Legal · Policy

Privacy Policy

This Privacy Policy explains how Truterax (operating as TRUTERA X) collects, uses, stores, and protects personal information. It is aligned with South Africa's Protection of Personal Information Act, 2013 ("POPIA") and the EU General Data Protection Regulation ("GDPR").

Last updated: 16 May 2026 Effective date: 16 May 2026 Version: 1.0
Template notice: This document is a starter template based on common POPIA/GDPR requirements. It has not been reviewed by legal counsel. Before going live, have a qualified attorney (in South Africa, ideally one familiar with POPIA & the Information Regulator's guidance) review and tailor it to your specific operations.

1. Who we are

Trutera X (legal name TRUTERA X (PTY) LTD, CIPC registration 2026/379872/07, effective 18 May 2026) is an AI-first engineering studio based at SPACES, 50 Long Street, Cape Town, 8001, South Africa. References to "we", "us", and "our" in this policy mean Trutera X.

We act as the Responsible Party (POPIA) / Data Controller (GDPR) for personal information we collect through our website and during the provision of our services.

2. Information Officer

As required by POPIA Section 55, Trutera X has designated an Information Officer responsible for ensuring compliance with this Act:

  • Name: The sole director of TRUTERA X (PTY) LTD serves as Information Officer ex officio until otherwise appointed
  • Email: privacy@truterax.com
  • Postal address: SPACES, 50 Long Street, Cape Town, 8001

Information Officer registration with the Information Regulator of South Africa is being finalized following CIPC registration. The IO registration reference will be published here once received.

3. What personal information we collect

We collect personal information directly from you and through automated means when you use our website or engage us for services:

3.1 Information you give us

  • Contact information: name, email, company name, phone number
  • Project information: project descriptions, budget ranges, business requirements
  • Communications: emails, meeting notes, support requests

3.2 Information collected automatically

  • Technical data: IP address, browser type, device type, operating system
  • Usage data: pages visited, time on site, referring URL (via privacy-respecting analytics where consented)
  • Cookies & similar: see our Cookie Policy

4. Our lawful basis for processing

PurposePOPIA JustificationGDPR Lawful Basis
Responding to enquiriesNecessary for contract / legitimate interestArt. 6(1)(b) / 6(1)(f)
Delivering our servicesPerformance of contractArt. 6(1)(b)
Compliance / accountingLegal obligationArt. 6(1)(c)
Marketing communicationsConsentArt. 6(1)(a)
Analytics & site improvementConsentArt. 6(1)(a)

5. How we use your information

We use personal information to: respond to enquiries and quote requests; deliver, support, and improve our services; manage our contracts and invoicing; comply with our legal obligations; and (where you consent) send you marketing communications.

We will not sell your personal information or use it for purposes incompatible with those listed above.

6. Who we share your information with

We share personal information only with carefully selected operators (POPIA) / processors (GDPR) under written contracts that protect your rights. Categories include:

  • Hosting & infrastructure: cloud hosting providers (AWS, Cloudflare, etc.)
  • Communications: email delivery (Resend, Postmark or similar)
  • Analytics: privacy-first analytics (e.g., Plausible) — only with consent
  • Payment processors: for invoicing (Stripe, PayFast, or equivalents)
  • Professional advisers: accountants, legal counsel under confidentiality

7. How long we keep your information

We keep personal information only for as long as necessary for the purposes set out above, or as required by law (e.g., SARS retains tax records for 5 years). Typical retention periods:

  • Quote/enquiry records: 24 months from last contact
  • Active client records: duration of engagement + 5 years
  • Marketing list: until you unsubscribe
  • Website analytics: 14 months

8. International transfers

Because we use international cloud and SaaS providers, your information may be transferred outside South Africa or the EEA. Where this happens we ensure adequate protection through Standard Contractual Clauses, adequacy decisions, or equivalent safeguards under POPIA Section 72 / GDPR Chapter V.

9. Your rights

Under POPIA and GDPR, you have the right to:

  • Access the personal information we hold about you
  • Request correction or deletion of inaccurate information
  • Object to processing or withdraw consent
  • Request restriction of processing
  • Data portability (GDPR only)
  • Lodge a complaint with the Information Regulator (SA) or your local supervisory authority

To exercise any of these rights, email privacy@truterax.com. We will respond within 30 days.

10. How we protect your information

We follow security practices aligned with ISO/IEC 27001 principles:

  • Encryption in transit (TLS 1.2+) and at rest where applicable
  • Role-based access controls and the principle of least privilege
  • Regular vulnerability scanning and dependency monitoring
  • Multi-factor authentication on administrative accounts
  • Incident response procedures, including breach notification within 72 hours where legally required

11. Cookies

Our use of cookies and similar tracking technologies is described in our Cookie Policy. You can manage your preferences via the cookie banner shown on first visit.

12. Children

Our services are not directed at children under 18 years of age, and we do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can delete it.

13. Changes to this policy

We may update this policy from time to time. Changes will be posted on this page with an updated "Last updated" date. Material changes will be communicated via email or a prominent notice on our site.

14. Contact us

If you have any questions about this Privacy Policy, please contact us:

You may also contact the Information Regulator (South Africa): inforegulator.org.za