ContractPulse, operated by Resolve4X (Pty) Ltd ("we", "us", or "our"), is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) of South Africa. This notice explains how we collect, use, and safeguard your personal information.

1. Responsible Party

Resolve4X (Pty) Ltd is the responsible party as defined under POPIA.

Company: Resolve4X (Pty) Ltd
Address: WeWork, The Link, 173 Oxford Road, Rosebank, Johannesburg, 2196
Information Officer Email: privacy@contractpulseapp.com

2. What Personal Information We Collect

We collect the following categories of personal information:

Identity information: Full name, job title, and company name provided during registration.
Contact information: Email address and phone number.
Account information: Encrypted passwords and authentication tokens.
Usage data: How you interact with the platform, including pages visited, features used, and session duration.
Contract data: Project details, contract references, notices, events, and related documents you upload or create.
Billing information: Subscription plan, payment history, and transaction references (we do not store credit card numbers directly).

3. Purpose of Processing

We process your personal information for the following purposes:

Providing and maintaining the ContractPulse platform
Managing your account and subscription
Sending contract deadline alerts, notifications, and service communications
Processing payments through our payment partner (PayFast)
Improving our platform and developing new features
Complying with legal obligations
Preventing fraud and ensuring the security of the platform

4. Legal Basis for Processing

We process your personal information based on the following lawful grounds under POPIA:

Consent: You consent to processing when you create an account and accept our Terms of Service.
Contract: Processing is necessary to fulfil our contractual obligations to you.
Legitimate interest: We have a legitimate interest in improving our services and preventing fraud.
Legal obligation: We may process data to comply with applicable laws.

5. How We Store and Protect Your Data

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Authentication is handled through Supabase with secure session management and optional multi-factor authentication (MFA).
Access to production data is restricted to authorised personnel only.
We conduct regular security reviews of our infrastructure and code.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. If you close your account, we will delete or anonymise your personal information within 90 days, unless retention is required by law or for legitimate business purposes (such as resolving disputes or enforcing our agreements).

7. Third-Party Sharing

We do not sell your personal information. We share data only with:

Payment processors: PayFast, for processing subscription payments.
Infrastructure providers: Vercel (hosting) and Supabase (database and authentication), which process data on our behalf under strict data processing agreements.
Email service providers: For sending transactional emails such as deadline alerts and account notifications.

8. Your Rights Under POPIA

As a data subject, you have the right to:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete personal information.
Deletion: Request deletion of your personal information, subject to legal retention requirements.
Objection: Object to the processing of your personal information on reasonable grounds.
Restriction: Request that we restrict processing in certain circumstances.
Data portability: Request your data in a structured, commonly used format.
Withdraw consent: Withdraw your consent at any time (this does not affect the lawfulness of processing before withdrawal).

To exercise any of these rights, please contact our Information Officer at privacy@contractpulseapp.com. We will respond within 30 days as required by POPIA.

9. Complaints

If you believe your personal information has been processed in violation of POPIA, you have the right to lodge a complaint with:

Our Information Officer: privacy@contractpulseapp.com
The Information Regulator (South Africa): inforegulator.org.za

10. Changes to This Notice

We may update this POPIA notice from time to time. Material changes will be communicated via email or a prominent notice on our platform. Your continued use of ContractPulse after changes are posted constitutes your acceptance of the updated notice.

1. Responsible Party

Resolve4X (Pty) Ltd is the responsible party as defined under POPIA.

Company: Resolve4X (Pty) Ltd
Address: WeWork, The Link, 173 Oxford Road, Rosebank, Johannesburg, 2196
Information Officer Email: privacy@contractpulseapp.com

2. What Personal Information We Collect

We collect the following categories of personal information:

Identity information: Full name, job title, and company name provided during registration.
Contact information: Email address and phone number.
Account information: Encrypted passwords and authentication tokens.
Usage data: How you interact with the platform, including pages visited, features used, and session duration.
Contract data: Project details, contract references, notices, events, and related documents you upload or create.
Billing information: Subscription plan, payment history, and transaction references (we do not store credit card numbers directly).

3. Purpose of Processing

We process your personal information for the following purposes:

Providing and maintaining the ContractPulse platform
Managing your account and subscription
Sending contract deadline alerts, notifications, and service communications
Processing payments through our payment partner (PayFast)
Improving our platform and developing new features
Complying with legal obligations
Preventing fraud and ensuring the security of the platform

4. Legal Basis for Processing

We process your personal information based on the following lawful grounds under POPIA:

Consent: You consent to processing when you create an account and accept our Terms of Service.
Contract: Processing is necessary to fulfil our contractual obligations to you.
Legitimate interest: We have a legitimate interest in improving our services and preventing fraud.
Legal obligation: We may process data to comply with applicable laws.

5. How We Store and Protect Your Data

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Authentication is handled through Supabase with secure session management and optional multi-factor authentication (MFA).
Access to production data is restricted to authorised personnel only.
We conduct regular security reviews of our infrastructure and code.

6. Data Retention

7. Third-Party Sharing

We do not sell your personal information. We share data only with:

Payment processors: PayFast, for processing subscription payments.
Infrastructure providers: Vercel (hosting) and Supabase (database and authentication), which process data on our behalf under strict data processing agreements.
Email service providers: For sending transactional emails such as deadline alerts and account notifications.

8. Your Rights Under POPIA

As a data subject, you have the right to:

Access: Request a copy of the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete personal information.
Deletion: Request deletion of your personal information, subject to legal retention requirements.
Objection: Object to the processing of your personal information on reasonable grounds.
Restriction: Request that we restrict processing in certain circumstances.
Data portability: Request your data in a structured, commonly used format.
Withdraw consent: Withdraw your consent at any time (this does not affect the lawfulness of processing before withdrawal).

To exercise any of these rights, please contact our Information Officer at privacy@contractpulseapp.com. We will respond within 30 days as required by POPIA.

9. Complaints

If you believe your personal information has been processed in violation of POPIA, you have the right to lodge a complaint with:

Our Information Officer: privacy@contractpulseapp.com
The Information Regulator (South Africa): inforegulator.org.za

POPIA Compliance Notice

1. Responsible Party

2. What Personal Information We Collect

3. Purpose of Processing

4. Legal Basis for Processing

5. How We Store and Protect Your Data

6. Data Retention

7. Third-Party Sharing

8. Your Rights Under POPIA

9. Complaints

10. Changes to This Notice

POPIA Compliance Notice

1. Responsible Party

2. What Personal Information We Collect

3. Purpose of Processing

4. Legal Basis for Processing

5. How We Store and Protect Your Data

6. Data Retention

7. Third-Party Sharing

8. Your Rights Under POPIA

9. Complaints

10. Changes to This Notice