Security & Privacy
This portal is built for law firms handling sensitive FICA and client information. Below is a plain-English summary of the controls we have in place.
Encryption in transit
All traffic uses TLS 1.3. Your data is never sent in plaintext over the network.
Encryption at rest
Documents and database records are stored with AES-256 disk encryption.
Authenticated access
Every page that holds client data requires you to be signed in. Your session expires automatically.
Strict access control
Clients can only see their own intake. Reviewers see only intakes assigned to them.
POPIA-aligned
Personal information is processed for the lawful purpose of FICA verification only, never sold or shared.
Defence in depth
Document uploads use signed, short-lived URLs. Private buckets, row-level access policies in the database.
Honest disclosure
We do not claim "end-to-end encryption". The application can read your documents in order to assist with FICA review and auto-fill the intake form. If you need true zero-knowledge encryption (where even we cannot read the file), please contact us, that's a different product.
Your rights under POPIA
- Request a copy of the personal information we hold about you.
- Request correction or deletion of inaccurate information.
- Withdraw consent for processing at any time.
- Lodge a complaint with the Information Regulator of South Africa.