WE MAKE IT SIMPLE TO UNDERSTAND:
KeepSave stores some of the most personal information you'll ever share online — your will, your ID, your insurance, your family's details, and your final wishes. We take that responsibility seriously.
This Privacy Policy explains what information we collect, why we collect it, how we protect it, who we may share it with, and what your rights are. We've written it in plain language because we believe you deserve to understand it.
If you have any questions, contact our Information Officer at: [email protected]
1. Who We Are and How to Contact Us
1.1 KeepSave (Pty) Ltd ("KeepSave", "we", "us", "our") is a South African digital life administration platform registered in the Republic of South Africa.
1.2 We operate the website at www.keepsave.co.za and the KeepSave mobile platform (together, the "Platform").
1.3 Our Information Officer, appointed in terms of POPIA, is responsible for overseeing our compliance with this Policy and all applicable data protection legislation.
Information Officer Contact Details
Name: Bertus de Klerk | Email: [email protected]
Postal address: Western Cape, Vierlanden, 125 Murray
Complaints may also be directed to the Information Regulator (South Africa): www.justice.gov.za/inforeg
2. What Personal Information We Collect
We collect personal information that you provide to us directly, that is generated through your use of the Platform, or that we receive from third parties. This includes:
2.1 Information you provide directly
- Identity information: full name, ID number, date of birth, gender, nationality
- Contact information: email address, phone number, physical address
- Account credentials: email address and password (encrypted)
- Will and estate information: beneficiaries, executor details, asset descriptions, guardian appointments
- Family and relationship information: spouse, children, next of kin details
- Financial information: insurance policy numbers, bank account details, investment references
- Documents: uploaded copies of ID, marriage certificate, birth certificates, insurance policies, vehicle registration, property deeds, and other life admin documents
- Legacy content: written letters, video messages, funeral wishes, passwords and access credentials (encrypted)
- Business information: company registration details, directorship information
2.2 Information collected automatically
- Device information: IP address, browser type, operating system, device identifiers
- Usage data: pages visited, features used, time spent, actions taken on the Platform
- Log data: server logs, error reports, access timestamps
- Cookies and similar technologies: session cookies, preference cookies (see our Cookie Policy)
2.3 Special personal information
3. Why We Collect Your Information — Lawful Basis
We process your personal information only where we have a lawful basis to do so under POPIA. The lawful bases we rely on are:
| Purpose | Why we need it | Lawful basis |
|---|---|---|
| Creating and managing your account | To provide you with access to the Platform and your personal vault | Contract |
| Will creation and storage | To generate, store, and manage your will and testament | Contract + Consent |
| Document vault | To securely store your uploaded personal documents | Contract + Consent |
| Legacy messages | To store letters, videos, and final wishes for your family | Consent |
| Family access management | To enable trusted contacts to access your information | Consent |
| B2B partner services | To enable attorney firms, financial advisors, and other partners to provide services | Contract + Consent |
| Platform improvement | To analyse usage and improve our features | Legitimate interest |
| Legal compliance | To meet our obligations under South African law | Legal obligation |
| Security and fraud prevention | To protect your account and our Platform | Legitimate interest |
| Marketing communications | To send you updates, tips, and offers (with your consent) | Consent |
4. Who We Share Your Information With
We do not sell your personal information. We share it only in the circumstances described below, and always with appropriate protections in place.
4.1 B2B partner firms (attorneys, financial advisors, insurers)
If you access KeepSave through a partner firm, or if you consent to connect with a professional service provider, we may share relevant information with that firm. We share only what is necessary and only with your explicit consent. All B2B partners are required to sign a data processing agreement with KeepSave.
4.2 Service providers (operators)
We use trusted third-party service providers to operate our Platform, including:
- Cloud hosting and storage providers (servers located in South Africa or EU-adequate jurisdictions)
- Email and communication service providers
- Payment processors (for subscription payments)
- Analytics providers (anonymised data only)
- AI service providers powering the Keeps assistant
All service providers are bound by data processing agreements and may only process your information on our documented instructions.
