Privacy Policy
Version 2026-06-03 · Effective 2026-06-03 · Operated by Digital Culture Innovations (Pty) Ltd.
Leam HQ is POPIA-ready for controlled beta use.
Designed with POPIA principles in mind. Operational privacy workflows are
in place — PDF-only data exports, data subject access / correction /
deletion / objection handling, account and workspace deletion workflows,
audit-logged actions, and strict separation between user workspaces and
Leam HQ internal operations.
This document describes how Leam HQ, a product of Digital Culture Innovations (Pty) Ltd
(Registration 2026/173422/07, Kimberley, South Africa), handles your data
under the Protection of Personal Information Act, 2013. Questions:
legal@leamhq.co.za.
This Privacy Policy explains how Digital Culture Innovations (Pty) Ltd ("we", "us", "Leam HQ") collects, uses, stores and protects personal information when you use the Leam HQ application and website.
1. Who we are
Digital Culture Innovations (Pty) Ltd, Registration 2026/173422/07, Kimberley, South Africa. Our Information Officer is registered with the South African Information Regulator. Privacy enquiries: legal@leamhq.co.za.
2. Our role under POPIA
Leam HQ has a dual role:
- Responsible Party in respect of your own Leam HQ account information (your name, email, login activity, billing details).
- Operator in respect of the customer, lead, project, invoice, booking and ticket data you choose to store inside your workspace. You remain the Responsible Party for that data and must have your own lawful basis to process it.
3. What we collect
From you as an account holder
- Identity: email address, full name, avatar URL.
- Authentication: managed by Supabase Auth. We never see raw passwords.
- Activity: IP address, user agent, request and correlation identifiers for every authenticated request.
- Workspace membership and role.
- AI conversation history with the Leam HQ agent.
- Business profile: business name, contact details, banking reference, VAT rate, currency (only if you choose to enter them).
About your customers (processed on your behalf)
- Leads, clients, projects, invoices, bookings, support tickets, onboarding form submissions, notes and reminders.
- Files you or your customers upload through onboarding forms.
From integrations you choose to connect
- OAuth tokens for Google (Calendar, Gmail, Drive) and Microsoft (Outlook, Calendar). We store these tokens to perform the integration on your behalf.
4. How we use it
- To operate, secure and improve Leam HQ.
- To process payments via PayFast.
- To send transactional emails (account confirmations, invoices, automations, support replies).
- To detect abuse, prevent fraud and meet legal obligations.
- We do not sell your data, your customers' data, or your AI conversations.
5. Where data is stored — cross-border transfers
Leam HQ is operated from South Africa. Some of our infrastructure providers store or process data outside South Africa. Our Supabase database and storage infrastructure for this project is hosted in the EU / Ireland region. Our application hosting on Render is located in Frankfurt, Germany. This means personal information, workspace data, request metadata and application traffic may be transferred to or processed outside South Africa.
We use reputable infrastructure providers and apply reasonable technical and organisational safeguards to protect personal information. The full list of providers and their regions is published at Sub-processors. By using Leam HQ you consent to these cross-border transfers as required for the service to function.
6. Security
We maintain reasonable technical and organisational safeguards: workspace isolation, audit logging, rate limiting, SSRF-blocked outbound webhooks, PayFast-verified payment notifications, OAuth state HMAC, and process-level safety nets. Data is encrypted in transit by HTTPS and at rest by our infrastructure providers. No platform is perfectly secure; we work continuously to harden Leam HQ.
7. Your rights under POPIA
You may at any time:
- Access the personal information we hold about you (s.23).
- Request correction of inaccurate personal information (s.24).
- Request deletion of personal information that is no longer required for its purpose.
- Object to processing (s.11(3)).
- Lodge a complaint with the South African Information Regulator at inforegulator.org.za.
Inside the app, use the Privacy & Data section of Settings, or email legal@leamhq.co.za. We respond within 30 days.
8. Retention
We retain account and workspace records for the duration of your subscription plus a reasonable period required for accounting, tax, audit and legal-defence purposes. Audit logs are retained for at least 12 months. Cancelled or deleted workspaces enter a 30-day grace window during which deletion may be revoked, after which data is permanently removed (some sub-processor backup cycles may extend this by up to a further 30 days).
9. Children
Leam HQ is not intended for use by children under 18. We do not knowingly process the personal information of children.
10. Changes to this Policy
We will publish a new version with a new effective date when we materially change this Policy. The version in force when you accepted at signup is preserved against your account.
11. Contact
Digital Culture Innovations (Pty) Ltd
Registration 2026/173422/07
Kimberley, South Africa
Privacy & legal: legal@leamhq.co.za
General support: support@leamhq.co.za
Leam HQ is operated by Digital Culture Innovations (Pty) Ltd and is POPIA-ready for controlled beta use.