Legal

Privacy Policy

Effective date: 18 April 2026

1. Who We Are

Leka Comply is a product of Luleka Group PTY (Ltd), a company registered in the Kingdom of Eswatini. We provide a cloud-based compliance management platform designed for businesses operating in Eswatini and the region.

Registered name: Luleka Group PTY (Ltd)
Trading as: Leka Comply
Contact: hello@lekacomply.com

2. What Personal Information We Collect

We collect the following categories of personal information:

  • Account information: Full name, email address, job title, and organisation name provided during registration or invitation.
  • Compliance documents: Policies, SOPs, training records, risk entries and other documents you upload or create within the platform.
  • Usage data: Log data including IP address, browser type, pages visited and actions taken within the platform.
  • Communications: Any emails or messages you send to our support team.

3. How We Use Your Information

We use your personal information solely to:

  • Provide, operate and maintain the Leka Comply platform
  • Send account-related communications such as invitations, password resets and service notices
  • Respond to support requests and improve platform functionality
  • Comply with legal obligations
  • Collect aggregated, anonymised usage data (feature adoption, session patterns, error rates) to improve the platform and inform product development. This data is never shared at individual client level.

We do not sell, rent or share your personal information with third parties for marketing purposes.

4. Data Storage and Security

Your data is hosted with a reputable cloud provider in the United Kingdom with appropriate security and contractual safeguards. Leka Comply is built around the Eswatini Data Protection Act 2022 as our primary data protection framework. All data is encrypted in transit (TLS 1.2+) and at rest. Access to your organisation's data is restricted to authenticated users belonging to your organisation. We implement role-based access controls to prevent unauthorised access.

5. Your Rights Under the Eswatini Data Protection Act 2022

Under the Eswatini Data Protection Act 2022, you have the following rights:

  • Right of access: Request a copy of the personal information we hold about you.
  • Right to correction: Request correction of inaccurate or incomplete information.
  • Right to deletion: Request deletion of your personal information, subject to any legal retention obligations.
  • Right to object: Object to the processing of your personal information in certain circumstances.
  • Right to portability: Request your personal data in a structured, machine-readable format (CSV export). Available at any time via the Reports module.
  • Right to complain: Lodge a complaint with the Eswatini Data Protection Authority (EDPA), the national data protection authority established under the Eswatini Data Protection Act 2022, if you believe your rights have been infringed.

To exercise any of these rights, contact us at hello@lekacomply.com. We will respond within 30 days.

6. Data Retention

We retain your personal information for as long as your account is active or as required to provide the service. On account termination or cancellation, your data is retained for up to 90 days to allow you to export your records. After 90 days, all personal data is permanently deleted. On a specific deletion request, we will action deletion within 30 days, except where retention is required by applicable law.

7. Cookies and Tracking

Leka Comply uses session cookies strictly necessary to maintain your authenticated session. We do not use advertising or tracking cookies. The public-facing lekacomply.com website uses Vercel Web Analytics to collect anonymised, cookieless page view data including visitor counts, page views and traffic sources. No personal data is collected and no cookies are set. This analytics tool does not track users across websites. The platform dashboard (accessed after login) does not use any third-party analytics scripts.

8. Third-Party Services

We use carefully selected sub-processors to deliver our service. Each sub-processor is bound by data processing agreements and applicable data protection law. A full list of current sub-processors is available on request by emailing hello@lekacomply.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The effective date at the top of this page will always reflect the most recent revision.

10. Contact Us

For any privacy-related queries, requests or complaints, please contact our Information Officer at:

Luleka Group PTY (Ltd), trading as Leka Comply
Email: hello@lekacomply.com