Legal
Version 1.0 • Effective 1 June 2026
Your privacy matters
Zero Deposit Africa (Pty) Ltd is committed to protecting your personal information in accordance with POPIA and all applicable South African data-protection legislation. A PDF copy of this policy is attached to your welcome email.
Zero Deposit Africa (Pty) Ltd (“ZDA”, “we”, “us”, or “our”) is committed to protecting your personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and all other applicable South African data-protection legislation. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the ZDA Platform.
We collect the following categories of personal information:
Identity Information: Full legal name, South African ID number or passport number, date of birth, and proof-of-identity documents.
Contact Information: Email address, mobile phone number, WhatsApp number, and physical residential or business address.
Financial Information: Tokenised bank account details (raw account numbers are never stored), mandate reference numbers, and payment history.
Property Information: Rental property address and monthly rental amount as submitted by LADs when creating a Guarantee.
Device and Usage Data: IP address, browser type, device identifiers, pages visited, and timestamps of access, collected automatically via server logs.
Marketing Attribution: UTM parameters and entry points used to understand how you discovered the Platform.
We process your personal information for the following purposes:
To create and manage your account on the Platform.
To process Guarantee applications, activations, charges, and disputes.
To collect monthly administration fees via authorised debit mandates.
To verify your identity and comply with Know Your Customer (KYC) obligations.
To comply with legal and regulatory requirements under South African law.
To communicate with you about your account, transactions, and Platform updates.
To detect, investigate, and prevent fraudulent or unlawful activity.
To improve and personalise your experience on the Platform.
We process your personal information on the following lawful grounds under POPIA:
Contractual necessity: Processing required to enter into or perform the Guarantee Agreement with you.
Legal obligation: Processing required to comply with applicable laws, including FICA, the Rental Housing Act, and POPIA.
Legitimate interest: Processing for fraud prevention, platform security, and service improvement.
Consent: Where consent is required (e.g. marketing communications), we will ask for it explicitly and you may withdraw it at any time.
We retain your personal information for the following periods:
KYC and charge documents
5 years from submission (legal hold)
Audit events
7 years (immutable append-only log)
Raw chat and support logs
24 months maximum
Draft documents
180 days then permanently deleted
Account data
Duration of active account plus applicable legal retention periods after closure
We do not sell your personal information. We may share it with:
Netcash (Pty) Ltd — our payment service provider, for mandate registration and debit order collection.
Zoho Corporation — our CRM and accounting provider, for customer relationship management and invoicing.
Amazon Web Services / Microsoft Azure — cloud infrastructure providers operating data centres in South Africa.
Regulatory and law enforcement authorities — where required by law or court order.
Professional advisors — auditors, legal counsel, and insurers, under strict confidentiality obligations.
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, or disclosure, including:
AES-256-GCM field-level encryption for sensitive fields (ID numbers, bank tokens).
TLS 1.3 encryption in transit for all API communications.
Audit logging of all access to personal information (append-only, immutable).
Role-based access control ensuring employees only access data they need.
Regular security testing including penetration testing and vulnerability scanning.
As a data subject you have the following rights under POPIA:
Right of access: Request a copy of the personal information we hold about you.
Right to correction: Request that inaccurate or incomplete information be corrected.
Right to deletion: Request deletion of your personal information, subject to legal retention obligations.
Right to object: Object to processing of your personal information for direct marketing purposes.
Right to data portability: Request your information in a structured, machine-readable format.
Right to lodge a complaint: Lodge a complaint with the Information Regulator of South Africa at www.inforegulator.org.za.
To exercise any of these rights, contact our Information Officer at support@zerodeposit.africa. We will respond within 30 days as required by POPIA Section 23.
The Platform uses a single non-sensitive routing cookie (zda_role) to direct authenticated users to the correct dashboard. This cookie does not contain personal information and is cleared on logout. We do not use third-party advertising or tracking cookies.
We may update this Privacy Policy from time to time. We will notify you of material changes via email at least 14 days before the new version takes effect. The latest version is always available at zerodeposit.africa/privacy.
For any privacy-related queries, to exercise your rights, or to report a data breach, please contact our Information Officer at support@zerodeposit.africa or visit www.zerodeposit.africa.
© 2026 Zero Deposit Africa (Pty) Ltd. All rights reserved. • Version 1.0 — 1 June 2026