Privacy Policy

1. Introduction

MyRandWise ("we," "us," or "our") respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African laws.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and mobile applications.

2. Information We Collect

We collect the following types of information:

2.1 Personal Information

• Name, email address, and phone number (provided during registration);
• Date of birth and gender (optional, for personalised content);
• Profile picture (optional);
• Device information and IP address;
• Payment information (processed securely by our payment providers — we do not store full card details).

What we do NOT collect: We do not collect your ID number, physical address, marital status, race, religion, or biometric data. We do not collect sensitive personal information as defined under POPIA.

2.2 Financial Information

• Bank account transaction data (accessed via read-only aggregation);
• Transaction categories, amounts, dates, and descriptions;
• Budget and savings goal data entered by you;
• Manual transaction entries.

Important: We use read-only access to your bank accounts. We cannot and do not initiate payments, transfers, or any financial transactions on your behalf.

2.3 Usage Information

• App usage statistics and feature interactions;
• Crash reports and diagnostic data;
• Preferences and settings.

3. How We Use Your Information

We use your personal information for the following purposes:

• To provide and maintain our Services (budget tracking, savings goals, reports);
• To personalise your experience and provide relevant financial literacy content;
• To process subscription payments and manage your account;
• To communicate with you regarding updates, security alerts, and support;
• To improve our Services through analytics and user feedback;
• To comply with legal obligations and protect our rights;
• To detect and prevent fraud, abuse, or security incidents.

4. Legal Basis for Processing (POPIA)

Under POPIA, we process personal information based on:

• Consent: You consent to our collection and use when you create an account and accept this Policy;
• Contractual necessity: Processing necessary to provide the Services you requested;
• Legitimate interest: Improving our Services and ensuring security;
• Legal obligation: Compliance with South African tax, consumer protection, and regulatory requirements.

5. How We Protect Your Information

We implement appropriate technical and organisational measures to protect your personal information:

• Encryption: All data transmitted between your device and our servers uses TLS 1.3 encryption. Sensitive data at rest is encrypted using AES-256;
• Access controls: Strict role-based access controls limit who can access your data internally;
• Secure infrastructure: Our servers are hosted with ISO 27001 certified cloud providers;
• Regular audits: We conduct security assessments and vulnerability testing;
• POPIA compliance: We have appointed an Information Officer and maintain a data protection programme.

6. Sharing Your Information

We do not sell your personal information. We only share data in the following circumstances:

• Service providers: Yodlee (bank aggregation), payment processors, cloud hosting providers, and analytics services — all bound by strict confidentiality agreements;
• Legal requirements: When required by law, court order, or regulatory authority;
• Business transfers: In the event of a merger, acquisition, or asset sale, with notice to you;
• With your consent: When you explicitly authorise sharing.

7. Your Rights Under POPIA

As a data subject in South Africa, you have the following rights:

• Right to access: Request a copy of the personal information we hold about you;
• Right to correction: Request that we correct inaccurate or incomplete information;
• Right to deletion: Request deletion of your personal information, subject to legal retention requirements;
• Right to object: Object to processing for direct marketing or legitimate interest purposes;
• Right to withdraw consent: Withdraw consent at any time (may affect Service availability);
• Right to complain: Lodge a complaint with the Information Regulator of South Africa.

To exercise these rights, email us at privacy@myrandwise.co.za.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide Services. Upon account deletion, we will delete or anonymise your data within 90 days, except where retention is required by law (e.g., tax records).

9. Cookies & Tracking

We use cookies and similar technologies to:

• Authenticate users and maintain sessions;
• Remember preferences and settings;
• Analyse usage patterns to improve our Services;
• Deliver relevant content (not third-party advertising).

You can manage cookie preferences through your browser settings.

10. Cross-Border Data Transfers

Some of our service providers (e.g., Yodlee, cloud hosting) may process data outside South Africa. We ensure such transfers are protected by adequate safeguards, including standard contractual clauses and data processing agreements that meet POPIA requirements.

11. Children's Privacy

Our Services are not intended for children under 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or in-app notification. The "Last Updated" date at the top indicates the most recent revision.

13. Contact Us

For privacy-related inquiries, data subject requests, or POPIA concerns:

Email: hello@myrandwise.co.za
Information Officer: hello@myrandwise.co.za
Website: www.myrandwise.co.za

You also have the right to complain to the South African Information Regulator:
Website: www.justice.gov.za/inforeg