This Privacy Policy explains how Krated, operated by Simple Fintech (Pty) Ltd, collects, uses, and protects your personal information when you use our Service at krated.com.

1. Purpose and legal framework

1.1

This policy describes the types of information we collect, why we collect it, how we use and share it, and the choices available to you.

1.2

We comply with the Protection of Personal Information Act, 2013 (POPIA) and other applicable data protection laws, including the EU General Data Protection Regulation (GDPR) where relevant.

2. Who is responsible for your information

2.1

Simple Fintech (Pty) Ltd is the responsible party (data controller) for personal information processed through Krated.

2.2

Krated is a product and trading name of Simple Fintech (Pty) Ltd, a company registered in South Africa.

3. What we collect

3.1 Information you provide

When you create an Account, contact support, or subscribe to a plan, we collect information such as your name, email address, company name, phone number, and billing details.

3.2 Customer Data you upload

Through your use of the Service, you may upload business and operational data including: orders, inventory records, delivery information, product catalogues, customer lists, and pricing data. You control what Customer Data you provide, and you are responsible for ensuring you have the right to share it.

3.3 Usage and device data

We automatically collect information about how you interact with the Service, including: pages visited, features used, browser type, device information, IP address, and approximate location (derived from IP).

3.4 Cookies and similar technologies

We use cookies and similar technologies to maintain your session, remember your preferences, and understand how the Service is used. See Section 10 for more detail.

3.5 Special personal information

We do not intentionally collect special categories of personal information (such as health, biometric, or genetic data). If you include such information in your Customer Data, you do so at your own risk and responsibility.

3.6 Children

The Service is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us at support@krated.com and we will delete it.

4. How we use your information

We use your information to:

  • Provide, maintain, and improve the Service.
  • Process transactions and send related notices.
  • Respond to your requests, comments, and support inquiries.
  • Monitor usage patterns and analyse trends to improve the user experience.
  • Detect, prevent, and address technical issues and security threats.
  • Comply with legal obligations.

5. Lawful bases for processing

We process your personal information on the following bases:

  • Contract: Processing necessary to perform our agreement with you.
  • Legitimate interest: Processing for our legitimate business interests, such as improving the Service and preventing fraud, where those interests are not overridden by your rights.
  • Consent: Where you have given us specific consent (for example, for marketing communications). You may withdraw consent at any time.
  • Legal obligation: Processing required to comply with applicable law.

6. How we share your information

6.1 Service providers

We share information with third-party service providers who assist in operating the Service. These include:

  • Paddle.com — payment processing and billing (as Merchant of Record).
  • Cloud hosting providers — infrastructure and data storage.
  • Analytics providers — usage tracking and performance monitoring.
  • AI providers (such as OpenAI) — powering AI features within the Service.
  • Communication providers — email and messaging services.

These providers are contractually bound to use your information only for the purposes of providing their services to us and in accordance with applicable data protection laws.

6.2 Legal disclosure

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6.3 Business transfers

If Simple Fintech (Pty) Ltd is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

7. AI processing

7.1

When you use AI-powered features in Krated, relevant portions of your data may be transmitted to third-party AI providers (such as OpenAI) for processing.

7.2

We only send the minimum data necessary to deliver the requested AI feature. We do not permit AI providers to use your data for training their models.

7.3

AI providers may retain data temporarily for operational purposes (such as abuse monitoring) in accordance with their own data processing agreements.

8. Security

8.1

We implement reasonable technical and organisational measures to protect your information against unauthorised access, alteration, disclosure, or destruction.

8.2

Data is encrypted in transit using TLS and at rest using industry-standard encryption.

8.3

No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

9. Retention

9.1

We retain your personal information for as long as your Account is active or as needed to provide the Service.

9.2

Following Account termination, we delete your Customer Data within 30 days unless retention is required by law.

9.3

Aggregated, anonymised data that cannot identify you may be retained indefinitely for analytical purposes.

10. Cookies and analytics

We use cookies to maintain sessions, remember preferences, and collect usage statistics. We use analytics tools (such as Google Analytics) to understand how visitors interact with the Service.

You can control cookie settings through your browser. Disabling certain cookies may affect the functionality of the Service.

11. International transfers

Your information may be processed in countries other than the one in which you reside, including countries that may have different data protection laws. Where we transfer information internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

12. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your personal information (subject to legal obligations).
  • Restrict or object to certain types of processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.

13. How to exercise your rights

To exercise any of the rights above, contact us at support@krated.com. We will respond within a reasonable timeframe and in accordance with applicable law.

If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In South Africa, this is the Information Regulator (inforegulator.org.za).

14. Third-party links and integrations

The Service may contain links to or integrations with third-party websites and services. We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with your information.

15. Contact

For questions about this Privacy Policy or how we handle your information, contact us at support@krated.com.