Keizen LogoKeizen

Legal

Privacy Policy

Last updated: January 2025

1. Introduction

Keizen (“we,” “our,” or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our accounting automation platform and services.

This policy complies with the Protection of Personal Information Act (POPIA) of South Africa, the European Union's General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

2. Information We Collect

2.1 Personal Information

  • Name, email address, phone number, and business details
  • Payment and billing information
  • Tax identification numbers and financial data
  • Communication preferences and correspondence

2.2 Automatically Collected Information

  • IP address, browser type, and device information
  • Usage data, including pages visited and features used
  • Cookies and similar tracking technologies

2.3 Financial Data

We process financial information including invoices, expenses, payroll data, and bank transaction details necessary to provide our accounting services.

3. How We Use Your Information

  • To provide, maintain, and improve our accounting services
  • To process transactions and manage your account
  • To comply with legal obligations including SARS reporting
  • To communicate with you about services, updates, and support
  • To detect, prevent, and address fraud and security issues
  • To analyze usage patterns and improve user experience
  • To send marketing communications (with your consent)

4. Legal Basis for Processing (GDPR)

For users in the European Union, we process your data based on:

  • Contract Performance: Processing necessary to fulfill our service agreement
  • Legal Obligation: Compliance with tax and financial regulations
  • Legitimate Interest: Fraud prevention, security, and service improvement
  • Consent: Marketing communications and optional features

5. Data Sharing and Disclosure

We may share your information with:

  • Service Providers: Cloud hosting, payment processors, and analytics services
  • Government Authorities: SARS and other regulatory bodies as required by law
  • Business Partners: Banking and financial institutions for transaction processing
  • Legal Requirements: When required by law or to protect our rights

We do not sell your personal information to third parties.

6. Data Security

We implement industry-standard security measures including:

  • 256-bit SSL/TLS encryption for data transmission
  • AES-256 encryption for data at rest
  • Multi-factor authentication and access controls
  • Regular security audits and penetration testing
  • Employee training on data protection practices

7. Your Rights

7.1 South African Users (POPIA)

  • Right to access your personal information
  • Right to correct or update inaccurate data
  • Right to object to processing
  • Right to request deletion (subject to legal retention requirements)
  • Right to lodge a complaint with the Information Regulator

7.2 EU Users (GDPR)

  • Right to data portability
  • Right to restrict processing
  • Right to withdraw consent
  • Right to lodge a complaint with your supervisory authority

7.3 California Users (CCPA/CPRA)

  • Right to know what personal information is collected
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell your data)
  • Right to non-discrimination for exercising your rights

8. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations (minimum 5 years for financial records in South Africa)
  • Resolve disputes and enforce our agreements

9. International Data Transfers

Your data may be transferred to and processed in countries outside South Africa. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for EU data transfers and compliance with applicable cross-border data transfer regulations.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our platform.

12. Contact Us

For privacy-related inquiries or to exercise your rights, contact us at: