Skhokho Privacy Policy

Last Updated: May 28, 2025

Skhokho is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and South Africa's Protection of Personal Information Act (POPIA). This Privacy Policy explains what personal data we collect, how we collect and use it, how it's stored and shared, and your rights regarding your data. It applies to the use of Skhokho's web-based software-as-a-service platform and the Skhokho WhatsApp interface.

1. Personal Data We Collect

We collect various categories of personal data to provide and improve our services. This includes:

Contact and Address Information

Name, email address, phone number, and physical address details (street address, city, province/state, postal code, and country).

Profile Data

Information associated with your user profile, such as preferred language, job title or role, profile picture, and user type/role (e.g. administrator or standard user). We also note if you are the account owner or an invited team member.

Employee Information

If you use our HR management features, you may input personal details of your employees. This can include identification or ID numbers, employee numbers, tax or payroll numbers, contact phone numbers, dates of birth, links to LinkedIn profiles, dates of employment (hire date and, if applicable, termination date), and employment status (active/inactive).

Financial and Banking Details

If you use our accounting or payroll features, or if you make payments through Skhokho, we may collect banking information. This may include bank name, bank account number, branch code, routing number, and SWIFT code. These details are typically used for processing salary payments or other transactions within the platform.

Transactional and Payment Information

When you subscribe to a paid plan or make a purchase, we collect information necessary to process the transaction. This includes billing address and payment-related data. (Payment card details are handled securely by our payment processor, as described later.)

Device and Technical Information

When you use our website or app, we automatically collect certain technical data about your device and usage. For example, we may record your IP address, browser type, time zone, operating system, and browsing actions on our site. This helps us ensure the service works properly and for security monitoring (e.g., IP addresses may be used to detect suspicious login activity).

Business Data You Provide

Through your use of Skhokho's services, you may input other data that can include personal information, such as information about your customers or contacts, project details, or documents. Any data you enter into our platform (e.g. CRM contacts, project notes, HR records) will be stored on our systems as part of providing the service. We treat all such data as confidential and in accordance with this policy.

2. How We Collect Your Data

We obtain personal data directly from you or through your interaction with our services, in ways including:

Account Registration and Setup

When you create a Skhokho account (whether via our website or through a third-party login), you provide information such as your name, email, and password. During setup, you may also provide company details and preferences.

User Input in the Application

You enter data into Skhokho's various modules (CRM, HR, Accounting, OKR, etc.) by filling out forms or uploading content. For instance, you might fill in an employee profile form with their personal details, or enter a client's address into the CRM. All such entries are stored to enable the functionality you request.

WhatsApp Interface Interactions

Skhokho offers a WhatsApp-based interface for your convenience. If you opt to use it, you will connect your account to your WhatsApp number. When you send messages/commands via WhatsApp to interact with Skhokho, we receive and process the content of those messages along with your phone number (used as an identifier to link to your account). For example, if you message Skhokho's WhatsApp bot to add a new contact or retrieve information, we collect that input to perform the action. All WhatsApp communications with Skhokho are bound to your verified phone number and used only under secure conditions.

Forms and Communications

If you fill out any contact forms on our website, subscribe to newsletters, or communicate with us (e.g. via email or support chat), we will collect the information you provide (such as your email address or any personal details included in your inquiry).

Automated Collection (Website Use)

As you browse our marketing website or documentation, standard web technologies gather data about your visit. This includes device and usage information as noted above (IP address, browser type, page interactions, etc.). We use this to analyze web traffic and improve user experience. Importantly, this automatic collection on our website is limited to necessary data and analytics – we do not use any invasive tracking techniques.

Third-Party Sources

In general, we collect data directly from you. In some cases, we might receive information from third parties at your direction. For example, if you integrate a third-party service with Skhokho or use single sign-on (like Google authentication), that service may send us certain information (such as your name and email from your Google profile, if you use it to sign up). We will always ask for your authorization in such cases.

3. Cookies and Tracking Technologies

Skhokho's use of cookies is minimal and purely for functionality:

Session Cookies

When you log into the Skhokho platform, a secure session cookie is placed in your browser to maintain your authenticated session. This cookie contains a random session ID and does not contain personal data beyond identifying your session. It is a first-party cookie (issued by the Skhokho domain) and is essential for the service to recognize you as you navigate between pages. We do not use this cookie to track you outside of our service, and it expires or is deleted when you log out or after a period of inactivity.

Preference Cookies

Aside from session management, we might use cookies to remember preferences (for example, your selected language or UI settings) so that you have a smoother experience. These are also first-party and only used to enhance your use of Skhokho.

