top of page

FundTrace

Privacy Policy

By accessing or using our Services, you agree to the practices described in this Policy. If you do not agree, please do not use our Services.

1. Who We Are (Responsible Party)

FundTrace is the responsible party under POPIA for the Personal Information we process (unless stated otherwise in project-specific agreements). Our contact details are:

FundTrace (Pty) Ltd

Cape Town, Western Cape, South Africa]

Email: peter@fundtrace.net

2. Personal Information We Collect

We collect Personal Information necessary to provide transparent, verifiable disbursement and verification in development finance projects. This may include:

 

Identity and KYB/AML information: Name, ID/passport numbers, date of birth, nationality, business registration details, beneficial ownership, PEP status (for individuals and entities).

Contact information: Email, phone, physical address.

Project-related information: Invoices, delivery notes, photos/camera verification of work progress, quantity surveyor reports, milestone evidence.

Financial/transactional data: Bank details (for dedicated project accounts), payment references (not full card details).

Technical/usage data: IP address, browser type, device information, logs of interactions with the Platform.

Blockchain/audit data: Immutable records of approvals, verifications, and fund flows (pseudonymized where feasible).

 

We collect this directly from you, from project participants, public sources (for KYB/AML), or third-party verification providers.

3. How We Collect Personal Information

 

During registration and KYB/AML onboarding.

When uploading/verifying project evidence (invoices, photos, etc.).

Automatically via website/platform usage.

From third parties (e.g., verification services, regulators, project sponsors).

 

4. Purposes for Processing Personal Information

We process Personal Information for the following lawful purposes (primarily under POPIA section 11: contract necessity, legal obligation, legitimate interests):

 

To provide and operate the Services (milestone verification, controlled disbursements, real-time oversight, audit trails).

To comply with KYB/AML, FICA, anti-corruption, sanctions, and development finance regulations (legal obligation).

To prevent fraud, mismanagement, or misuse of funds.

To facilitate multi-party approvals and immutable records on distributed ledger technology.

For platform security, maintenance, and improvement.

To communicate about projects, alerts, or updates (with consent where required).

For aggregated/anonymized analytics to improve delivery assurance.

 

We minimize data collection to what is adequate, relevant, and not excessive.

5. Lawful Basis for Processing

 

Necessary for contract performance — e.g., verifying work for milestone payments.

Legal obligation — e.g., KYB/AML compliance under FICA and international standards.

Legitimate interests — e.g., fraud prevention, platform integrity (balanced against your rights).

Consent — where required (e.g., optional marketing; you can withdraw anytime without affecting core Services).

 

6. Sharing and Disclosure of Personal Information

We share Personal Information only as necessary:

 

With project stakeholders (e.g., DFIs, ECAs, sponsors, contractors) for verification/approvals.

With service providers (e.g., cloud/blockchain hosts, KYB/AML verifiers) bound by strict agreements.

With regulators/authorities if required by law.

In aggregated/anonymized form for reporting/impact analysis.

 

We do not sell Personal Information.

7. Cross-Border Transfers

Personal Information may be transferred outside South Africa (e.g., to blockchain nodes, international DFIs/partners, or cloud providers). We ensure adequate protections via:

 

Binding agreements.

Adequacy decisions or appropriate safeguards under POPIA section 72.

Legitimate interests or your consent where applicable.

 

8. Security of Personal Information

We implement reasonable technical and organizational measures (e.g., encryption, access controls, immutable ledgers) to protect against loss, unauthorized access, or breaches. However, no system is 100% secure; we cannot guarantee absolute security.

In case of a breach, we will notify the Information Regulator and affected data subjects as required by POPIA.

9. Retention of Personal Information

We retain Personal Information only as long as necessary for the purposes above, project completion, legal/audit requirements, or dispute resolution. Immutable blockchain audit trails may retain records indefinitely for transparency/compliance.

10. Your Rights as a Data Subject

Under POPIA, you have the right to:

 

Access your Personal Information.

Request correction, deletion, or destruction (where we are no longer authorized to retain it).

Object to processing (on grounds like legitimate interests).

Withdraw consent (where processing is consent-based).

Lodge a complaint with the Information Regulator.

 

To exercise rights, contact our Information Officer (free of charge; use accessible channels like email, WhatsApp, etc.). We respond within reasonable timeframes (e.g., 30 days where specified).

11. Direct Marketing

We do not send unsolicited electronic marketing without explicit, informed consent. You can opt out anytime.

12. Changes to This Privacy Policy

We may update this Policy. Material changes will be notified via the Platform, email, or website posting. Continued use constitutes acceptance.

13. Contact Us

For questions, rights requests, or complaints:

Email: [privacy@fundtrace.africa]

Or via website contact form.

This Policy aligns with our mission to deliver trusted, traceable development finance while respecting privacy.

By using FundTrace, you acknowledge this Privacy Policy.

bottom of page