Privacy Notice

Full name, email address, and contact number — collected when you register for access or submit a request to use the platform.

Organisation name, department, and job role — used to assign appropriate access permissions and to scope your data within your organisation.

Budget entries, expense submissions, and purchase approvals that you create or modify while using the platform. This data belongs to your organisation.

Log entries and session data generated automatically during your use of the platform, used for security monitoring and troubleshooting.

To verify your identity, create your platform account, and authenticate your login.
Basis: Necessary for the performance of a contract (your access agreement).

To provide the budgeting, expense tracking, and purchase approval features of the platform.
Basis: Necessary for the performance of a contract.

To send you workflow notifications such as approval requests, status updates, and account notices.
Basis: Legitimate interest and/or consent.

To protect the platform, detect fraud or unauthorised access, and comply with legal obligations.
Basis: Legal obligation and legitimate interest.

Your name, role, and activity within Yaba Net is visible to authorised administrators and managers within your own organisation, as required by the service.

We may use third-party providers for infrastructure (hosting, email delivery) who process personal information on our behalf under binding data processing agreements.

We may disclose your information if required by law, court order, or a request by a competent regulatory authority.

Your personal information is retained for as long as you hold an active account on the platform and your organisation remains a subscriber.

Following account closure, personal information is retained for a maximum of 5 years to comply with financial record-keeping legal requirements, and then securely deleted.

System audit and access logs are retained for 3 years for security and compliance purposes, then permanently deleted.

All communication between your browser and our servers is encrypted using TLS (HTTPS).

Passwords are hashed using industry-standard algorithms. Sensitive tokens are encrypted at rest.

Access to personal information is restricted to authorised personnel on a strict need-to-know basis.

Data is backed up regularly to prevent loss. Backups are stored securely and access-controlled.

You have the right to request a record or description of the personal information we hold about you, free of charge (subject to reasonable limitations).

You may request that we correct inaccurate, incomplete, or outdated personal information held about you.

You may request that we destroy or delete your personal information where we are no longer legally required to retain it.

You may object to the processing of your personal information on reasonable grounds, including for direct marketing purposes.

If you believe we have not handled your personal information in accordance with POPIA, you have the right to lodge a complaint with the Information Regulator of South Africa (IRSA).

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.