Legal

Privacy Policy & POPIA Notice

Last updated: 1 May 2026 ยท Version 1.0

1. Who We Are

Rupert Invest (Pty) Ltd ("Rupert", "we", "us", or "our") operates the Rupert Fund Finder platform at rupertinvest.co.za and rupert-invest.vercel.app. We are the Responsible Party as defined in the Protection of Personal Information Act 4 of 2013 ("POPIA"). Our Information Officer is responsible for ensuring compliance with POPIA and can be contacted at privacy@rupertinvest.co.za.

2. What Personal Information We Collect

We collect the following categories of personal information when you use our platform: Account information: Full name, email address, and password (stored in encrypted form). Identity verification: The first 6 digits of your South African ID number (which constitutes your date of birth). This is used solely for age verification and FICA-alignment purposes. We do not collect or store your full ID number. Investment profile data: Your responses to our 15-question assessment, including your investment goals, risk tolerance, investment horizon, monthly income range, and investment experience. This information is used exclusively to generate your personalised fund matches. Usage data: Pages visited, features used, search queries, and time spent on platform. This is collected in aggregate and used to improve our service. Payment information: If you subscribe to a paid tier, payment is processed by PayFast (Pty) Ltd. Rupert does not store your card details. PayFast's privacy policy governs the handling of payment data. We do not collect racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, or criminal records.

3. Why We Collect Your Information

We process your personal information for the following lawful purposes under POPIA: To provide our service: Matching you with appropriate investment funds based on your profile. Account management: To create and manage your user account, verify your identity, and provide customer support. Service improvement: To understand how our platform is used and improve the accuracy of our fund matching algorithm. Communication: To send you essential service communications such as account confirmations, password resets, and important updates. We will not send you marketing communications without your explicit consent. Legal compliance: To comply with applicable laws and regulations, including FICA-aligned verification procedures.

4. How We Store and Protect Your Data

Your personal information is stored on Supabase infrastructure hosted in the EU West (Ireland) region. Supabase complies with GDPR, which provides a level of data protection equivalent to or exceeding POPIA requirements. We implement the following security measures: - Encryption of passwords using industry-standard hashing (bcrypt) - Row Level Security (RLS) on our database - HTTPS encryption for all data in transit - Access controls limiting employee access to personal data on a need-to-know basis - Regular security reviews of our infrastructure

5. Sharing Your Information

We do not sell your personal information to any third party. We share your information only in the following circumstances: Service providers: We use Supabase for database hosting, Vercel for application hosting, and PayFast for payment processing. These parties act as Operators under POPIA and are contractually bound to process your data only as instructed by us. Legal requirements: We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Rupert, our users, or others. We will not share your personal information with any financial advisor, asset manager, fund house, or third party without your explicit, informed consent.

6. Your Rights Under POPIA

As a data subject under POPIA, you have the following rights: Right of access: You may request a copy of all personal information we hold about you at any time. Right to correction: You may request that we correct or update any inaccurate personal information. Right to deletion: You may request that we delete your personal information. Right to object: You may object to the processing of your personal information at any time. Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Right to lodge a complaint: You have the right to lodge a complaint with the South African Information Regulator at inforeg.org.za. To exercise any of these rights, contact us at privacy@rupertinvest.co.za. We will respond within 30 days.

7. Cookies

Our platform uses essential cookies required for the service to function, including authentication session cookies. We do not use advertising or tracking cookies. By using our platform, you consent to the use of essential cookies. You may disable cookies in your browser settings, but this will prevent you from logging in or using personalised features.

8. Data Retention

We retain your personal information for as long as your account is active or as needed to provide our service. If you close your account, we will delete your personal information within 30 days, except where retention is required by law.

9. Children

Our platform is not intended for use by persons under the age of 18. If we become aware that we have collected personal information from a minor, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The date at the top of this page reflects when the policy was last updated. Continued use of our platform after changes constitutes acceptance of the updated policy.

11. Contact Us

For any privacy-related questions, requests, or complaints: Email: privacy@rupertinvest.co.za Information Officer: Jean Wilson Rupert Invest (Pty) Ltd Cape Town, South Africa South African Information Regulator: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 inforeg.org.za