Last updated: 24 February 2026
Kujalia ERP ("Kujalia", "we", "us", or "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (Act 4 of 2013) ("POPIA") and its regulations. This notice explains how we collect, use, store, and share personal information when you use our cloud-based enterprise resource planning platform.
Kujalia (Pty) Ltd is the responsible party as defined in POPIA. For any enquiries related to the processing of your personal information, you may contact us at:
We collect the following categories of personal information in the course of providing our services:
| Category | Examples |
|---|---|
| Identity information | Full name, ID or passport number, date of birth |
| Contact details | Email address, phone number, physical address |
| Employment information | Job title, employee number, salary, tax number, bank account details |
| Financial information | Invoices, payments, bank statements, transaction records |
| Technical information | IP address, browser type, login timestamps, session data |
| Business information | Company registration, VAT number, B-BBEE level, trading name |
We process personal information for the following purposes:
Under POPIA, we rely on the following lawful grounds for processing:
When you use Kujalia ERP to manage your own customer, employee, or supplier data, you are the responsible party for that information and Kujalia acts as an operator (processor) on your behalf. We process such data strictly according to your instructions and our operator agreement. We do not access, sell, or use your tenant data for any purpose other than delivering the service.
We do not sell personal information. We may share information with:
All third-party operators are bound by data processing agreements that require them to protect personal information in accordance with POPIA.
Your data is hosted in South Africa (AWS af-south-1, Cape Town). In limited circumstances, personal information may be transferred outside the Republic in compliance with Section 72 of POPIA — for example, where the recipient is subject to equivalent data protection laws or binding agreements, or where you have provided your consent.
We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law:
When retention periods expire, information is securely deleted or anonymised.
We implement appropriate technical and organisational measures to protect personal information against loss, unauthorised access, and unlawful processing, including:
For more detail, see our Security page.
Under POPIA, you have the right to:
To exercise any of these rights, email privacy@kujalia.co.za. We will respond within 30 days as required by POPIA.
In the event of a security compromise that poses a risk to your rights, we will notify the Information Regulator and affected data subjects as soon as reasonably possible, in accordance with Section 22 of POPIA. Our notification will include the nature of the breach, the information involved, and the measures we have taken to address it.
We use strictly necessary cookies for authentication and session management. We do not use third-party advertising or behavioural tracking cookies. No personal information is shared with advertising networks.
Kujalia ERP is a business platform and is not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected such information, we will delete it promptly.
If you are not satisfied with how we handle your personal information, you have the right to lodge a complaint with the Information Regulator:
We may update this notice from time to time. Material changes will be communicated via email or an in-app notification. The "Last updated" date at the top of this page indicates when this notice was last revised.