Legal

Privacy Policy

Last updated: 1 May 2026  |  Effective: 1 May 2026

This Privacy Policy describes how Co-Plot (Pty) Ltd, trading as AEFORYN (“AEFORYN”, “we”, “our”, or “us”) collects, uses, stores, and protects your personal information when you use the AEFORYN platform and website (“Service”).

AEFORYN is committed to protecting your privacy and complying with the Protection of Personal Information Act, 4 of 2013 (POPIA) of South Africa, and the General Data Protection Regulation (GDPR) where applicable.

1. Information We Collect

1.1 Information you provide directly

  • Name and email address (account registration)
  • Payment information (processed securely by our payment provider — we do not store card details)
  • Profile information you choose to provide
  • Communications you send to us (support requests, contact form submissions)
  • Content you upload to the Secure Vault

1.2 Information collected automatically

  • Log data (IP address, browser type, pages visited, timestamps)
  • Device information (device type, operating system)
  • Usage data (features used, actions taken within the platform)
  • Cookies and similar tracking technologies (see Section 7)

1.3 Information from connected platforms

When you connect third-party platforms to AEFORYN for monitoring, we access only the data necessary to provide the security features you've enabled. We do not read your private messages or post content on your behalf without your explicit instruction.

2. How We Use Your Information

We use your personal information to:

  • Provide, operate, and improve the Service
  • Create and manage your account
  • Process payments and send receipts
  • Send security alerts and threat notifications
  • Provide customer support
  • Send service-related communications (platform updates, policy changes)
  • Analyse usage to improve our features
  • Comply with legal obligations
  • Detect and prevent fraud, abuse, and security incidents

We do not sell your personal information to third parties. We do not use your data for advertising purposes or share it with data brokers.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our legal bases for processing personal data are:

  • Contract performance:Processing necessary to provide the Service you've subscribed to.
  • Legitimate interests: Processing for security purposes, fraud prevention, and service improvement.
  • Legal obligation: Processing required to comply with applicable law.
  • Consent: Where you have given us specific consent (e.g., marketing communications).

4. Data Security

We implement appropriate technical and organisational measures to protect your personal information:

  • AES-256 encryption for stored data
  • TLS/HTTPS encryption for data in transit
  • Zero-knowledge architecture for the Secure Vault (we cannot access your vault contents)
  • Access controls limiting employee access to personal data
  • Regular security assessments and monitoring
  • Incident response procedures

While we take security seriously, no system is 100% impenetrable. We will notify you of any data breach affecting your personal information in accordance with POPIA and GDPR requirements.

5. Data Sharing and Disclosure

We do not sell or rent your personal information. We may share your information in the following limited circumstances:

  • Service providers: With trusted third-party vendors who assist in operating the Service (hosting, payment processing, email delivery), under strict data processing agreements.
  • Legal requirements: When required by law, court order, or governmental authority.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with appropriate notice to you.
  • With your consent: When you have explicitly authorised a specific disclosure.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you close your account, we will retain your data for a maximum of 90 days before deletion, unless we are required by law to retain it longer.

Vault contents are deleted immediately upon account closure at your request.

7. Cookies

We use cookies and similar technologies to operate and improve the Service. Types of cookies we use:

  • Essential cookies: Required for the Service to function (authentication, session management). These cannot be disabled.
  • Analytics cookies: Help us understand how the Service is used so we can improve it. You may opt out.

We do not use advertising cookies or sell cookie data to third parties.

8. Your Rights

Depending on your location, you have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete information.
  • Deletion: Request deletion of your personal information (subject to legal obligations).
  • Portability: Receive your data in a structured, machine-readable format.
  • Objection: Object to certain processing of your data.
  • Restriction: Request restriction of processing in certain circumstances.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at hello@aeforyn.com. We will respond within 30 days as required by POPIA, or within the applicable timeframe under GDPR.

9. International Data Transfers

AEFORYN is operated from South Africa. If you access the Service from outside South Africa, your information may be transferred to and processed in South Africa or other countries where our service providers operate.

For transfers to countries without adequate data protection laws, we implement appropriate safeguards such as standard contractual clauses approved by relevant data protection authorities.

10. Children's Privacy

The Service is not directed to children under the age of 18. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice within the Service. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

12. Contact Our Privacy Officer

For any privacy-related questions, complaints, or to exercise your rights, contact us:

Privacy Officer

Co-Plot (Pty) Ltd — Trading as AEFORYN

Email: hello@aeforyn.com

Country: South Africa

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa (for POPIA) or your relevant national data protection authority (for GDPR).