Compliance Grid ("we", "us", or "our") respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act (POPIA) and the General Data Protection Regulation (GDPR).

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit or use our platform at https://www.compliancegrid.co.za ("Platform").

1. Who We Are

Compliance Grid is a secure, web-based platform that enables individuals and organizations to manage regulatory compliance, documentation, and digital workflows.

Responsible Party: Compliance Grid (Pty) Ltd
Physical Address: 1039 Clifton Ave, Lyttelton Manor, Centurion, 0157, South Africa
Email: info@compliancegrid.co.za

2. What Information We Collect

We collect and process the following categories of information:

a. Personal Information

• Full name
• Email address
• Mobile number
• Identity number (where applicable)
• Company name and registration number

b. Account & Usage Information

• Username and login details
• IP address and device/browser information
• Date/time of logins and usage activity
• Documents uploaded to the platform
• Communication preferences

c. Payment & Billing Information

• Billing address
• Payment method (processed via third-party gateway)
• Invoice records

3. How We Collect Information

We collect your personal information:

• When you create an account
• When you use our services
• When you contact us via email or support
• Through cookies and usage tracking tools
• When integrating third-party tools (with your consent)

4. Why We Process Your Information

We use your information to:

• Provide and maintain our services
• Register and manage your user account
• Authenticate access to the platform
• Process payments and manage billing
• Respond to inquiries and provide support
• Comply with legal and regulatory obligations
• Improve and secure our services

5. Legal Basis for Processing

Under POPIA, processing is justified where:

• You consented
• Processing is necessary for the performance of a contract
• Processing complies with legal obligations
• Processing protects a legitimate interest

Under GDPR, our legal basis may include:

• Your consent (Article 6(1)(a))
• Performance of a contract (Article 6(1)(b))
• Legal obligations (Article 6(1)(c))
• Legitimate interests (Article 6(1)(f))

6. Sharing of Information

We do not sell or rent your data. Your personal information may be shared with:

• Our employees and authorized contractors (on a need-to-know basis)
• Third-party service providers who assist with:
  • Hosting and storage
  • Payment processing
  • Email communication
  • Analytics tools
• Regulatory authorities when required by law

All third parties are bound by confidentiality and data protection agreements.

7. Data Retention

We retain your personal data only as long as necessary for:

• The purpose for which it was collected
• Compliance with legal or contractual obligations
• Resolving disputes or enforcing agreements

After this period, we securely delete or anonymize your data.

8. Your Rights

Under POPIA (South Africa), you have the right to:

• Access your personal information
• Request correction or deletion
• Object to processing
• Lodge a complaint with the Information Regulator

Under GDPR (EU/UK), you may also:

• Request data portability
• Restrict processing
• Withdraw consent at any time
• Lodge a complaint with your Data Protection Authority

9. Cookies and Tracking

We use cookies and similar technologies to:

• Remember your login
• Analyze usage patterns
• Improve user experience

You can control cookie preferences through your browser settings. Disabling cookies may limit functionality.

10. Data Security

We implement industry-standard safeguards to protect your personal data, including:

• SSL encryption
• Access controls
• Data backups
• Role-based user permissions
• Monitoring and alerting for suspicious activity

11. Children's Privacy

Our platform is not intended for children under the age of 18. We do not knowingly collect personal information from minors without parental consent.

12. Updates to This Policy

We may update this policy from time to time. The latest version will always be posted on the Platform. We will notify you of material changes by email or notification.

13. Contact Us

If you have questions or want to exercise your rights under POPIA or GDPR, please contact:

Compliance Grid
Email: info@compliancegrid.co.za
Address: 1039 Clifton Ave, Lyttelton Manor, Centurion, 0157