Privacy Notice

1. Introduction

Larasoft (Pty) Ltd respects your privacy and is committed to protecting your personal information in accordance with the Protection of Personal Information Act (POPIA) and other applicable data protection laws.

This Privacy Notice explains how we collect, use, store, and protect your personal information when you use our cloud reporting and data integration services.

2. Information Officer

Our Information Officer is responsible for POPIA compliance:

3. What Information We Collect

We collect and process various types of personal information depending on how you interact with our services:

For a complete list of processing activities, please see our Data Processing Register.

4. How We Use Your Information

We use your personal information for the following purposes:

• To provide and maintain our cloud reporting services
• To process and sync data from your connected applications (Xero, CIN7, etc.)
• To generate reports and analytics based on your business data
• To provide customer support and respond to your inquiries
• To send important service updates and notifications
• To comply with legal and regulatory requirements
• To improve and optimize our services

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

• Encryption at rest and in transit (AES-256, TLS)
• Secure cloud infrastructure hosted in South Africa (Azure South Africa North)
• Access controls and authentication (including MFA)
• Regular security audits and monitoring
• Secure backup and disaster recovery procedures
• Staff training on data protection and privacy

6. Third-Party Services

We work with trusted third-party service providers to deliver our services. These include:

• Microsoft Azure (cloud hosting - South Africa)
• Xero (accounting integration)
• CIN7 (inventory management integration)
• AWS S3 (secure file storage - Cape Town, South Africa)

We ensure that all third-party processors have appropriate data protection agreements in place and comply with POPIA requirements.

7. Your Rights Under POPIA

You have the following rights regarding your personal information:

• Right to Access: Request a copy of your personal information
• Right to Correction: Request correction of inaccurate information
• Right to Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Right to Object: Object to processing of your personal information
• Right to Data Portability: Request your data in a portable format
• Right to Lodge a Complaint: Complain to the Information Regulator

To exercise any of these rights, please contact our Information Officer at hello@larasoft.global.

8. International Data Transfers

We primarily store and process data within South Africa. However, some of our integration partners (such as Xero, CIN7) may transfer data internationally. When we do transfer data outside of South Africa, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Data processing agreements with GDPR/POPIA-compliant providers
• Ensuring adequate data protection laws in the destination country

9. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal and regulatory requirements (typically 7 years for financial data)
• Resolve disputes and enforce our agreements

When we no longer need your information, we securely delete or anonymize it.

10. Changes to This Privacy Notice

We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through our website.

11. Contact Us

If you have any questions about this Privacy Notice or our privacy practices, please contact us: