Trust centre
Security & trust
KomplyZA processes organisational security and compliance data. This page summarises how we protect it.
Encryption
- In transit: HTTPS (TLS 1.2+) for all browser and API traffic between you and KomplyZA.
- At rest: Platform data is stored with our infrastructure providers using industry-standard encryption (including AES-256 class protections where applicable by the provider).
- Secrets: Application secrets and keys are never exposed to the browser and are held only in secure server environments.
Data residency
Primary production data is hosted on Supabase in the European Union (Frankfurt) region. Full disclosure appears in our Privacy Policy, including cross-border transfer considerations under POPIA.
Sub-processors
KomplyZA uses the following sub-processors to deliver the service. Data Processing Agreements (DPAs) or equivalent contractual safeguards are in place as required by POPIA.
| Sub-processor | Purpose | Notes |
|---|---|---|
| Supabase | Hosted PostgreSQL database, authentication, file storage | European Union (Frankfurt) |
| Vercel | Application hosting and edge delivery | Global (CDN); configuration specifies secure defaults |
| Anthropic | AI policy and plan generation (server-side only; prompts sanitised) | United States / per provider terms |
| Resend | Transactional email delivery | Per provider infrastructure |
| Paystack | Payment processing for subscriptions (South Africa) | South Africa / per provider terms |
POPIA compliance statement
KomplyZA (Pty) Ltd acts as a responsible party in respect of personal information we process about our users and, where applicable, as operator when processing on documented instructions from customers. We process personal information lawfully, minimise collection, implement reasonable security safeguards, honour data subject rights, and support breach notification obligations where required by law.
For full detail on purposes, categories of information, retention, rights, and complaints, see our Privacy Policy.
Responsible disclosure
If you believe you have found a security vulnerability in KomplyZA, please report it privately to security@komplyza.com. Include a clear description, steps to reproduce, and any supporting evidence. Do not perform testing that degrades service for other users or accesses data you do not own. We aim to acknowledge valid reports promptly and work with you on coordinated disclosure where appropriate.
Contact
Security questions: security@komplyza.com
This page is for transparency and does not replace legal advice or a signed agreement.