Privacy Policy
AI Integrity Certification (Pty) Ltd is committed to the responsible, transparent, and lawful handling of personal information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA).
Last Updated: April 2026
Transparency
We clearly disclose what data we collect, why we collect it, and how it is used — before we collect it.
Security
All data is stored in encrypted environments with strict role-based access controls and regular security reviews.
Your Rights
You have the right to access, correct, delete, and object to the processing of your personal information at any time.
1. Who We Are
AI Integrity Certification (Pty) Ltd (“AIC”, “we”, “us”) is a South African company providing AI governance certification services. We operate as a certification body and are the responsible party for personal information collected through this website and our certification platform.
Our Information Officer is responsible for ensuring compliance with POPIA and can be contacted at the details in Section 11 of this policy.
2. What Personal Information We Collect
We collect only the minimum personal information necessary to deliver our services. This includes:
Identity information: Name, job title, and professional credentials of Accountable Persons and certification contacts.
Contact information: Work email addresses and telephone numbers used for certification correspondence.
Organisational information: Business name, registration number, sector, and address of applicant organisations.
Audit evidence: Governance documents, policy records, decision logs, and bias assessment data submitted for certification review.
Practitioner data: Education records, CPD logs, examination results, and competency evidence for CAAP candidates.
Website usage data: Anonymised analytics data (page visits, session duration) collected via Vercel Analytics. No personal identifiers are stored.
We do not collect special categories of personal information (race, health, religion, political views, biometric data) unless it is directly relevant to a bias audit and you have provided explicit written consent.
3. Why We Collect It — Lawful Basis
We process personal information on the following lawful bases under POPIA:
Performance of a contract
To execute certification assessments, issue certificates, and maintain the public registry as agreed in the Assessment Agreement.
Legitimate interest
To improve our services, detect fraud, and ensure the integrity of the certification process.
Legal obligation
To maintain records required by POPIA, the Companies Act, and our accreditation obligations.
Consent
For marketing communications, newsletter subscriptions, and any processing not covered above. You may withdraw consent at any time.
4. Audit Evidence and Confidentiality
Audit evidence submitted through the Governance Platform is processed exclusively for the purpose of the certification assessment. AIC does not:
Use client audit data to train, fine-tune, or benchmark AI models.
Share audit evidence with other certified or applicant organisations.
Disclose the content of governance documents to third parties without written consent, except where required by law or accreditation oversight.
Retain audit evidence beyond the defined retention period (see Section 6).
5. Who We Share Information With
We do not sell personal information. We share it only in the following circumstances:
Accreditation bodies
SANAS and equivalent bodies may review our assessment records as part of accreditation oversight. They are bound by confidentiality obligations.
Auditors and assessors
Independent auditors assigned to an assessment receive only the information necessary to conduct that assessment.
Infrastructure providers
Cloud hosting and analytics providers (operating under data processing agreements) may process data on our behalf. They are contractually prohibited from using it for their own purposes.
Legal and regulatory authorities
Where required by South African law, court order, or the Information Regulator.
Public registry
The organisation name, certification tier, Integrity Score, and certificate number are published on the public registry at aiccertified.cloud/registry. No personal information is published without consent.
6. How Long We Keep Your Information
| Data Category | Retention Period |
|---|---|
| Certification records and audit evidence | Duration of certification + 5 years |
| Accountable Person declarations | Duration of certification + 5 years |
| Practitioner examination records | Duration of credential + 7 years |
| CPD logs | 7 years from the relevant CPD cycle |
| Website enquiry data | 24 months from last contact |
| Marketing consent records | Until consent is withdrawn, then 2 years |
| Financial/invoicing records | 5 years (Companies Act requirement) |
At the end of a retention period, data is securely deleted or anonymised. You may request early deletion subject to our legal obligations (see Section 7).
7. Your Rights Under POPIA
As a data subject under POPIA, you have the following rights. To exercise any of them, contact our Information Officer (Section 11) with proof of identity.
Right to Access
Request a copy of the personal information we hold about you.
Right to Correction
Request correction of inaccurate or incomplete information.
Right to Deletion
Request deletion of your information where we no longer have a lawful basis to hold it.
Right to Object
Object to processing based on legitimate interest, including direct marketing.
Right to Restrict Processing
Request that we limit how we use your data while a dispute is resolved.
Right to Complain
Lodge a complaint with the Information Regulator of South Africa if you believe we have violated POPIA.
Information Regulator: complaints can be lodged at inforegulator.org.za. We will respond to all requests within 30 days.
8. Automated Decision-Making
AIC uses automated tools to generate preliminary Integrity Scores and flag potential compliance gaps during an assessment. These outputs are advisory only — no certification decision is made without a qualified human auditor reviewing and approving the result. This is consistent with POPIA Section 71 and with the principles of the AIC Declaration of Algorithmic Rights.
9. Cookies and Analytics
This website uses Vercel Analytics to collect anonymised, aggregated usage data (page views, referral sources, device type). No personal identifiers are stored. No third-party advertising or tracking cookies are set. You can disable JavaScript in your browser to opt out of analytics entirely, though this may affect site functionality.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be communicated via email to registered platform users and noted at the top of this page. Continued use of our services after the effective date of a change constitutes acceptance of the revised policy.
11. Contact Our Information Officer
Information Officer
Zander Wilken
AI Integrity Certification (Pty) Ltd
South Africa
zander@ztoaholdings.comAll POPIA requests will be acknowledged within 5 business days and responded to within 30 calendar days.