Privacy in plain business language

This draft structure is designed to support POPIA and GDPR-oriented thinking while remaining understandable for customers and partners.

Information collected

SterlingMadi may collect account details, organization information, client records, project data, invoice content, and operational activity needed to deliver the workspace.

Purpose of processing

Information is processed to provide the product, maintain account security, support invoicing and billing workflows, improve service reliability, and communicate product updates.

Lawful basis and user rights

Processing is guided by lawful business use, contract performance, legitimate interests, and consent where required. Users may request access, correction, or deletion subject to legal and operational limits.

Retention

Data is retained for as long as required to deliver services, meet financial record-keeping obligations, resolve disputes, and maintain reasonable operational continuity.

Security

SterlingMadi aims to use role-based access, tenant separation, secure transport, and operational controls appropriate for a modern SaaS workspace.

Cross-border processing

Some service providers or infrastructure partners may process data outside South Africa. Cross-border handling should be reviewed against POPIA, GDPR, and applicable contractual safeguards.

Contact details

Privacy and data-handling enquiries can be directed to the designated Cyber Development contact channel used for commercial and compliance coordination.

Legal disclaimer: legal review is required before production finalization.