Plent
Plent Let Your Business Grow

Privacy Policy

Last updated: May 2026

1. Introduction

Plent ("we", "us", "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act (POPIA), Act 4 of 2013, and all other applicable South African privacy laws. This privacy policy explains how we collect, use, store, and protect your personal information when you use our accounting services.

2. Information Officer

Name: Felix

Email: felix@plent.co.za

Address: Midstream, Centurion, South Africa

Our Information Officer is responsible for ensuring compliance with POPIA and handling all privacy-related inquiries and requests.

3. Information We Collect

We collect the following types of personal information:

3.1 Personal Information

  • Full name and contact details (email address, phone number, physical address)
  • Company registration number and business details
  • South African tax numbers (VAT registration, PAYE reference numbers, UIF reference numbers)
  • Banking details for payment processing
  • Identity document numbers where required for compliance

3.2 Financial Records

  • Bank statements and transaction records
  • Invoices, receipts, and supporting documents
  • Payroll data and employee records
  • Tax returns and SARS correspondence
  • Annual financial statements and management accounts

3.3 Usage Data

  • Client portal login times and access logs
  • IP addresses and device information
  • Communication records (emails, WhatsApp messages, portal communications)

4. Purpose of Processing

We process your personal information for the following purposes:

4.1 Primary Services

  • Providing comprehensive accounting and bookkeeping services
  • Ensuring compliance with SARS requirements and tax legislation
  • Processing invoices, payments, and financial transactions
  • Managing payroll and employee-related tax obligations
  • Preparing and submitting tax returns and regulatory filings

4.2 Communication and Support

  • Communicating with you about your account and services
  • Providing customer support and responding to inquiries
  • Sending service updates and important notices

4.3 Lawful Bases

Our processing is based on: Contract performance (fulfilling our accounting services agreement), Legal obligation (compliance with tax laws and regulatory requirements), and Legitimate interest (providing effective accounting services and maintaining business records).

5. How We Collect Information

  • Directly from you: Through our client portal uploads, WhatsApp communications, email correspondence, and onboarding forms
  • From public records: CIPC company registration database for verification purposes
  • From documents you provide: Bank statements, invoices, receipts, and other financial documents
  • From authorized third parties: With your explicit consent, from your banks, suppliers, or other service providers

6. Data Storage & Security

We implement comprehensive security measures to protect your data:

6.1 Technical Safeguards

  • All data stored on secure servers located within South Africa
  • AES-256-GCM encryption for all data at rest
  • TLS 1.2+ encryption for all data in transit
  • ClamAV malware scanning on all file uploads
  • Regular security updates and vulnerability assessments

6.2 Access Controls

  • Role-based access controls limiting staff access to necessary information only
  • Multi-factor authentication for all system access
  • Client data isolation ensuring each client's data remains separate
  • Regular access reviews and audit trails

6.3 Backup and Recovery

  • Regular encrypted backups stored in multiple secure locations within South Africa
  • Tested disaster recovery procedures
  • Business continuity planning to ensure service availability

7. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share your information only in the following limited circumstances:

7.1 Legal Requirements

  • SARS: As required by the Tax Administration Act for tax compliance and regulatory filings
  • Regulatory authorities: When legally required by CIPC, Department of Labour, or other regulatory bodies

7.2 With Your Consent

  • Auditors: Your appointed external auditors (with your written consent)
  • Financial institutions: For banking and payment processing (with your authorization)

7.3 Service Delivery

WhatsApp/Meta: For message delivery only. Message content is end-to-end encrypted, and we do not share message content with Meta beyond what is necessary for delivery.

8. Data Retention

We retain your information for the following periods:

  • Financial records: 5 years as required by the Tax Administration Act and Companies Act
  • Personal information: For the duration of our engagement plus 1 year for administrative purposes
  • Communication records: 3 years for service quality and dispute resolution
  • Access logs: 2 years for security monitoring

You may request deletion of non-legally-required personal data at any time. We will honor such requests within 30 days, except where retention is required by law.

9. Your Rights Under POPIA

You have the following rights regarding your personal information:

  • Right to access: Request copies of your personal information we hold
  • Right to correction: Request correction of inaccurate or incomplete information
  • Right to deletion: Request deletion of your personal information (where legally permitted)
  • Right to object: Object to specific types of processing
  • Right to restriction: Request limitation of processing under certain circumstances
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to lodge a complaint: Contact the Information Regulator of South Africa

To exercise any of these rights, contact our Information Officer at felix@plent.co.za. We will respond to your request within 30 days.

10. Cookies & Analytics

Our website uses essential cookies only for basic functionality (session management, security). We do not use third-party tracking cookies, advertising cookies, or analytics services that collect personal information. All website interactions remain private and are not shared with external parties.

11. WhatsApp Communication

When you send documents or information via WhatsApp:

  • Documents are immediately downloaded to our secure South African servers
  • Files are deleted from WhatsApp infrastructure after download
  • Rate limiting prevents abuse and unauthorized access attempts
  • Sender verification ensures only authorized clients can submit documents
  • All WhatsApp communications are logged for service quality and compliance

WhatsApp communications are subject to WhatsApp's privacy policy for message transmission, but we do not share message content with Meta beyond delivery requirements.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on this webpage with a new "Last updated" date
  • Notify existing clients via email or client portal announcement
  • Provide at least 30 days' notice before any material changes take effect

13. Contact Information

For any privacy-related questions, concerns, or to exercise your rights under POPIA, please contact:

Information Officer: Felix

Email: felix@plent.co.za

Address: Midstream, Centurion, South Africa

Response time: We will respond within 30 days as required by POPIA

Information Regulator of South Africa:
If you believe your privacy rights have been violated, you may lodge a complaint with the Information Regulator at inforegulator.org.za