1. Who we are
Sebenza is a South African talent-intelligence platform operated from South Africa. We are the responsible party under POPIA for the personal information processed through this site.
Our Information Officer is reachable at popia@sebenzasa.com. The Information Regulator (South Africa) is the supervisory authority for POPIA matters.
2. What we collect, and why
Sebenza is special-category PII territory by design we process ID numbers, qualifications, and employment status to make the SA talent pool visible. Each data category is attached to a specific lawful purpose:
- Identity(name, email, date of birth, nationality, and only when you choose to be KYC-verified later from your dashboard your encrypted SA ID or passport number plus a copy of your SA ID book/card or passport bio page) to create an account, confirm you meet the minimum age (14) under the Basic Conditions of Employment Act, and link your profile to a real person. ID number and document upload are never asked for at sign-up; they live on the KYC panel and are entirely optional until you decide to be verified. Documents you upload for identity verification are stored in a private bucket scoped to your user id and are read only via short-lived signed URLs by Sebenza administrators when they review your submission. Your date of birth is visible only to you and Sebenza administrators it is never shown on your public profile or returned by employer searches. Your nationality may be displayed on your public profile (e.g. “South African”) as a passive label; it is never used as a gate.
- Professional (profession, skills, experience, qualifications, work availability) to make your profile findable to employers searching for that talent.
- Status (employed / open-to-work / studying, with confirmation timestamps) to drive the freshness signal that down-ranks stale records.
- Activity (sign-ins, profile views, contact reveals, document downloads) to maintain the audit ledger you can see on
/dashboard/activity. - Invitations you receiveif a verified Sebenza employer invites you to join the platform, we store the invitation row (the inviting organisation, your email address, the optional name + profession + personal note your inviter included) until you accept, decline, or the 14-day expiry runs out. If you decline, we honour that decision by blocking that same organisation from sending you another invitation for at least 90 days under POPIA §11. You can also report an invitation as unsolicited from a link inside every invitation email no Sebenza account required.
We do not collect anything we do not need for one of these purposes. Adding a new column requires a corresponding update to this policy.
3. Consent granular, revocable, never weaponised
We separate consent into independent purposes. You can grant or revoke any of them at any time from your privacy dashboard:
- Searchability required for your profile to appear in employer search results.
- Contact reveal lets verified employers see your email and phone. Every reveal is audit-logged.
- Document sharing lets verified employers download qualification documents you upload.
- Aggregate analytics lets us count you in anonymised national employment statistics.
- Outcomes research (Phase 7.5) opt-in inclusion in the longitudinal education-to-employment dataset. Suppressed below cohorts of 10. Withholding does not weaken your job-search experience in any way.
We do not penalise you for withholding any optional consent. We do not bundle consents. The version of consent text you saw is recorded so we can prove what you actually agreed to.
4. Who sees what (the Redaction Rule)
Your public profile never exposes your ID number, uploaded documents, or raw contact details. Those reach an employer only when:
- The employer's organisation has been verified by an admin.
- The employer has signed in with their work account.
- You have granted the relevant consent (
contact_revealfor email/phone;document_sharingfor documents). - The reveal is recorded in our audit log.
No condition skipped ever. The audit log is the system of record and you can review your own entries at /dashboard/activity.
5. How we protect it
- ID numbers are encrypted with AES-256-GCM at write time. The ciphertext is what lives in the database; the plaintext is in memory only for the length of the request that processed it.
- Connections to and from our app are encrypted in transit (TLS 1.2+).
- Administrator and employer sign-ins require two-factor authentication once the platform flag is enabled (default for new orgs).
- Every personal-information access is audit-logged with actor, subject, and timestamp.
- Rate limits, security headers (CSP, HSTS), and dependency audits run on every release.
6. How long we keep it
Active profiles persist for as long as your account is active. When you delete your account (/dashboard/privacy → Erase), we soft-delete immediately and hard-delete after a 30-day grace window. The only thing that survives the 30 days is a single audit-log tombstone proving we erased you on the date you asked.
Audit-log entries themselves are retained for 5 years for accountability, then purged. This matches financial-services convention and is documented in our retention policy at docs/popia/RETENTION_POLICY.md.
7. Where it lives (data residency)
Sebenza is built for South African in-country data residency. During the build phase, the database is hosted on Neon in the EU region; before commercial launch we migrate to AWS Cape Town (af-south-1) so that personal information never leaves South African jurisdiction. The migration runbook is at docs/AWS_MIGRATION_RUNBOOK.md; the code is already structured to make the swap a one-file change.
File uploads (CVs, qualification documents, profile photos) are stored in Supabase Storage with private-bucket-only access; reads are gated by short-lived signed URLs issued by our server only after the access checks above pass.
8. Your rights under POPIA
- Section 23 access: download a JSON file of every row we hold about you from your privacy dashboard. Audit-logged.
- Section 24 correction: edit any profile field from
/dashboard/profile. Re-confirm your national ID and consent versions from the same surface. - Section 24 deletion: erase your account from
/dashboard/privacy. 30-day grace window during which an administrator can restore; after that the row is gone. - Object to processing: revoke any consent (other than searchability while your profile is active); effective immediately.
- Complain to the Regulator: Information Regulator (South Africa) inforegulator.org.za.
9. Cookies + analytics
We use essential cookies (sign-in session, locale preference, consent state) without which the site cannot work. We do not use third-party advertising trackers. If you accept analytics cookies on the banner, we use a privacy-respecting tool to count page views no personal profile is built from your browsing.
10. Sub-processors
We rely on these processors (POPIA-aligned, with DPA terms in place):
- Database Neon (EU, build phase) → AWS Cape Town (
af-south-1, launch). See Section 7. - File storage Supabase Storage (private buckets, signed-URL reads).
- Email Resend (transactional only; domain auth via SPF + DKIM + DMARC).
- KYC verification TBC SA-registered provider (Home Affairs eHANIS adapter). Currently inactive pending partnership confirmation. While the SaaS path is dormant, identity is confirmed by an admin-mediated document review: you upload a copy of your SA ID or passport bio page; a Sebenza administrator reviews it from
/admin/verifications; the outcome is logged in the audit trail and you are notified in-app. - SAQA qualification verification SAQA NLRD via the partnership API. Currently inactive pending partnership confirmation.
11. Children
Sebenza is not directed at children under 18. We do not knowingly collect information from anyone under 18. If you believe we have, contact the Information Officer and we will remove it.
12. Changes to this policy
Material changes bump the policy version and re-prompt for consent. Minor clarifications are logged in the policy's footer with the last-updated date.
Questions? Email popia@sebenzasa.com our Information Officer responds within 5 business days. For a copy of the records-management arrangement see our PAIA manual.