4.3 Law enforcement and legal obligations
We may disclose your information where required by law, court order, or to protect the rights, property, or safety of KeepSave, our users, or the public.
4.4 Authorised family members
You may designate trusted contacts who can access certain information in your vault in an emergency or upon your passing. You control exactly who has access and to what.
4.5 Business transfers
If KeepSave is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.
5. Cross-Border Transfers
5.1 KeepSave stores data primarily in South Africa. Where we use service providers located outside South Africa, we ensure that adequate protection exists, including:
- Transfers to countries with adequate data protection laws recognised by the Information Regulator;
- Contractual protections equivalent to those required under POPIA; or
- Your explicit consent to the transfer.
5.2 We will never transfer your personal information to a country that does not provide an adequate level of protection without appropriate safeguards.
6. How We Protect Your Information
We implement appropriate technical and organisational measures to protect your personal information, including:
- Encryption of data in transit (TLS/SSL) and at rest (AES-256)
- Role-based access controls — only authorised personnel can access personal data
- Two-factor authentication available for your account
- Regular security assessments and penetration testing
- Secure data centres with physical access controls
- Employee training on data protection and security
- Incident response procedures for data breaches
DATA BREACH NOTIFICATION:
If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Regulator and affected users within 72 hours of becoming aware of the breach, as required by POPIA.
7. How Long We Keep Your Information
| Information type | Retention period | Reason |
|---|---|---|
| Account and will data | Duration of account + 5 years | Legal requirement — wills may be contested |
| Uploaded documents | Duration of account + 3 years after deletion request | POPIA retention obligation |
| Legacy messages | Until you delete them or your nominated beneficiary claims them | User consent — you control this |
| Financial records | 7 years from transaction date | SARS and Companies Act requirement |
| Usage and log data | 12 months rolling | Security and fraud prevention |
| Marketing consent records | Until consent is withdrawn + 3 years | Evidence of consent under POPIA |
| Deleted account data | 30 days grace period, then permanent deletion | Allows account recovery if deleted accidentally |
8. Your Rights Under POPIA
You have the following rights in relation to your personal information. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
| Right to access | You may request a copy of the personal information we hold about you at any time. |
| Right to correction | If your information is inaccurate, incomplete, or outdated, you may request that we correct or update it. |
| Right to deletion | You may request that we delete your personal information where we no longer have a lawful basis to retain it. |
| Right to object | You may object to our processing of your information for direct marketing purposes at any time. |
| Right to withdraw consent | Where we process your information based on your consent, you may withdraw that consent at any time without penalty. |
| Right to data portability | You may request your personal information in a commonly used, machine-readable format. |
| Right to complain | If you believe we have not complied with POPIA, you may lodge a complaint with the Information Regulator at www.justice.gov.za/inforeg |
9. Cookies
9.1 We use cookies and similar technologies to operate and improve our Platform. You can control cookies through your browser settings, though disabling certain cookies may affect functionality.
9.2 We use the following types of cookies:
- Essential cookies: required for the Platform to function (login sessions, security)
- Preference cookies: remember your settings and preferences
- Analytics cookies: help us understand how users interact with our Platform (anonymised)
9.3 We do not use advertising or tracking cookies that follow you across other websites.
10. Children's Privacy
10.1 KeepSave is not directed at children under the age of 18. We do not knowingly collect personal information from children without verifiable parental consent.
10.2 If you believe we have inadvertently collected information from a child, please contact us at [email protected] and we will delete it promptly.
11. Changes to This Policy
11.1 We may update this Privacy Policy from time to time. When we do, we will update the 'Last reviewed' date at the top of this document.
11.2 For material changes, we will notify you by email or by a prominent notice on our Platform at least 30 days before the changes take effect.
11.3 Your continued use of our Platform after the effective date of any changes constitutes your acceptance of the updated Policy.
12. How to Contact Us
For any privacy-related questions, requests, or complaints:
Information Regulator (South Africa)
Website: www.justice.gov.za/inforeg
Email: [email protected]
Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg