Legal

Privacy Policy.

This policy explains how Complio collects, uses, shares and protects personal information when you use our platform, our website and our related services. It is written to comply with the Protection of Personal Information Act, 2013 (POPIA) and to reflect our day-to-day practices as a South African SaaS provider.

Last updated: 20 May 2026

1. Who we are

Complio is operated by Complio (Pty) Ltd, a company incorporated in South Africa (referred to in this policy as “Complio”, “we”, “us” or “our”). We provide a software-as-a-service platform that helps companies, trusts and their advisors manage CIPC filings, company-secretarial records, beneficial ownership, FICA, contracts, audits and related compliance work.

For the purposes of POPIA:

  • When we process personal information about our own users and customers (for example to provide accounts, support and billing), Complio is the responsible party.
  • When our customers upload information about their own clients, employees, directors, shareholders or other third parties into the platform, our customers are the responsible parties for that information, and Complio acts as an operator processing it on their instructions.

Our Information Officer is Fayyad Warley. You can contact our Information Officer at privacy@complio.co.za.

2. Purpose and scope

This policy applies to:

  • visitors to our website;
  • people who sign up for, log into or use the Complio platform;
  • individuals whose personal information is uploaded to or processed through the platform by our customers; and
  • people who contact us for support, sales or other business reasons.

3. Personal information we collect

We collect the following categories of personal information:

3.1 Account and profile information

  • Name, email address, phone number, role and password (hashed).
  • Authentication information, multi-factor authentication settings and session metadata.

3.2 Company and customer information

  • Registered company details, registration numbers, addresses, VAT numbers and similar identifiers for organisations that use Complio.
  • Billing contact information and, where applicable, banking or payment-card details (processed through a third-party payment processor).

3.3 Client data uploaded by users

  • Information about your own clients, employees, directors, shareholders, beneficial owners, trustees and related parties that you upload, enter or generate inside the platform.
  • Identity documents, proof of address, FICA documentation, share registers, resolutions, contracts and other compliance documents.

3.4 Usage and product data

  • Actions taken in the platform, features used, pages viewed, filings generated and audit-trail events.
  • Performance and reliability data, including error reports and diagnostic information.

3.5 Support communications

  • Emails, WhatsApp messages, chat transcripts and other correspondence you send to us, including attachments.

3.6 Technical data

  • IP address, device and browser type, operating system, time zone, referring URLs and cookie identifiers.

We do not deliberately collect special personal information (such as health, religious belief or biometric data). Where such information is contained in documents you upload, we process it only as an operator on your instructions.

4. How we collect personal information

  • Directly from you, when you create an account, configure your workspace, upload documents, complete forms or contact us.
  • Automatically, through your use of the platform and website, including via cookies and similar technologies.
  • From integrations, where you connect Complio to other services (for example identity verification providers or document sources).
  • From third parties, such as public registers (for example CIPC), credit bureaus or other lawful sources, where you instruct us to retrieve or verify information.

5. Why we process personal information

We use personal information to:

  • provide, operate and maintain the Complio platform;
  • create and manage user accounts, workspaces and access permissions;
  • prepare filings, registers, resolutions, reports and other outputs you request through the platform;
  • provide customer support, training and onboarding;
  • manage billing, invoicing, collections and our financial records;
  • improve, secure and develop the platform, including diagnosing issues and analysing usage trends;
  • detect, prevent and respond to fraud, abuse and security incidents;
  • comply with our legal, regulatory and contractual obligations; and
  • communicate with you about your account, service changes and, where you have agreed, product updates and marketing.

We only process personal information where one or more of the following lawful bases under section 11 of POPIA applies:

  • Consent — for example when you opt in to non-essential cookies or marketing communications.
  • Performance of a contract — to provide the Complio service you have signed up for and to fulfil our terms of service.
  • Legal obligation — to comply with tax, accounting, anti-money-laundering and other applicable laws.
  • Legitimate interests — to secure our platform, prevent abuse, improve our services and run our business, provided these interests are not overridden by your rights.
  • Customer instructions — where our customer is the responsible party, we process personal information on their documented instructions as an operator.

7. Customer and user-uploaded data

Complio is designed for organisations to manage personal information about other people — clients, employees, directors, shareholders, beneficial owners and other related parties.

If you are a customer using Complio to process information about third parties, you remain the responsible party for that information. This means you are responsible for:

  • having a lawful basis to collect and upload that personal information;
  • ensuring the information is accurate, complete and up to date;
  • providing the required privacy notices to your own data subjects; and
  • responding to requests from your data subjects to access, correct or delete their information.

