Privacy Policy

1. Introduction

At Octrivium, we are committed to protecting your privacy and handling your personal and financial data responsibly. This Privacy Policy explains how we collect, use, store, and protect your information when you use our accounting software service.

This policy complies with South Africa's Protection of Personal Information Act (POPIA) and international data protection standards.

2. Information We Collect

2.1 Account Information

• Name, email address, phone number
• Business name and registration details
• Billing and payment information
• Login credentials (encrypted)

2.2 Financial Data

• Bank account details and transactions
• Invoices, expenses, and receipts
• Tax information (VAT numbers, tax registrations)
• Payroll data (employee information, salaries, deductions)
• Financial statements and reports

2.3 Usage Information

• Log data (IP address, browser type, pages visited)
• Device information (operating system, device type)
• Usage patterns and feature interactions
• Performance and error data

2.4 Cookies and Tracking

We use cookies and similar technologies to enhance your experience, remember preferences, and analyze usage patterns. You can control cookie settings through your browser.

3. How We Use Your Information

We use your information to:

• Provide the Service: Process transactions, generate reports, perform calculations
• Improve the Service: Analyze usage, fix bugs, develop new features
• Communicate: Send service updates, support responses, billing notifications
• Security: Detect fraud, prevent abuse, ensure account security
• Compliance: Meet legal obligations, respond to regulatory requests
• Marketing: Send promotional emails (with your consent, you can opt out anytime)

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal or financial information to third parties.

4.2 Service Providers

We share data with trusted service providers who help us operate the Service:

• Cloud hosting providers (secure data storage)
• Payment processors (billing and subscriptions)
• Email service providers (transactional emails)
• Analytics providers (usage insights)

All service providers are contractually bound to protect your data and use it only for specified purposes.

4.3 Legal Requirements

We may disclose information when required by law, such as:

• Court orders or legal processes
• Requests from law enforcement or regulatory authorities
• Protection of our rights, property, or safety
• Prevention of fraud or criminal activity

4.4 Business Transfers

If Octrivium is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

5. Data Security

We implement comprehensive security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS/SSL) and at rest (AES-256)
• Access Controls: Strict authentication, role-based permissions, multi-factor authentication
• Secure Infrastructure: SOC 2 compliant data centers with physical security
• Regular Audits: Security assessments, penetration testing, vulnerability scanning
• Incident Response: 24/7 monitoring, rapid response to security threats
• Employee Training: Regular security awareness training for all staff

While we use industry-leading security practices, no system is 100% secure. We encourage you to use strong passwords and enable two-factor authentication.

6. Data Retention

We retain your data for as long as your account is active and as required by law:

• Active Accounts: Data retained while subscription is active
• Closed Accounts: Financial data retained for 7 years (SARS requirement)
• Backups: Backup copies retained for 90 days for disaster recovery
• Legal Holds: Data preserved longer if required by legal proceedings

You can request account deletion at any time. We will delete your data within 30 days, except where retention is required by law.

7. Your Rights (POPIA Compliance)

Under South Africa's POPIA, you have the right to:

• Access: Request a copy of your personal information
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your data (subject to legal retention requirements)
• Objection: Object to processing of your data for marketing purposes
• Portability: Export your data in a machine-readable format
• Restriction: Limit how we process your data in certain circumstances
• Complaint: Lodge a complaint with the Information Regulator

To exercise these rights, contact us at privacy@octrivium.co.za. We will respond within 30 days.

8. International Data Transfers

Your data is primarily stored in South African data centers. If we transfer data internationally, we ensure adequate protection through:

• Standard contractual clauses
• Data processing agreements
• Compliance with cross-border data protection laws

9. Children's Privacy

Our Service is intended for businesses and individuals 18 years or older. We do not knowingly collect information from children under 18. If we become aware of such collection, we will delete it immediately.

10. Third-Party Links

Our Service may contain links to third-party websites or services. We are not responsible for their privacy practices. We encourage you to review their privacy policies before providing any information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use after changes take effect constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions, concerns, or to exercise your rights, contact our Data Protection Officer:

Information Regulator (South Africa):
If you're not satisfied with our response, you may contact:
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg