Master Privacy Policy

Simple Fintech (Pty) Ltd (CIPC Registration No. K2022570508) (“Simple Fintech”, “we”, “us”, “our”)

Applies to: meetsimple.co, krated.com, steersure.com, and any other product or service owned and operated by Simple Fintech (Pty) Ltd (collectively, the “Services”). Krated and steersure are products of Simple Fintech (Pty) Ltd.

Last updated: 10 February 2026

1. Purpose and legal framework

1.1 This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you use our Services.

1.2 We process personal information in accordance with applicable data protection laws, including South Africa’s Protection of Personal Information Act, 2013 (POPIA) (and, where applicable, the GDPR/other laws for international users).

2. Who is responsible for your information

2.1 Responsible party: Simple Fintech (Pty) Ltd (CIPC K2022570508).

2.2 Product brands: Krated (krated.com) and steersure (steersure.com) are products owned and operated by Simple Fintech (Pty) Ltd.

3. What we collect

We may collect the following categories (depending on which Service you use):

3.1 Information you provide

• Account and profile details (name, email, company name, role).
• Support communications (messages, tickets, attachments).
• Billing and commercial info (plan, invoices, payment status) (processed via payment providers where applicable).

3.2 Customer Data you connect or upload

• Business/operational data such as orders, inventory, deliveries, product catalogues, customer lists, pricing, and related transaction records (typical of Krated).
• Accounting, inventory, sales, and other business systems data used to generate insights, alerts, and forecasts (typical of steersure).

3.3 Usage and device data

• Log data and usage analytics (features used, timestamps, pages/screens, error logs).
• Approximate location (based on IP), device identifiers, browser type, and similar technical data.

3.4 Cookies and similar technologies

We may use cookies/local storage for authentication, preferences, security, and analytics. See Section 10.

3.5 Special personal information

We do not intentionally seek to collect special personal information (e.g., health, biometrics). If you upload it, you are responsible for ensuring you have a lawful basis and appropriate safeguards.

3.6 Children

Our Services are intended for business users and are not directed to children.

4. How we use information (purposes)

We use personal information and Customer Data to:

• Provide, operate, maintain, and secure the Services.
• Generate analytics, insights, alerts, and forecasts (including weekly briefings where applicable).
• Communicate with you (service messages, support, updates).
• Improve the Services (product development, debugging, performance, and quality).
• Manage billing, subscriptions, and contractual administration.
• Comply with legal obligations and enforce our Terms.

5. Lawful bases for processing (POPIA/GDPR-style)

Depending on context, we process information based on:

• Contractual necessity (to provide the Services you requested).
• Legitimate interests (security, fraud prevention, service improvement, analytics).
• Consent (where required, e.g., certain marketing communications or optional cookies).
• Legal obligation (tax, accounting, lawful requests).

6. How we share information (no selling; limited sharing)

We do not sell your personal information or Customer Data.

We may share information only:

6.1 With service providers (operators/sub-processors) to enable the Services, such as:

• hosting and infrastructure providers,
• analytics and monitoring tools,
• customer support tooling,
• payment processors (if applicable),
• integration partners you connect (e.g., accounting platforms),
• AI provider: OpenAI (where AI features are used). OpenAI states business/API data is not used to train models by default, and API abuse monitoring logs may be retained up to 30 days by default.

6.2 For legal reasons

Such as responding to lawful requests, enforcing our agreements, protecting rights/safety, or investigating fraud.

6.3 Business transfers

If we undergo a merger, acquisition, restructuring, or asset sale (with appropriate safeguards).

7. AI processing details (OpenAI)

7.1 If you use AI-enabled features, we may transmit relevant inputs (which may include personal information depending on what you provide) to OpenAI to generate outputs.

7.2 We take reasonable steps to minimise data shared and encourage customers not to submit unnecessary sensitive data to AI features.

7.3 OpenAI publishes data controls and retention behaviour for its API platform, including default retention of abuse monitoring logs for up to 30 days.

8. Security

8.1 We use reasonable administrative, technical, and organisational measures to protect information.

8.2 Data is encrypted in transit and at rest. Where applicable, we use bank-level encryption (256-bit AES) and read-only access connections.

8.3 No system is perfectly secure; you should use strong passwords and restrict access appropriately.

9. Retention

9.1 We retain information for as long as needed to provide the Services and for legitimate business purposes (e.g., dispute resolution, security, compliance).

9.2 For product Customer Data: when you cancel, we delete Customer Data within 30 days, and you may request immediate deletion.

9.3 We may retain limited records longer where legally required (e.g., tax/accounting).

10. Cookies and analytics

10.1 We use necessary cookies for login/session security and basic site functionality.

10.2 We may use analytics cookies/tools to understand usage and improve the Services.

10.3 Where required by law, we will provide cookie controls and obtain consent for non-essential cookies.

11. International transfers

11.1 We may process and store information in South Africa and other countries where we or our service providers operate.

11.2 Where cross-border transfers occur, we implement appropriate safeguards consistent with POPIA and other applicable laws.

12. Your rights (POPIA and other applicable laws)

Subject to law, you may have the right to:

• request access to your personal information,
• request correction/update,
• request deletion (where applicable),
• object to certain processing,
• withdraw consent (where processing is based on consent),
• request a copy/export of your data (where supported).

13. How to exercise your rights / complaints

13.1 Contact us using the details in Section 15.

13.2 If you are not satisfied, you may lodge a complaint with the Information Regulator (South Africa) (POPIA).

14. Third-party links and integrations

Our Services may link to or integrate with third parties. Their privacy practices are governed by their own policies; please review them before connecting or sharing data.

15. Contact details

For all enquiries across any of our products (including Krated and steersure): hello@meetsimple.co