Privacy Policy

How TholaCash collects, uses, protects, and retains personal information in line with POPIA principles.

This is a template privacy policy for a loan application website. You should have a legal/compliance professional review it to ensure POPIA compliance for your business and licensing requirements.

What information do we collect?

We collect information when you register, apply for a loan, contact us, or upload supporting documents.

  • Identity information (e.g., South African ID number)
  • Contact details (email, optional mobile number)
  • Loan application details (amount, next salary date, affordability details)
  • Banking details for disbursement and mandate/collections
  • Supporting documents (bank statements or payslips)
  • Consents for credit checks and mandate authorisation

What do we use your information for?

  • To process and assess your loan application (including affordability checks)
  • To verify identity, prevent fraud, and protect customers
  • To communicate with you about your application (email and/or SMS if provided)
  • To meet legal and regulatory obligations
  • To improve our services and customer support

Consent for credit checks and mandate authorisation

We request your consent to perform credit checks and verification steps needed for eligibility and affordability decisions. Where applicable, mandate/authorisation mechanisms (such as DebiCheck) may be used to support collections.

Note: This demo project includes simulated credit scoring and DebiCheck logic. Production deployments must integrate accredited providers and comply with all applicable laws and industry rules.

How do we protect your information?

We use security controls designed to protect personal information against loss, misuse, unauthorised access, or disclosure:

  • Encryption at rest for sensitive fields stored in the database
  • Access control (admin access should be limited to authorised staff)
  • Secure configuration (HTTPS, secure cookies, and security headers in production)
  • Operational controls (strong passwords, auditing, and staff confidentiality practices)

Retention

We keep personal information only as long as necessary for the purpose it was collected, and in line with legal requirements. This project includes a configurable retention period and an automated purge process.

  • Retention period is controlled by RETENTION_DAYS in settings
  • Purge command: python manage.py purge_expired_data

Retention obligations may vary depending on disputes, audits, and sector rules — obtain legal/compliance review.

Do we use cookies?

Yes. Cookies help the site function, keep you logged in, and improve your experience.

  • Session cookies for authentication and form flows
  • Security cookies to protect against misuse
  • Basic analytics (if enabled) to improve performance and usability

Do we share information with third parties?

We do not sell your personal information. We may share information with trusted service providers who help us operate the website (e.g., hosting, email/SMS, verification), under confidentiality and security obligations.

We may also disclose information when required by law or to protect rights, property, or safety.

Your rights (POPIA)

Depending on circumstances, you may have rights to:

  • Request access to your personal information
  • Request corrections to inaccurate information
  • Withdraw consent (where processing is based on consent)
  • Object to processing in certain cases
  • Request deletion where legally permitted

Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date.

Contact us

Phone: 069 037 2796

For privacy requests, please contact us via the Contact page or the number above.

Apply Now