Complio will process this information only to provide the service to you, in accordance with our contract with you and applicable law. We will assist you, on reasonable request, in responding to data-subject requests and regulatory enquiries.

8. Sharing with third parties

We do not sell personal information. We share it only with trusted third parties who help us run our business, and only to the extent necessary. These include:

  • Hosting and cloud infrastructure providers that run the platform and store data;
  • Analytics and product-telemetry providers that help us understand how the platform is used and improve it;
  • Payment processors that handle subscription billing and invoicing;
  • Customer support, email and communications tools that help us respond to enquiries;
  • Error-monitoring and security providers that help us detect bugs, outages and threats;
  • Professional advisors, such as lawyers, accountants and auditors, where reasonably necessary; and
  • Regulators, courts or law-enforcement agencies, where we are legally required to share information.

All third-party service providers are required to keep personal information confidential, use it only for the purposes we have agreed, and apply appropriate security safeguards.

9. Cross-border data transfers

Complio primarily stores and processes personal information on infrastructure located in South Africa.

Some of our sub-processors (for example certain analytics, error-monitoring, email or support tools) may process limited personal information outside South Africa. Where this happens, we rely on the safeguards permitted under section 72 of POPIA, including:

  • recipients being subject to laws, binding corporate rules or binding agreements that provide an adequate level of protection; or
  • the transfer being necessary for the performance of a contract with you, or with your consent.

10. How we protect personal information

We take the security of personal information seriously and apply reasonable technical and organisational measures, including:

  • encryption of data in transit using modern TLS, and encryption at rest for stored data and backups where applicable;
  • role-based access controls, least-privilege principles and multi-factor authentication for administrative access;
  • secure cloud hosting with hardened network configurations;
  • regular automated backups and tested recovery procedures;
  • continuous logging, monitoring and alerting on security and integrity events;
  • internal policies, training and confidentiality undertakings for staff and contractors; and
  • vendor due diligence and contractual safeguards with our sub-processors.

No system is completely secure. If you believe your account has been compromised, please contact us immediately at security@complio.co.za.

11. How long we keep information

We keep personal information only for as long as is necessary for the purposes set out in this policy, including:

  • for the duration of your account and customer relationship with Complio;
  • for any additional period required by law (for example tax, accounting or anti-money-laundering rules); and
  • for a reasonable period afterwards to resolve disputes, enforce our agreements and maintain business records.

Where personal information is no longer required, we will delete, destroy or anonymise it in line with our retention practices. Customers can also request deletion of their workspace data in line with our terms.

12. Your rights under POPIA

Subject to applicable law, you have the right to:

  • access the personal information we hold about you;
  • correct or update information that is inaccurate, misleading or out of date;
  • request deletion of personal information that we are no longer entitled to keep;
  • object to processing on reasonable grounds, including for direct marketing;
  • withdraw consent at any time, where processing is based on consent (without affecting prior lawful processing);
  • request a copy of your data in a structured, commonly used format, where technically feasible; and
  • lodge a complaint with the Information Regulator.

To exercise these rights, please contact us at privacy@complio.co.za. We may need to verify your identity before responding. If your request relates to data uploaded by one of our customers, we will refer you to that customer as the responsible party.

You can contact the Information Regulator at:

13. Cookies and tracking technologies

We use cookies and similar technologies on our website and inside the platform to:

  • Essential cookies — keep you logged in, remember your preferences and protect against fraud. These are required for the service to function.
  • Functional cookies — remember settings such as theme, language and recent activity.
  • Analytics cookies — help us understand how visitors use our website and platform so we can improve them.

You can control non-essential cookies through your browser settings. Disabling essential cookies may stop parts of the platform from working correctly.

14. Security breaches

If we become aware of a security compromise involving personal information, we will:

  • investigate and take reasonable steps to contain the incident;
  • notify affected customers and, where required, data subjects, in line with section 22 of POPIA; and
  • notify the Information Regulator where the law requires us to do so.

Where Complio acts as an operator on behalf of a customer, we will notify the relevant customer without undue delay so they can meet their own notification obligations.

15. Children

Complio is a business platform intended for use by companies, trusts and their professional advisors. It is not directed at children, and we do not knowingly collect personal information about children other than incidentally where it is contained in documents uploaded by our customers (for example minors who are beneficiaries of a trust or shareholders of a company). Customers are responsible for ensuring they have the appropriate lawful basis for processing such information.

16. Changes to this policy

We may update this policy from time to time to reflect changes in our platform, our practices or applicable law. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you by email or through a notice in the platform.

17. Contact us

If you have any questions about this policy or how we handle personal information, please contact our Information Officer: