Privacy Policy
LetSignal Website: https://letsignal.co.za
Effective Date: 14 April 2026 Last Updated: 14 April 2026
1. Introduction
LetSignal (Pty) Ltd ("LetSignal", "we", "us", or "our") is committed to protecting the personal information of all individuals who interact with our platform. This Privacy Policy explains how we collect, use, store, share, and protect personal information in compliance with the Protection of Personal Information Act 4 of 2013 ("POPIA") and its associated regulations.
By using our website or platform at https://letsignal.co.za, you acknowledge that you have read and understood this Privacy Policy.
2. Definitions
- Data Subject: The individual whose personal information is being processed (e.g. a tenant applicant, agency employee, or website visitor).
- Personal Information: Information relating to an identifiable, living, natural person or an identifiable, existing juristic person, as defined in POPIA.
- Processing: Any operation performed on personal information, including collection, storage, use, sharing, modification, or destruction.
- Responsible Party: The entity that determines the purpose and means of processing personal information. Depending on the context, this may be LetSignal or the letting agency using the platform.
- Operator: A person who processes personal information on behalf of a responsible party under a contract or mandate.
- Information Officer: The person responsible for ensuring compliance with POPIA within the organisation.
- Special Personal Information: Personal information concerning a data subject's religious or philosophical beliefs, race or ethnic origin, trade union membership, political persuasion, health, sexual life, biometric information, or criminal behaviour.
3. Contact
For any queries or requests relating to your personal information, please contact us using the contact form on our website at https://letsignal.co.za.
4. Our Role as Responsible Party and Operator
LetSignal operates as a platform that connects letting agencies with prospective tenants. In this context:
- When LetSignal acts as a Responsible Party: We are the responsible party for personal information we collect directly, such as account registration details of agency users, website visitor data, and billing information.
- When LetSignal acts as an Operator: When a letting agency uses our platform to collect and process tenant application data, the letting agency is the responsible party and LetSignal acts as an operator processing personal information on their behalf, in accordance with a written agreement.
5. What Personal Information We Collect
5.1 Tenant Applicant Information (collected on behalf of letting agencies)
- Full name, surname, and identity number
- Contact details (email address, phone number)
- Physical and postal addresses
- Employment details and employment references
- Financial information (payslips, bank statements, proof of income)
- Identity documents (South African ID, passport, or equivalent)
- Proof of address documentation
- FICA-related documentation
- Application fee payment details and proof of payment
- Any additional information required by the letting agency's application form
5.2 Agency User Information
- Full name and surname
- Email address
- Phone number
- Company/agency name and details
- Account login credentials (passwords are encrypted and never stored in plain text)
- Role and access permissions within a team
5.3 Website Visitor Information
- IP address
- Browser type and version
- Device information
- Pages visited and time spent on pages
- Cookies and similar tracking technologies (see our Cookie Policy)
6. How We Collect Personal Information
We collect personal information through:
- Online application forms completed by tenant applicants via our platform
- Document uploads submitted by tenant applicants (ID documents, payslips, bank statements, FICA documents)
- Account registration when agency users create an account on our platform
- Automated means such as cookies and analytics tools when you visit our website
- Communication via email, phone, or our website contact forms
7. Purpose of Processing
We process personal information for the following specific, defined purposes:
- Tenant application processing: Facilitating the rental application process on behalf of letting agencies, including document collection, verification, and organisation
- Application fee tracking: Tracking EFT payments and verifying proof of payment for application fees
- Platform operations: Providing, maintaining, and improving our platform and services
- Account management: Creating and managing agency user accounts, team access controls, and audit trails
- Communication: Sending notifications, reminders for incomplete applications, and service-related messages
- Document management: Organising, tagging, and exporting uploaded documents (as ZIP files or formatted PDFs)
- Compliance and legal obligations: Maintaining timestamped audit records and meeting regulatory requirements
- Security: Protecting the platform and its users from fraud, abuse, and unauthorised access
- Billing and invoicing: Processing payments for agency subscriptions or services
8. Legal Basis for Processing
We process personal information on one or more of the following grounds as set out in POPIA:
- Consent: Where the data subject has given voluntary, specific, and informed consent
- Contractual necessity: Where processing is necessary to perform a contract to which the data subject is a party
- Legal obligation: Where processing is necessary to comply with a legal obligation
- Legitimate interest: Where processing is necessary for pursuing the legitimate interests of the responsible party or a third party to whom the information is supplied, provided this does not prejudice the rights of the data subject
9. Sharing and Disclosure of Personal Information
We may share personal information with the following categories of recipients:
- Letting agencies: Tenant application data is shared with the letting agency to which the application was submitted. The agency is the responsible party for this data.
- Service providers: We may use third-party service providers for hosting, analytics, email delivery, and payment processing. These providers are bound by data processing agreements and may only process information on our instructions.
- Legal and regulatory authorities: We may disclose information where required by law, regulation, legal process, or enforceable governmental request.
- Professional advisors: Accountants, auditors, and legal advisors who are bound by confidentiality obligations.
We do not sell personal information to third parties. We do not share personal information with third parties for their direct marketing purposes without the data subject's explicit consent.
10. Cross-Border Transfers
If personal information is transferred to a party in another country, we will ensure that the recipient is subject to a law, binding corporate rules, or a binding agreement that provides an adequate level of protection comparable to POPIA.
11. Retention of Personal Information
We retain personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specifically:
- Tenant application data: Retained for the duration required by the letting agency's instructions, after which it is securely deleted or anonymised.
- Agency user accounts: Retained for the duration of the business relationship and for a reasonable period thereafter for legal and audit purposes.
- Website visitor data: Retained in accordance with our Cookie Policy.
- Financial and billing records: Retained for the period required by applicable tax and financial legislation.
When personal information is no longer needed, it is securely destroyed or de-identified in a manner that prevents reconstruction.
12. Security Safeguards
We take the security of personal information seriously and have implemented appropriate technical and organisational measures to protect it against loss, damage, unauthorised access, destruction, use, modification, or disclosure. These measures include:
- Encryption of data in transit and at rest
- Secure access controls and role-based permissions
- Regular security assessments and updates
- Timestamped audit trails for all platform activity
- Secure document storage and handling
- Staff training on data protection and security practices
We regularly review and update our security measures to address emerging threats and vulnerabilities.
13. Your Rights as a Data Subject
Under POPIA, you have the following rights in relation to your personal information:
- Right of access: You may request confirmation of whether we hold your personal information and request access to it.
- Right to correction: You may request that we correct or update inaccurate, incomplete, or misleading personal information.
- Right to deletion: You may request the deletion or destruction of your personal information, subject to legal retention requirements.
- Right to object: You may object to the processing of your personal information on reasonable grounds, including objecting to the use of your information for direct marketing.
- Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
- Right to lodge a complaint: You have the right to lodge a complaint with the Information Regulator if you believe your rights have been infringed.
How to exercise your rights
To exercise any of the above rights, please contact our Information Officer using the details provided in Section 3. We will respond to your request within a reasonable time and in any event within 30 days. We may request verification of your identity before acting on your request.
14. Direct Marketing
We will only use your personal information for direct marketing purposes with your prior, specific, and informed consent. You may opt out of receiving marketing communications at any time by contacting us or using the unsubscribe link provided in our communications.
15. Children's Information
Our platform is not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child, we will take steps to delete it as soon as reasonably practicable.
16. Automated Processing
Our platform uses automated processes for form validation, notification delivery, and document organisation. We do not make automated decisions about tenant applications. All decisions regarding the approval or rejection of applications are made by the letting agency.
17. Data Breach Notification
In the event of a data breach that compromises the confidentiality or integrity of personal information, we will:
- Notify the Information Regulator as soon as reasonably possible
- Notify affected data subjects as soon as reasonably possible
- Provide sufficient information about the breach to allow data subjects to take protective measures
18. Complaints
If you are not satisfied with how we handle your personal information, you may lodge a complaint with:
The Information Regulator (South Africa) Website: https://inforegulator.org.za Email: complaints.IR@justice.gov.za Phone: 012 406 4818
19. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify users of material changes by posting the updated policy on our website with a revised "Last Updated" date. We encourage you to review this policy periodically.
20. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal information, please contact us using the contact form on our website at https://letsignal.co.za.
This Privacy Policy is intended to comply with the Protection of Personal Information Act 4 of 2013 (POPIA) and its associated regulations, including the POPIA Amendment Regulations 2025. It does not constitute legal advice. We recommend consulting a qualified legal professional for specific compliance guidance.