Spindle Logo
Spindle Logo
Platform
Product Support
Technology
Profile
Contact Us

POPIA Policy

Last updated: September 2025

Popia Agreement

1. Introduction

Spindle Ltd (“Spindle”, “we”, “our”, “us”) is committed to protecting the personal information of our customers, partners, and stakeholders. This policy explains how we collect, use, store, and protect personal information in line with the Protection of Personal Information Act, 4 of 2013 (POPIA).

By engaging with our services, you agree to the practices described in this policy.

2. Definitions

We may process the following categories of personal information:

  • Identity and contact information (e.g., name, email address, phone number, company details).
  • Account information (e.g., login details, preferences, subscription data).
  • Service and usage data (e.g., product usage, support interactions, transaction history).
  • Regulatory and compliance data (as required by applicable laws).

3. Purpose of Processing

We process personal information lawfully and only where necessary for:

  • Delivering and supporting our products and services.
  • Managing contracts, accounts, and billing.
  • Providing customer service and technical support.
  • Enhancing platform security and preventing fraud.
  • Meeting legal, regulatory, and compliance obligations.
  • Improving our services and developing new features.

4. Lawful Basis for Processing

We rely on the following lawful bases under POPIA:

  • Consent - when you provide explicit permission (e.g., opting in to communications).
  • Contractual necessity - where processing is required to provide our services.
  • Legal obligation - where we must comply with laws or regulations.
  • Legitimate interests - for improving services, ensuring security, and protecting business operations.

5. Sharing and Disclosure

We may share personal information with:

  • Authorised service providers and technology partners who process data on our behalf under strict confidentiality agreements.
  • Regulators or authorities, where required by law.
  • Third parties, if part of a merger, acquisition, or business transfer (with safeguards in place).

Cross-border transfers are conducted in line with POPIA requirements, using secure data centres and appropriate agreements.

6. Security of Information

We implement technical, organisational, and administrative measures aligned with international best practices (including ISO 27001, SOC 2, and GDPR standards) to protect personal information against loss, misuse, or unauthorised access.

7. Retention of Information

Personal information is retained only for as long as necessary to fulfil the purposes outlined in this policy or as required by law. After this period, information is securely deleted or anonymised.

8. Your Rights under POPIA

As a data subject, you have the right to:

  • Request access to your personal information.
  • Request correction or deletion of your information.
  • Object to the processing of your information.
  • Lodge a complaint with the Information Regulator of South Africa.

To exercise your rights, please contact us at info@spindle-platform.com

9. Updates to this Policy

We may update this policy from time to time. When changes are made, the “Last updated” date at the top of this page will be revised.

10. Contact Us

If you have any questions about this POPIA Policy or how we handle personal information, please contact: