Privacy Policy & POPIA Notice

Rupert Invest (Pty) Ltd ("Rupert", "we", "us", or "our") operates the Rupert Fund Finder platform at rupertinvest.co.za and rupert-invest.vercel.app. We are the Responsible Party as defined in the Protection of Personal Information Act 4 of 2013 ("POPIA"). Our Information Officer is responsible for ensuring compliance with POPIA and can be contacted at privacy@rupertinvest.co.za.

We collect the following categories of personal information when you use our platform: Account information: Full name, email address, and password (stored in encrypted form). Identity verification: The first 6 digits of your South African ID number (which constitutes your date of birth). This is used solely for age verification and FICA-alignment purposes. We do not collect or store your full ID number. Investment profile data: Your responses to our 15-question assessment, including your investment goals, risk tolerance, investment horizon, monthly income range, and investment experience. This information is used exclusively to generate your personalised fund matches. Usage data: Pages visited, features used, search queries, and time spent on platform. This is collected in aggregate and used to improve our service. Payment information: If you subscribe to a paid tier, payment is processed by PayFast (Pty) Ltd. Rupert does not store your card details. PayFast's privacy policy governs the handling of payment data. We do not collect racial or ethnic origin, political opinions, religious beliefs, health data, sexual orientation, or criminal records.

We process your personal information for the following lawful purposes under POPIA: To provide our service: Matching you with appropriate investment funds based on your profile. This is the primary purpose and the basis for which most of your data is collected. Account management: To create and manage your user account, verify your identity, and provide customer support. Service improvement: To understand how our platform is used and improve the accuracy of our fund matching algorithm. Communication: To send you essential service communications such as account confirmations, password resets, and important updates. We will not send you marketing communications without your explicit consent. Legal compliance: To comply with applicable laws and regulations, including FICA-aligned verification procedures. We will not process your personal information for any purpose other than those listed above without obtaining your prior consent.

Your personal information is stored on Supabase infrastructure hosted in the EU West (Ireland) region. Supabase complies with GDPR, which provides a level of data protection equivalent to or exceeding POPIA requirements, satisfying the cross-border transfer provisions of POPIA Section 72. We implement the following security measures: - Encryption of passwords using industry-standard hashing (bcrypt) - Row Level Security (RLS) on our database, ensuring users can only access their own data - HTTPS encryption for all data in transit - Access controls limiting employee access to personal data on a need-to-know basis - Regular security reviews of our infrastructure In the event of a security breach that may affect your personal information, we will notify you and the Information Regulator as required by POPIA.

We do not sell your personal information to any third party. We share your information only in the following circumstances: Service providers: We use Supabase for database hosting, Vercel for application hosting, and PayFast for payment processing. These parties act as Operators under POPIA and are contractually bound to process your data only as instructed by us and to maintain appropriate security measures. Legal requirements: We may disclose your information if required by law, court order, or to protect the rights, property, or safety of Rupert, our users, or others. We will not share your personal information with any financial advisor, asset manager, fund house, or third party without your explicit, informed consent.

As a data subject under POPIA, you have the following rights: Right of access: You may request a copy of all personal information we hold about you at any time. Right to correction: You may request that we correct or update any inaccurate personal information. Right to deletion: You may request that we delete your personal information. Note that some information may be retained for legal compliance purposes. Right to object: You may object to the processing of your personal information at any time. Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Right to lodge a complaint: You have the right to lodge a complaint with the South African Information Regulator at inforeg.org.za. To exercise any of these rights, contact us at privacy@rupertinvest.co.za. We will respond within 30 days.

Our platform uses essential cookies required for the service to function, including authentication session cookies. We do not use advertising or tracking cookies. By using our platform, you consent to the use of essential cookies. You may disable cookies in your browser settings, but this will prevent you from logging in or using personalised features.

We retain your personal information for as long as your account is active or as needed to provide our service. If you close your account, we will delete your personal information within 30 days, except where retention is required by law. Investment profile data and quiz responses are retained for the duration of your account to enable you to access your saved results. You may request deletion of your quiz data at any time without closing your account.

Our platform is not intended for use by persons under the age of 18. We use the first 6 digits of your SA ID number to verify that you are 18 or older. If we become aware that we have collected personal information from a minor, we will delete it immediately.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice on our platform. The date at the top of this page reflects when the policy was last updated. Continued use of our platform after changes constitutes acceptance of the updated policy.

For any privacy-related questions, requests, or complaints: Email: privacy@rupertinvest.co.za Information Officer: Jean Wilson Rupert Invest (Pty) Ltd Cape Town, South Africa South African Information Regulator: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001 inforeg.org.za