Privacy Policy

When a campus onboards, we collect the institution's name, contact person, billing email, and VAT/registration details. From students and lecturers using the portal, we collect names, student/staff numbers, enrolled subjects, attendance records, and content they submit (announcements, reminders, material).

We do not collect biometric data. QR scans are cryptographic tokens — we do not retain device fingerprints or location data beyond the scan event itself.

Personal information is used to operate the portal: authenticating users, recording attendance, delivering announcements, and producing reports the institution requires (e.g., DHET/NSFAS returns). We do not sell personal information to any third party, ever.

We use aggregated, de-identified usage patterns (e.g., 'average attendance across pilot campuses') to improve the product and for marketing claims that cannot be traced to an individual.

Campus data is stored in South African or EU datacentres of your choice. We do not route personal information through US-only infrastructure. Backup storage is within the same region as primary storage.

Your institution's administrators see campus-wide data; lecturers see their assigned subjects; students see their own records. That is enforced by role-based access and is not configurable downward.

Sub-processors: Resend (transactional email), Cloudflare (content delivery), and the hosting provider for your chosen region. Each is contractually bound to POPIA-equivalent protections and is listed in our DPA available on request.

You may request access to your personal information, request correction of inaccurate information, or request deletion. Email info@pjempire.co.za with 'Subject access request' or 'Deletion request' in the subject line. We respond within 30 days, typically within 48 hours.

If you are not satisfied with how we handle your request, you may lodge a complaint with the Information Regulator of South Africa (inforeg.org.za).

Active campus data is retained for the duration of the contract plus one term, to support DHET audit windows. On contract termination, we offer a final export and then permanently delete within 60 days. Audit logs are retained for 3 years as required by POPIA section 14(3).

If we detect unauthorised access affecting your campus, we notify the responsible party within 24 hours with scope, impact, and remediation status, and we assist with regulator notification under POPIA section 22.

Information Officer: PJ Empire (Pty) Ltd · Pretoria, Gauteng, 0182 · info@pjempire.co.za · +27 72 122 2323.