (lookup key)	`[ATTORNEY TO VERIFY]`	Subscription entitlement check
Railway Corp	All Service data is hosted on Railway-provided infrastructure	`[ATTORNEY TO VERIFY — Railway deployment region]`	Hosting
DigitalOcean LLC (Spaces)	Documents you upload to the Service	`[ATTORNEY TO VERIFY]`	Object storage
Regulators, courts, or other authorities	Where required by law, by court order, or by lawful regulator request	South Africa	Legal compliance

We do not sell your Personal Information to anyone.

6. Cross-border transfers

Some of the parties above are located outside South Africa. POPIA §72 permits cross-border transfers only on specified lawful bases. The bases on which we rely for transfers to non-SA recipients are: [ATTORNEY TO COMPLETE — typically §72(1)(a) consent and/or §72(1)(b) adequate protection].

7. How long we keep Personal Information

We keep Personal Information only as long as needed for the purposes set out in this Policy, or for longer if required by law.

Category	Retention period
Account information	For the duration of your access plus `[ATTORNEY TO VERIFY — suggest 12 months]` after account closure
Authentication and security information	For the duration of your access; failed-login records purged on successful login
Audit trail	`[ATTORNEY TO VERIFY — suggest 5 years to align with LPC Rule 54 / 7 years for general business audit retention]`
Billing records	At least 5 years per Income Tax Act §29 obligations
Support correspondence	`[ATTORNEY TO VERIFY — suggest 3 years]`
Uploaded documents	For the duration of the matter plus 5 years per LPC Rule retention; thereafter on Firm instruction

Honest disclosure. As at the date of this draft, the Service does not implement automated retention enforcement for most of the above categories. A defined retention schedule and automated enforcement will be implemented before the private pilot launch.

8. How we protect Personal Information

We implement appropriate technical and organisational measures to protect Personal Information from loss, damage, unauthorised access, or unauthorised disclosure. These measures include:

Hashed password storage (PBKDF2; we never see plaintext)
Account lockout after 5 failed login attempts for 15 minutes
Strong password complexity requirements in production
One-hour session inactivity timeout
HTTPS-only in production with HSTS
Secure cookies in production
Security headers (X-Frame-Options, content-type nosniff, referrer policy)
An immutable audit log
Daily detection of trust-account shortfalls with notification

Disclosed gap. Documents uploaded to the Service are currently stored with a public-read access-control-list. This is being remediated; the planned remediation is that uploaded documents will be served only via short-lived signed URLs issued by authenticated endpoints. Remediation target: [ATTORNEY TO VERIFY — target date].

If you believe a security incident has occurred or your account has been compromised, please contact us immediately at the email above.

9. Your rights under POPIA

You have the following rights in respect of your Personal Information:

Right	What it means
Access (§23)	To know what Personal Information we hold about you and to receive a copy
Correction (§24)	To ask us to correct inaccurate Personal Information
Deletion (§24)	To ask us to delete Personal Information that we no longer need to retain
Objection (§11(3))	To object to processing for which the basis is legitimate interest
Withdraw consent	Where processing is based on your consent, to withdraw that consent at any time
Complain	To complain to the Information Regulator

To exercise any of these rights, contact our Information Officer (§2 above). We will respond within [ATTORNEY TO VERIFY — suggest 30 days] of receipt.

Note. Exercising the deletion right may have practical consequences (e.g. closing your account) where the Personal Information is necessary for us to provide the Service.

10. Cookies and tracking

10.1. The Service uses session cookies necessary to provide the Service (session identifier, CSRF token, language preference). These cookies are not used for marketing or cross-site tracking.

10.2. [ATTORNEY TO VERIFY — whether the Service uses any analytics cookies. If so, list them. If not, this clause can be removed.]

10.3. You can disable cookies in your browser, but the Service may not function correctly without them.

11. Children

The Service is not directed at, and we do not knowingly collect Personal Information from, persons under the age of 18. If you believe we have collected Personal Information about a person under 18, please contact us so we can address it.

12. Changes to this Policy

We may update this Policy from time to time to reflect changes to our practices or legal requirements. The current version is always available on our website, and we will notify registered users of material changes by email at least [ATTORNEY TO VERIFY — suggest 30 days] before the change takes effect.

13. How to contact the Information Regulator

If you are not satisfied with how we have handled your Personal Information you may lodge a complaint with the Information Regulator:

Field	Value
Name	Information Regulator (South Africa)
Postal address	JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email	`complaints.IR@justice.gov.za` `[ATTORNEY TO VERIFY — Regulator contact details current]`
Phone	`[ATTORNEY TO VERIFY]`
Website	`https://inforegulator.org.za`

14. Contact

For all privacy enquiries: [ATTORNEY TO VERIFY — privacy contact]

For all enquiries that are not privacy-related: see the Service's general contact information on our website.

Questions for the attorney

Confirm the company-entity details, registered address, and Information Officer designation (POPIA §55).
Confirm POPIA §11 lawful-basis selections in §4 of this Policy.
Confirm the categorisation of the AI feature's data transmission as a "sharing with operator" rather than "disclosure" — given the technical safeguards.
Decide retention periods (§7) and confirm they match the engineering team's planned retention-schedule implementation.
Confirm POPIA §72 lawful basis selection (§6) per Sub-operator (cross-reference DPA Schedule 3).
Confirm Information Regulator contact details are current.
Decide whether this Policy needs to be presented to end-users as a separate click-through acceptance or whether reference within the Terms is sufficient.
Confirm whether the analytics-cookies clause (§10.2) requires content.

Attorney sign-off

Field	Value
Attorney name	_______________________________________
LPC roll number	_______________________________________
Firm	_______________________________________
Date of review	_______________________________________
Codebase version reviewed	`develop` post-PR #206

I confirm that I have reviewed this draft Privacy Policy and that, subject to the amendments marked in my redline (attached), it is fit for publication by TrustEasyGo (Pty) Ltd in satisfaction of its POPIA §18 notice obligations.

Signature: _______________________________________

Date: _______________________________________

End of draft.

Questions about this document? Contact us via the sub-processor list page or your account manager.