ClientConnect Logo ClientConnect AI

POPIA Compliance

Our commitment to South Africa's Protection of Personal Information Act

Last updated: February 27, 2026

Our POPIA Compliance Commitment

ClientConnect AI is fully committed to complying with the Protection of Personal Information Act (POPIA) and protecting the personal information of all South African data subjects.

ClientConnect AI is operated by NOU BOU INDUSTRIES (Pty) Ltd (2024/828032/07).

1. What is POPIA?

The Protection of Personal Information Act (Act 4 of 2013), commonly known as POPIA, is South Africa's comprehensive data protection legislation. It regulates how personal information must be processed, stored, and protected by organizations operating in South Africa.

2. POPIA Principles We Follow

Purpose Specification

We process personal information only for specific, lawful purposes related to accounting and business management.

Processing Limitation

Personal information is processed lawfully, fairly, and transparently with appropriate consent.

Data Minimisation

We collect only the minimum personal information necessary for our accounting services.

Information Quality

We ensure personal information is complete, accurate, not misleading, and updated where necessary.

Security Safeguards

Robust technical and organizational measures protect against unauthorized access, loss, or damage.

Data Subject Participation

We respect your rights to access, correct, and delete your personal information.

3. Your POPIA Rights

Under POPIA, you have the following rights regarding your personal information:

Right to be Notified

You have the right to be notified that your personal information is being collected and how it will be used.

Right of Access

You can request confirmation of whether we hold your personal information and access to that information.

Right of Correction

You can request that we correct or delete personal information that is inaccurate or incomplete.

Right of Objection

You can object to the processing of your personal information in certain circumstances.

4. Lawful Basis for Processing

We process personal information based on the following lawful grounds:

  • Consent: You have given clear consent for processing for specific purposes
  • Contract: Processing is necessary for the performance of our service contract
  • Legal Obligation: Processing is necessary to comply with South African tax and business laws
  • Legitimate Interest: Processing is necessary for our legitimate business interests (e.g., fraud prevention, system security)

5. Data Security Measures

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

  • • End-to-end encryption
  • • Secure cloud data storage in South Africa
  • • Regular security updates
  • • Access controls and authentication
  • • Automated backup systems

Organizational Safeguards

  • • Staff training on data protection
  • • Data handling procedures
  • • Regular security audits
  • • Incident response protocols
  • • Vendor security assessments

6. Data Transfers

6.1 Cloud Hosting and Data Location

ClientConnect AI is a cloud-based platform. Customer data is processed and stored on secure infrastructure hosted in South Africa, with encryption in transit and at rest, access controls, and monitoring safeguards.

6.2 Cross-Border Processing

Where any supporting sub-processor performs limited processing outside South Africa, we apply appropriate contractual and security safeguards to remain POPIA-compliant.

7. Data Retention

We retain personal information only for as long as necessary to:

  • • Provide our accounting services
  • • Comply with legal and regulatory requirements (including 7-year tax record retention)
  • • Resolve disputes and enforce agreements
  • • Improve our AI models and services (using anonymized data only)

8. Data Breach Response

In the unlikely event of a data breach, we will:

  • • Notify the Information Regulator and affected data subjects as soon as reasonably possible where notification is required by law
  • • Inform affected individuals without undue delay
  • • Take immediate steps to contain and remedy the breach
  • • Provide ongoing updates on our investigation and remediation efforts

9. Children's Information

ClientConnect AI does not knowingly collect personal information from children under 18 years of age. Our services are designed for business use by adults. If we discover we have collected information from a child, we will delete it immediately.

10. Information Officer

Contact Our Information Officer

For POPIA-related inquiries, to exercise your rights, or to lodge a complaint:

Information Officer: POPIA Compliance Officer

Email: info@clientconnectai.co.za

Phone: 081 615 4542

Address: ClientConnect AI, Gauteng, South Africa

Response Time: We will respond to POPIA requests within 30 days as required by law.

11. Complaints and Enforcement

If you believe we have not complied with POPIA, you can:

  • • Contact our Information Officer directly
  • • Lodge a complaint with the Information Regulator of South Africa
  • • Seek legal remedies through the courts

Information Regulator South Africa

Website: www.justice.gov.za/inforeg

Email: inforeg@justice.gov.za

12. Updates to POPIA Compliance

We regularly review and update our POPIA compliance measures to ensure continued adherence to the law and best practices. Any material changes will be communicated through our usual channels.