Privacy Policy

1. Introduction

Apstory (Pty) Ltd (“Apstory”, “we”, “our”, or “us”) values your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (“POPIA”).

This Privacy Policy explains how we collect, use, store, and protect personal information through our websites, products, and related services.

This Policy applies to Apstory and all its products, including but not limited to RiskScape, which operates under the same privacy standards and practices set out herein.

By using our website or any Apstory product, you acknowledge that you have read and understood this Policy.

 

2. About Apstory

Apstory (Pty) Ltd is a software development company registered in the Republic of South Africa.
We design, develop, and support software solutions for businesses, and operate our own digital products such as Riskscape.

Company Information:
Apstory (Pty) Ltd
📍 3 Pegasus Road, Morningside, Johannesburg, South Africa
📧 [email protected]

 

3. Information We Collect

Apstory only collects personal information that is reasonably necessary for business purposes and to deliver our services. This may include:

Contact information: name, email address, phone number, and company name.

Account information: usernames and passwords for access to Apstory products such as RiskScape.

Usage data: details on how our platforms and services are used, such as access dates, features used, and activity logs.

Technical data: browser type, device type, IP address, and other non-identifiable metadata collected via standard analytics tools.

Communications: messages or enquiries sent through our website, contact forms, or support channels.

Client project data: information or files voluntarily uploaded or shared as part of using our products or services.

Apstory does not process or store payment card details. All financial transactions are handled through direct quotation and invoicing.

 

4. Purpose of Collection

We collect and process personal information for the following purposes:

To provide and maintain our software products and services.

To communicate with clients and respond to enquiries.

To manage user accounts and client relationships.

To improve our products and user experience.

To comply with legal and regulatory obligations.

To safeguard our systems and prevent unauthorised access or misuse.

 

5. Legal Basis for Processing

Under POPIA, we process personal information based on one or more of the following lawful grounds:

The data subject’s consent.

Performance of a contract or pre-contractual arrangements.

Compliance with legal obligations.

Legitimate interests, such as business operations, security, or fraud prevention.

 

6. Data Storage and Security

Apstory hosts all its systems and data on Microsoft Azure Cloud, which adheres to international data protection and security standards.

We apply appropriate technical and organisational measures to safeguard personal information, including:

Secure socket layer (SSL) encryption for data transmission.

Role-based access controls for staff.

Regular software updates and system maintenance in line with Microsoft’s security frameworks.

Continuous monitoring and data integrity management.

While we take all reasonable steps to secure information, no digital platform can guarantee absolute protection. Users are encouraged to safeguard their account credentials and notify us of any suspected security incidents.

 

7. Data Retention

Apstory retains personal information only for as long as necessary to fulfil the purpose for which it was collected or as required by law.

When information is no longer needed, it is securely deleted or anonymised.

 

8. Disclosure of Information

Apstory does not sell or rent personal information.

We may share limited data with trusted service providers strictly for operational purposes, including:

Cloud hosting and infrastructure (Microsoft Azure).

Technical support or analytics providers (if used).

All such service providers are bound by confidentiality and data protection agreements to ensure compliance with POPIA.

We may also disclose information when legally required by courts, regulators, or applicable law.

 

9. Your Rights Under POPIA

As a data subject, you have the right to:

Request access to your personal information.

Request correction, deletion, or restriction of your information.

Withdraw consent where processing is based on consent.

Lodge a complaint with the Information Regulator if you believe your data has been mishandled.

Information Regulator Contact Details:
Website: https://www.justice.gov.za/inforeg/
Email: [email protected]

To exercise any of these rights, contact us at [email protected].

 

10. Cookies and Tracking

Apstory may use cookies and similar technologies to enhance user experience and gather non-personal analytics data.

You can control or disable cookies through your browser settings. Doing so may affect certain functionalities of our websites or applications.

 

11. Third-Party Links

Our websites or products may contain links to external sites not operated by Apstory. We are not responsible for the content or privacy practices of such third parties, and users are encouraged to review their respective privacy policies.

 

12. Children’s Privacy

Apstory’s services are not intended for use by minors. We do not knowingly collect personal information from individuals under 18 years of age.

 

13. Policy Updates

Apstory reserves the right to update or revise this Privacy Policy at any time.
The latest version will always be available on our website. Continued use of our services after such updates constitutes acceptance of the revised Policy.

 

14. Contact Information

For any privacy-related enquiries, requests, or concerns, please contact:

Apstory (Pty) Ltd
📍 3 Pegasus Road, Morningside, Johannesburg, South Africa
📧 [email protected]