No Third-Party or Marketing Cookies

We do not embed third-party advertising cookies or social media trackers in the app interface. Any third-party integrations (like analytics or error tracking) that use cookies are only employed to the extent necessary for service quality, and wherever possible, we use anonymized or aggregate information. Currently, our platform does not make use of Google Analytics or similar tracking tools that would profile personal data; if this ever changes, we will update this policy and obtain any necessary consents.

Cookie Consent

Because our cookie usage is limited to essential purposes, it may not require a pop-up consent under applicable law. However, by using our site and services, you acknowledge our use of these functional cookies. You can control cookies through your browser settings, but note that disabling cookies entirely (especially our session cookie) will prevent you from logging in or using key features of Skhokho.

4. How We Use Personal Data

We use the collected personal data for the following purposes, in alignment with the principles of purpose limitation under GDPR/POPIA:

Providing and Improving the Service

We process your data to deliver Skhokho's functionalities to you – for example, using the information you input to generate reports, manage your projects, HR records, CRM contacts, etc. All features of our business management software rely on the data you provide, and we use it to perform the services you request. We also analyze usage patterns (in an aggregated form) to improve and optimize our platform's performance and features.

Account Management and Authentication

Contact information like your email and password is used to create and secure your account, verify your identity at login, and to communicate important account-related information. We may send you service notifications (such as password reset emails, login alerts, or important announcements about the platform).

Transactions and Payments

We use personal information to process subscription payments or purchases. For instance, your name and billing details are used in invoicing, and your email may be shared with our payment processor to send payment receipts or confirmations. Payment card information is not stored on our servers; it is handled by our secure payment provider. We only retain a record of your subscription status and basic transaction history.

Communications and Support

We may use your contact information to respond to your inquiries, provide customer support, and send you information you've requested. If you contact us for help, we will use the details you gave us (like your email or phone number) to assist you.

Platform Communications (WhatsApp Interface)

If you use the WhatsApp interface, we use the content of your messages (e.g., a command to "add a new task") to execute actions on your account. We may also send you responses or confirmations via WhatsApp. We will not spam you on WhatsApp or use that channel for marketing messages unless you opt-in; it is primarily a user-initiated interface.

5. Data Sharing and Disclosure

We treat your personal information with care and confidentiality. However, we do share data in certain circumstances to run our business and comply with the law, as outlined here:

Third-Party Service Providers (Processors)

We use reputable third-party companies to help us deliver our services. These providers act on our behalf and may process your personal data in the course of their duties. Key examples include:

• Payment Processors: We use Stripe (a secure payment processing service) to handle subscription and payment transactions. When you pay for Skhokho services, your payment details are collected and processed by Stripe, not by Skhokho. Your financial information is transmitted directly to Stripe via encrypted connections; we do not store your full card details on our servers.
• Cloud Hosting and Data Storage: Skhokho is a cloud-based SaaS. Your data (including databases and file storage) is hosted on secure servers provided by third-party cloud infrastructure providers. These providers store and back up data on our behalf.
• Email and Communication Tools: We may use third-party email services to send verification emails, notifications, or newsletters. Those services would process your email address and the content of the message.

Legal Obligations and Safety

We may disclose personal information when required to do so by law or valid legal process. This includes responding to court orders, subpoenas, or requests by government or law enforcement authorities, only to the extent we are compelled to by law. We may also share data if necessary to investigate, prevent, or act against illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or violations of our Terms of Service.

International Data Transfers

Given the global nature of cloud services, the third parties and servers we use may be located in countries other than your own. If you are in South Africa or the EU, this means your personal information might be transferred across national borders. We take steps to ensure any such transfers comply with applicable data protection laws, including using approved safeguards such as Standard Contractual Clauses (SCCs) for GDPR, or binding agreements that uphold principles of POPIA.

6. Data Storage and Security

We understand that the personal and business data you entrust to Skhokho is valuable and often sensitive. We have implemented appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. Key aspects of our data security approach include:

Encryption in Transit

All communications between your browser (or WhatsApp interface) and our servers are encrypted using industry-standard protocols such as HTTPS (TLS). This means that when data is sent to or from Skhokho, it is encoded so that third parties cannot eavesdrop on it in transit.

Encryption at Rest

We apply encryption to data stored in our databases and file storage. Personal data and documents you store on Skhokho's cloud servers are encrypted at rest (using strong encryption algorithms). This adds a layer of protection so that even if someone were to gain unauthorized access to the storage, they would not be able to read your data without the encryption keys.

Access Controls

We limit access to personal data strictly to authorized personnel who need it to operate or support the service. Skhokho's team members and contractors are bound by confidentiality obligations. Administrative access to systems containing personal data is restricted and protected by strong authentication (e.g., multi-factor authentication) to prevent unauthorized internal access.

Monitoring and Prevention

We employ firewalls and intrusion detection systems to guard our infrastructure. We monitor for suspicious activities or unauthorized access attempts. If abnormal activity is detected, we have alerting and response procedures to address it promptly.

