Capsense Logo

Privacy Policy

Effective Date: 29 August 2025
Last Updated: 29 August 2025

1. Introduction

Capsense Ltd ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our employee equity management platform ("Service").

Capsense Ltd is a company registered in England and Wales (Company Number: [To be registered]) with our registered office at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom. We serve customers primarily in South Africa and comply with both UK GDPR and South African Protection of Personal Information Act (POPIA).

2. Information We Collect

2.1 Personal Information

We collect the following types of personal information:

  • Account Information: Name, email address, phone number, job title, company information
  • Employee Data: Employment details, salary information, equity grant details, vesting schedules
  • Identity Documents: ID numbers, passport information (for compliance purposes)
  • Financial Information: Bank account details for payments, tax information
  • Communications: Messages, support requests, survey responses

2.2 Technical Information

  • IP address, browser type, device information
  • Usage data, session information, log files
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

  • Managing employee share option plans (ESOPs)
  • Calculating vesting schedules and equity distributions
  • Generating compliance documents and reports
  • Processing equity exercises and transactions
  • Providing customer support

3.2 Legal Compliance

  • Complying with South African Companies Act Section 97 requirements
  • Meeting CIPC filing obligations
  • Tax reporting and compliance
  • Anti-money laundering (AML) checks

3.3 Business Operations

  • Improving our services and user experience
  • Sending important notifications and updates
  • Marketing communications (with consent)
  • Fraud prevention and security

4. Legal Basis for Processing (GDPR & POPIA)

We process your personal information based on the following legal bases:

  • Contract Performance: To provide our equity management services
  • Legal Obligation: To comply with South African company law and tax requirements
  • Legitimate Interest: To improve our services, prevent fraud, and ensure security
  • Consent: For marketing communications and non-essential cookies

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

  • Cloud hosting providers (Vercel, AWS)
  • Email service providers (Resend)
  • Payment processors
  • Analytics providers

5.2 Legal Requirements

  • South African Revenue Service (SARS) for tax compliance
  • Companies and Intellectual Property Commission (CIPC)
  • Law enforcement when legally required
  • Court orders and legal proceedings

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

  • Encryption in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Employee training on data protection
  • Incident response procedures

7. International Data Transfers

Your data may be processed in countries outside South Africa and the European Economic Area, including the United States (via our cloud providers). We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where available
  • Binding Corporate Rules
  • Data Processing Agreements with third parties

8. Your Rights

Under GDPR and POPIA, you have the following rights:

8.1 Access and Portability

  • Request access to your personal information
  • Receive a copy of your data in a portable format

8.2 Correction and Deletion

  • Correct inaccurate or incomplete information
  • Request deletion of your personal information (subject to legal obligations)

8.3 Processing Restrictions

  • Object to processing based on legitimate interest
  • Restrict processing in certain circumstances
  • Withdraw consent where applicable

To exercise your rights, contact us at privacy@capsense.co.za. We will respond within 30 days (GDPR) or 30 days (POPIA) of receiving your request.

9. Data Retention

We retain your personal information for the following periods:

  • Account Data: For the duration of your account plus 7 years for compliance
  • Employee Records: 7 years after employment termination (South African requirement)
  • Financial Records: 5 years for tax purposes
  • Marketing Data: Until consent is withdrawn
  • Technical Logs: 12 months maximum

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for platform functionality
  • Analytics Cookies: To understand usage patterns (with consent)
  • Marketing Cookies: For advertising and retargeting (with consent)

You can control cookie preferences through your browser settings or our cookie banner.

11. Third-Party Services

Our platform integrates with third-party services that have their own privacy policies:

  • Vercel: Hosting and infrastructure
  • Resend: Email delivery
  • Google Analytics: Website analytics
  • Microsoft Clarity: User experience analytics
  • Meta Pixel: Advertising analytics
  • LinkedIn Pixel: Professional network advertising

12. Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authorities within 72 hours and affected individuals without undue delay.

14. Updates to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

15. Supervisory Authorities

You have the right to lodge a complaint with supervisory authorities:

  • UK: Information Commissioner's Office (ICO) - ico.org.uk
  • South Africa: Information Regulator - inforegulator.org.za

16. Contact Information

For any privacy-related questions or to exercise your rights, contact us:

Email: privacy@capsense.co.za

Address: Capsense Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom

Data Protection Officer: dpo@capsense.co.za

17. Specific Provisions for South African Users

In addition to the rights above, South African users have specific rights under POPIA:

  • Right to be notified of data breaches that may cause harm
  • Right to object to direct marketing
  • Right not to be subject to automated decision-making
  • Right to submit complaints to the Information Regulator