Privacy Policy
Effective date: 26 March 2026
Asoba Corporation ("Asoba", "we", "us") is committed to protecting your personal information in compliance with the Protection of Personal Information Act, 2013 (POPIA) and the General Data Protection Regulation (GDPR) where applicable.
1. Information We Collect
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account identification, verification codes, service communications | Duration of account |
| Site name and location | Forecast generation context | Duration of account |
| Historical energy data (CSV) | Input for forecast model | 90 days after processing |
| Marketing consent preference | Record of opt-in/opt-out for marketing communications | Duration of account |
| Consent timestamp | Audit trail for regulatory compliance | Duration of account |
| Usage metadata | Rate limiting, service improvement | 12 months |
2. How We Use Your Information
We process your personal information for the following purposes:
- Service delivery: Generating energy forecasts from your uploaded data
- Verification: Sending one-time codes via email to verify your identity
- Communications: Service notifications, forecast results, and account updates
- Marketing (opt-in only): Energy insights, product updates, and industry research — only if you explicitly consent
- Service improvement: Aggregated, anonymized analytics to improve forecast accuracy
3. Legal Basis for Processing
- Consent (POPIA s11, GDPR Art 6(1)(a)): You consent to data processing when you accept the Terms of Use and submit data. Marketing communications require separate opt-in consent.
- Legitimate interest (POPIA s11, GDPR Art 6(1)(f)): Service improvement using aggregated, anonymized data.
- Contractual necessity (GDPR Art 6(1)(b)): Processing required to deliver the forecast service you requested.
4. Data Storage and Security
Your data is stored in AWS infrastructure in the af-south-1 (Cape Town) region. We implement the following security measures:
- Encryption in transit (HTTPS/TLS) and at rest (AES-256)
- Role-based access control with MFA for administrative access
- IDOR protection preventing cross-customer data access
- Automated security scanning via weekly Prowler audits
- DynamoDB TTL-based automatic deletion for temporary data
5. Data Sharing
We do not sell your personal information. We may share data with:
- AWS: Cloud infrastructure provider (data processing agreement in place)
- Law enforcement: When required by South African law or valid court order
6. Your Rights
Under POPIA and GDPR, you have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your data (subject to legal retention requirements)
- Withdraw consent: Withdraw marketing consent at any time by contacting us
- Data portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interest
To exercise any of these rights, contact support@asoba.co.
7. Cookies
The eSUMS forecast service does not use tracking cookies. Session data is stored in your browser's localStorage and is not transmitted to third-party analytics services.
8. Children
Our Services are not directed at children under 18. We do not knowingly collect personal information from children.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users. The effective date at the top of this page indicates when the policy was last revised.
10. Information Officer
For privacy-related inquiries or complaints:
Asoba Corporation
Email: support@asoba.co
Regulator: Information Regulator (South Africa)