Legal

Privacy Policy

Effective date: 18 April 2026

1. Who We Are

Leka Comply is a product of Luluka Group PTY (Ltd), a company registered in the Kingdom of Eswatini. We provide a cloud-based compliance management platform designed for businesses operating in Eswatini and South Africa.

Registered name: Luluka Group PTY (Ltd)
Trading as: Leka Comply
Contact: hello@lekacomply.com

2. What Personal Information We Collect

We collect the following categories of personal information:

  • Account information: Full name, email address, job title, and organisation name provided during registration or invitation.
  • Compliance documents: Policies, SOPs, training records, risk entries and other documents you upload or create within the platform.
  • Usage data: Log data including IP address, browser type, pages visited and actions taken within the platform.
  • Communications: Any emails or messages you send to our support team.

3. How We Use Your Information

We use your personal information solely to:

  • Provide, operate and maintain the Leka Comply platform
  • Send account-related communications such as invitations, password resets and service notices
  • Respond to support requests and improve platform functionality
  • Comply with legal obligations
  • Collect aggregated, anonymised usage data (feature adoption, session patterns, error rates) to improve the platform and inform product development. This data is never shared at individual client level.

We do not sell, rent or share your personal information with third parties for marketing purposes.

4. Data Storage and Security

Your data is stored securely on enterprise-grade cloud infrastructure hosted in the London region, which is recognised as adequate under POPIA Section 72 for cross-border data transfers. All data is encrypted in transit (TLS 1.2+) and at rest. Access to your organisation's data is restricted to authenticated users belonging to your organisation. We implement role-based access controls to prevent unauthorised access.

5. Your Rights Under POPIA

Under the Protection of Personal Information Act, 2013 (POPIA), you have the following rights:

  • Right of access: Request a copy of the personal information we hold about you.
  • Right to correction: Request correction of inaccurate or incomplete information.
  • Right to deletion: Request deletion of your personal information, subject to any legal retention obligations.
  • Right to object: Object to the processing of your personal information in certain circumstances.
  • Right to portability: Request your personal data in a structured, machine-readable format (CSV export). Available at any time via the Reports module.
  • Right to complain: Lodge a complaint with the Information Regulator of South Africa if you believe your rights have been infringed.

To exercise any of these rights, contact us at hello@lekacomply.com. We will respond within 30 days.

Rights under the Eswatini Data Protection Act 2022: If you are based in Eswatini, you have equivalent rights under the Data Protection Act 2022, administered by the Eswatini Data Protection Authority (EDPA). You may lodge a complaint with the EDPA (edpa@gov.sz) if you believe your data protection rights have been infringed.

6. Data Retention

We retain your personal information for as long as your account is active or as required to provide the service. On account termination or cancellation, your data is retained for up to 90 days to allow you to export your records. After 90 days, all personal data is permanently deleted. On a specific deletion request, we will action deletion within 30 days, except where retention is required by applicable law (for example, financial records are retained for 7 years under Eswatini tax law).

7. Cookies and Tracking

Leka Comply uses session cookies strictly necessary to maintain your authenticated session. We do not use advertising or tracking cookies. The public-facing lekacomply.com website uses Vercel Web Analytics to collect anonymised, cookieless page view data including visitor counts, page views and traffic sources. No personal data is collected and no cookies are set. This analytics tool does not track users across websites. The platform dashboard (accessed after login) does not use any third-party analytics scripts.

8. Third-Party Services

We use carefully selected sub-processors to deliver our service. Each sub-processor is bound by data processing agreements and applicable data protection law. A full list of current sub-processors is available on request by emailing hello@lekacomply.com.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The effective date at the top of this page will always reflect the most recent revision.

10. Contact Us

For any privacy-related queries, requests or complaints, please contact our Information Officer at:

Luluka Group PTY (Ltd) — Leka Comply
Email: hello@lekacomply.com