Profesaas Privacy Policy

Profesaas is a product of Datanet Solutions (Pty) Ltd. :contentReference[oaicite:5]{index=5}
Address: Techno Square, 42 Morningside Street, Pinelands, Cape Town, 7405 :contentReference[oaicite:6]{index=6}

1. Introduction & Scope

We are committed to protecting your privacy and ensuring transparency about how we collect, use, and share your personal information. This Privacy Policy applies to all Profesaas services—including our web portal, APIs, and mobile applications—and any features that integrate with Profesaas (e.g., document search, live chat, AI modules, and analytics dashboards) :contentReference[oaicite:7]{index=7}.

Profesaas operates as a multi-tenant architecture: a central (public) schema holds shared data (e.g., user accounts, billing, authentication), and separate tenant schemas store organization-specific data.

2. Definitions
  • Account: Your Profesaas login credentials (email, password), profile details, and associated settings.
  • Aggregate/Anonymous Data: Data stripped of personal identifiers and combined into statistical summaries for analytics.
  • Allied Entities: Profesaas, its parent company (Datanet Solutions (Pty) Ltd.), subsidiaries, and affiliates processing data.
  • Personal Data: Information relating to an identified or identifiable individual (e.g., name, email, IP address).
  • Processing: Any operation performed on Personal Data (collection, storage, deletion, etc.).
  • Profesaas Platform/Services: Our SaaS product, including its web interface, APIs, modules, and functionality (AI search, live chat, analytics, email notifications, customization tools).
  • Tenant: An organization or entity with its own isolated data schema within Profesaas.
  • Website: Any web property under Profesaas’s control (e.g., www.profesaas.com).
3. Data We Collect
3.1 Personal Data Provided Directly by You:
  • Account Registration: When you sign up for a Profesaas Account (as a super-admin, tenant admin, or end user), we collect your name, email address, password (hashed), organization name (for tenant creation), billing details (e.g., payment method, billing address), and optional profile info (e.g., avatar).
  • Tenant Configuration: Tenant administrators may provide domain/subdomain, theme colors, logos, and user role assignments (e.g., Admin, Staff, Donor, Recipient).
  • Form Submissions: Data entered via forms—contact forms, support tickets, surveys, AI feedback—may include Personal Data.
  • Communications: If you email or chat with us (e.g., support requests), we collect any Personal Data included in those communications.
3.2 Usage Data and Technical Data:
  • Log Data: Our servers record technical details: IP address, browser type/version, OS, pages visited, timestamps, and referring URLs.
  • Feature Usage: We track platform navigation (e.g., which analytics dashboards you view, frequency of AI-powered searches, modules accessed) to improve performance and customize features.
  • Crash Reports/Errors: You may share diagnostic info (stack traces, environment details) to help us resolve issues.
3.3 Data from Third Parties:
  • Authentication Providers: If you use single sign-on (SSO) or social login (e.g., Google, Microsoft Azure AD), we receive basic profile info (name, email, avatar).
  • Payment Processors: We rely on third-party providers (e.g., Stripe, PayPal). We only receive transaction status, last four card digits (where applicable), and billing address; full payment details are not stored on our servers.
  • Analytics and Marketing: We use Google Analytics (or similar) to collect Aggregate/Anonymous Data on site performance and user engagement (bounce rates, session durations).
3.4 Cookies and Tracking Technologies:
  • Session Cookies: Maintain logged-in state and secure sessions.
  • Preference Cookies: Remember UI settings (e.g., dark mode, language preference) across sessions.
  • Analytics Cookies: Anonymized tracking of user behavior on our website (e.g., Google Analytics cookies).
  • Third-Party Cookies: Used by chat widgets or marketing platforms to deliver targeted content or support features.
  • Cookie Management: Manage preferences via browser settings or our “Cookie Settings” panel.
3.5 Chat and AI Data:
  • Live Chat Transcripts: Stored for support quality and AI agent training.
  • AI-Powered Search Queries: Logged (with anonymization) to refine search algorithms; raw Personal Data is never stored long-term.
3.6 Analytics Data:
  • Dashboard Usage: Charts viewed, filters applied, data export requests, and time ranges selected.
  • Aggregate Tenant Metrics: Counts of users, activity rates, feature adoption—always pseudonymized or aggregated to prevent identification without consent.
4. How We Use Your Data
4.1 Providing Core Services:
  • Account Management: Authenticate and authorize access to Profesaas; manage account settings, passwords, and security features (MFA, password resets) :contentReference[oaicite:8]{index=8}.
  • Tenant Provisioning: Create and configure tenant schemas, assign roles, and enable isolated customization (logos, subdomains).
  • Payment and Billing: Process subscription payments, issue invoices, send reminders, handle refunds/disputes through payment partners.
4.2 Communication and Notifications:
  • Transactional Emails: Account notifications (welcome emails, password resets, payment receipts) and system alerts (maintenance windows).
  • Marketing Communications: With consent, newsletters, feature announcements, and promotional content—opt out anytime via unsubscribe links or account settings.
4.3 Service Improvement & Analytics:
  • Product Development: Aggregate usage data to identify feature adoption, performance bottlenecks, and improvement areas.
  • AI Model Training: Use anonymized/pseudonymized search queries and chat logs to refine AI search and chatbot features—raw Personal Data is never used without explicit consent.
  • Support and Troubleshooting: Analyze logs/diagnostics to resolve bugs, security vulnerabilities, or performance issues.
4.4 Security and Fraud Prevention:
  • Monitoring and Auditing: Automated tools and manual reviews to detect anomalous activity (multiple failed logins, unauthorized schema access) :contentReference[oaicite:9]{index=9}.
  • Risk Management: IP addresses and usage patterns to identify fraud, secure tenant boundaries, and maintain data integrity.
4.5 Legal Obligations:
  • Compliance: Respond to subpoenas, court orders, or regulatory requirements (data retention directives, tax audits).
  • Dispute Resolution: Defend our rights and customers’ rights in alleged misconduct or breach-of-terms cases.
5. Sharing and Disclosure of Data
5.1 Internal Sharing within Datanet Solutions Entities:

