Privacy Policy

About this policy

This Privacy Policy describes how Kinto Global (Pty) Ltd ("Kinto Global", "we", "us") collects, uses, stores, and protects personal information when you access the Kinto Global website or use the Kinto Global platform.

This policy is governed by the Protection of Personal Information Act, No. 4 of 2013 ("POPIA") of the Republic of South Africa. By using our services, you acknowledge that your personal information will be processed in accordance with this policy.

Last updated: April 2026.

Information we collect

Account information: name, email address, job title, and organisation name provided during sign-up or onboarding.

Usage information: session activity, feature interactions, page views, and diagnostic workflow events that help us operate and improve the platform.

Diagnostic inputs: operational data, question responses, metric values, and findings that you or your team enter into the platform as part of a workspace engagement.

Report outputs: generated documents, roadmap data, and scoring outputs created through the platform.

Payment information: billing details processed by our payment processor, Paddle. Kinto Global does not store raw card data.

Support communications: email or in-app messages sent to our support team.

How we use your information

Service delivery: to authenticate users, maintain workspaces, run diagnostics, generate reports, and provide all core platform features.

Product improvement: to understand how the platform is used, diagnose technical issues, and develop new features. Usage data is analysed in aggregate.

Billing and account management: to process subscriptions, manage credits, and send transactional communications (receipts, expiry notices).

Support: to respond to queries, resolve issues, and fulfill data subject requests.

We do not sell, rent, or trade your personal information to third parties for their own commercial purposes.

Data storage and security

Your data is stored on enterprise-grade cloud infrastructure. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

Access to production data is restricted to authorised personnel and is governed by role-based access controls.

We use the following third-party processors who may process personal data on our behalf:

Supabase, Inc. — database hosting and authentication infrastructure.

Paddle.com Market Limited — subscription billing and payment processing.

We conduct periodic reviews of our security practices and require sub-processors to maintain appropriate technical and organisational safeguards.

Data retention

Active accounts: your data is retained for as long as your account remains active and your subscription is in good standing.

Cancelled accounts: upon account cancellation or subscription expiry, your data is retained for a maximum of 30 days to allow for re-activation or data export, after which it is permanently deleted from our systems.

We may retain anonymised, aggregated, or statistical data derived from your usage for a longer period for product analytics purposes.

Certain records (e.g. billing history) may be retained for longer periods where required by applicable law.

Your rights under POPIA

As a data subject under POPIA, you have the following rights:

Right of access: you may request a copy of the personal information we hold about you.

Right to correction: you may request correction of inaccurate, incomplete, or misleading information.

Right to deletion: you may request deletion of your personal information, subject to our legal obligations and legitimate operational requirements.

Right to object: you may object to the processing of your personal information in certain circumstances.

Right to lodge a complaint: you may lodge a complaint with the Information Regulator of South Africa if you believe we have processed your personal information unlawfully.

To exercise any of these rights, contact us at hello@kintoglobal.co.za with the subject line "Data Subject Request".

Cookies and tracking

We use functional cookies to maintain session state and keep you signed in. We do not use third-party advertising or tracking cookies.

Analytics events (page views, feature usage) may be collected to help us understand platform performance. These events are not linked to third-party advertising networks.

Governing law and contact

This policy is governed by the laws of the Republic of South Africa, including the Protection of Personal Information Act No. 4 of 2013.

For data inquiries, privacy concerns, or to exercise your rights under POPIA, contact: hello@kintoglobal.co.za.

Kinto Global (Pty) Ltd, Cape Town, South Africa.