7. Data Retention

We will retain your personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or to comply with legal or contractual obligations. How this generally works:

Active Account Data

For as long as you have an active account with Skhokho, the information associated with your account will be retained. This is so we can provide you the service continuously – your data is needed to give you full functionality.

User-Initiated Deletion

You have control over many types of data in your account. You can delete or edit entries (for example, remove an employee record, or delete a project) at any time. When you delete data through the app, that data is permanently deleted from our live databases.

Account Deletion

If you wish to stop using Skhokho entirely, you may request account deletion. Upon confirmation, we will deactivate and delete your account data. Account deletion will result in removal of all personal data and content associated with your account from our production databases. Important: there might be a short retention of your data in our encrypted backups even after account deletion, but these backups rotate and purge on a regular schedule.

Retention for Legal Obligations

In certain cases, we may need to retain some information even after you delete your account, if such retention is required to meet legal obligations. For example, financial transaction records (invoices, payment history) might be kept for a period of years as required by tax or accounting laws.

8. Your Rights and Choices

As a user of Skhokho, especially if you are located in the European Union or South Africa, you have robust rights regarding your personal data. We are committed to upholding these rights and enabling you to exercise them easily. Your key data subject rights include:

Right to Access

You have the right to request a copy of the personal information we hold about you. Most of your basic account data is accessible to you directly by logging into your Skhokho account.

Right to Correction (Rectification)

If any of your personal information is inaccurate or outdated, you have the right to correct or update it. You can edit much of your data directly within the platform.

Right to Deletion (Erasure)

You have the right to request deletion of your personal data. This is sometimes called the "right to be forgotten." You may delete specific pieces of data on your own. Additionally, you can request that we delete all data we hold about you and close your account. Unless we are required to retain certain data for legal reasons, we will comply with such requests and erase your data from our systems.

Right to Data Portability

You have the right to receive the personal data you have provided to us in a structured, commonly used, machine-readable format, and to have that data transmitted to another service (where technically feasible), if you request.

Right to Object to Processing

In certain situations, you have the right to object to the processing of your personal data. You can also object to any processing carried out on the basis of our legitimate interests, if you believe it impacts your rights.

Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the appropriate supervisory authority. For example, if you are in South Africa, you can contact the Information Regulator, and if you are in the EU, you can reach out to your country's Data Protection Authority.

9. WhatsApp Interface and Your Privacy

In addition to the web platform, Skhokho provides a WhatsApp Interface that allows you to interact with your Skhokho account via WhatsApp messages. We want to address how your data is handled in this context and reassure you of the security measures in place:

Using WhatsApp with Skhokho

To use the WhatsApp Business integration, you'll need to link your phone number with your Skhokho account. This typically involves sending a message (like "Hello") to our official Skhokho WhatsApp number and following a secure verification process. Once linked, your WhatsApp number essentially becomes an extension of your account identity – any commands or queries you send from that number will be treated as coming from you.

Data Collected via WhatsApp

When you interact with Skhokho through WhatsApp, we collect the content of your messages (the text you send, and any necessary file attachments if that functionality exists) and log the actions taken. We also may log metadata such as the timestamps of messages and the phone number (to authenticate that the request is from your trusted number). We do not collect any additional data from WhatsApp itself – for instance, we do not have access to your WhatsApp contacts or any other information on your device.

Security of WhatsApp Communications

The WhatsApp platform provides end-to-end encryption for all messages by default. This means that messages are encrypted on your device and can only be decrypted by Skhokho's service once they arrive; in transit, they cannot be read by WhatsApp or any intermediary. This cryptographic security ensures that your interactions remain private and secure.

10. Children's Privacy

Skhokho is business-oriented software and is generally intended for use by adults in a professional setting. Our services are not directed at children or minors. We do not knowingly collect personal information from individuals under the age of 16 (and in jurisdictions like South Africa, under 18) without verifiable parental or guardian consent.

If you are not at least 16 years old (or the age of majority in your country, if higher), you should not use Skhokho or provide any personal data to us. In the event that we become aware of having received information from a child without proper consent, we will take prompt steps to delete it.

If you are a parent or guardian and you believe your child under the relevant age has provided personal information to us, please contact us so we can remove the data and terminate any accounts if necessary.

11. Changes to This Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this policy.

For significant changes, we will also provide a more prominent notice, such as an email notification or a message within the app, to inform you of the updates. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

Continued use of Skhokho after any changes to this policy constitutes your acknowledgment of the changes and agreement to be bound by the updated policy. If any changes materially affect how your personal data is handled, we will seek re-confirmation of consent if required by applicable law.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please do not hesitate to contact us. We are here to help and address any issues related to privacy and data protection.

Contact channels for privacy-related inquiries or requests: