LEGAL & COMPLIANCE

PRIVACY POLICY: MAHANAIM EMPIRE (PTY) LTD

Strictly governing the processing of personal and corporate information.

Last Updated: December 2025

1. Introduction and Legal Scope

This Privacy Policy constitutes a binding agreement between Mahanaim Empire (Pty) Ltd ("the Company," "we," "us") and the user ("the Client" or "User"). This policy strictly governs the processing of personal and corporate information belonging to both natural and juristic persons, as mandated by the Protection of Personal Information Act, 2013 (POPIA).

By accessing and utilizing the Portal, you acknowledge and agree that Mahanaim Empire (Pty) Ltd acts as a "Secure Vault Provider" (Operator) under POPIA. Consequently, the Client remains the "Responsible Party" for all data uploaded regarding their own employees and clients.

2. Accountability and Information Officer

To ensure total compliance with Section 55 of POPIA, we have appointed a dedicated Information Officer to oversee all data protection strategies and regulatory adherence:

3. The Data Map: Specific Information Collected

We limit our data processing to the following specific categories:

  • Account Credentials: Full name, professional email address, job title, and strictly encrypted login credentials.
  • Compliance Documentation: All documents explicitly uploaded to the "Master Library," including but not limited to Tax Clearances, B-BBEE Certificates, and Financial Statements. We maintain a strict policy of not collecting any documents that are not explicitly provided by the user.
  • Technical Metadata: IP addresses, browser specifications, and session cookies required for secure authentication and security auditing.
  • AI Metadata: We store backend prompts and configurations. However, "Scope of Work" inputs are not stored in permanent logs once a session is terminated, unless the user intentionally saves them within a "Case".

4. Strict Purposes of Processing

Your information is processed solely for the following business-critical functions:

  • Facilitating Tender Management and AI-driven Proposal Generation.
  • Maintaining a robust audit trail of document access to satisfy tender compliance requirements.
  • Validating license status through our secure heartbeat system (license.mahanaimoffice.co.za).
  • Maintaining platform integrity and preventing unauthorized system access.

5. Third-Party Sub-Processors and Loophole Protection

To maintain a high-performance, enterprise-grade SaaS environment, we utilize selected third-party services with strict protections:

  • Infrastructure: Hosted via Domains.co.za on secure servers located exclusively in Johannesburg and Cape Town, South Africa.
  • AI Processing: Powered by Google Gemini API (Enterprise Edition).
  • Data Sovereignty: We have explicitly opted out of data training. Your inputs are utilized for real-time inference only and are never used by third parties to improve global AI models.
  • Ancillary Systems: Use of TinyMCE for editing, cPanel for management, and PHP-based SMTP for transactional alerts.

6. Data Retention and Secure Purge Protocols

  • Case Continuity: To support long-term audit requirements for government and private tenders, case logs and data are retained permanently unless the Client submits a formal deletion request.
  • Account Termination: Upon the end of a subscription, the Company will consolidate all uploaded documents into a secure .zip archive for the Client. Once delivery is confirmed, all Client data will be permanently purged from active servers within 30 days.

7. Enhanced Security Measures (POPIA Section 19)

We employ a "Secure by Design" framework to protect your data:

  • Integrity Protection: Use of PDO Prepared Statements to neutralize SQL injection threats.
  • Confidentiality Management: Role-Based Access Control (RBAC) ensures data is only visible to authorized personnel.
  • Encryption: 256-bit SSL/TLS encryption is mandated for all data in transit.
  • Active Monitoring: Comprehensive logging of IP addresses and browser fingerprints to detect and block suspicious activity in real-time.

8. User Responsibilities and Limitation of Liability

  • Mandatory Backup Duty: While we provide a secure vault, the Client is strictly responsible for maintaining independent backups of all data. The Company is not liable for data loss caused by user error, hardware failure, or third-party hosting disruptions.
  • Instance Security: Clients are solely responsible for password strength and the security of the local devices used to access the portal.
  • AI Verification & Human-in-the-Loop: All AI-generated content is provided "as is." The Client, as the professional consultancy, serves as the final human authority responsible for the accuracy and pricing of all generated proposals.

9. Legal Recognition (ECT Act)

Pursuant to the Electronic Communications and Transactions Act (ECTA) No. 25 of 2002, all "Data Messages" (including AI-generated proposals) generated or stored within this portal are legally recognized as being "in writing" and satisfy the legal requirements for original documentation in South Africa.

10. Your Statutory Rights

Under POPIA, you retain the following rights:

  • To access the personal information we hold.
  • To request the correction or deletion of inaccurate or unnecessary data.
  • To object to processing for marketing purposes.
  • To lodge a complaint with the South African Information Regulator at inforeg@justice.gov.za.
Analogy for Understanding

Think of our platform as a digital safety deposit box inside a high-security bank vault. We provide the reinforced walls (Security Measures), the logs of who enters the vault (Audit Trails), and the specialized tools inside to help you organize your files (AI Processing). However, you hold the primary key; you decide what goes into the box, and you are responsible for making sure the contents you take out for your tenders are accurate and complete before you present them to the world.

I Understand & Agree