Data necessary to fulfill these purposes may be shared across Datanet Solutions (Pty) Ltd.’s corporate family (centralized billing, security oversight, product development), each bound by this Privacy Policy and applicable data protection laws.

5.2 Third-Party Service Providers:
  • Hosting and Infrastructure: Cloud providers (AWS, Azure) host databases, application servers, storage; data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
  • Payment Processing: Gateways (Stripe, PayPal) process transactions; we do not store full payment card details.
  • Email Delivery: SMTP providers (SendGrid, Mailgun) send transactional and marketing emails.
  • Analytics and Monitoring: Tools (Google Analytics, Sentry) collect anonymized usage data.
  • AI Services: AI model providers (OpenAI for language models); any data sent is pseudonymized/stripped of sensitive identifiers when possible, governed by Data Processing Agreements (DPAs).
5.3 Legal Requirements and Law Enforcement:

We may disclose Personal Data if required by law (court orders, subpoenas) or to protect Datanet Solutions’s or others’ rights, property, or safety; notice is provided unless prohibited by law.

5.4 Business Transfers:

If Profesaas or Datanet Solutions (Pty) Ltd. undergoes a merger, acquisition, bankruptcy, or sale of assets, Personal Data may transfer to a successor entity. We will notify users of material changes in ownership and any choices regarding their data.

6. Data Retention
  • Account Data: Retained while your Account is active and for up to 7 years after deactivation to comply with legal/billing obligations :contentReference[oaicite:10]{index=10}.
  • Tenant Data: Organization data (user-generated content, documents, analytics) retained until account cancellation; archived for 30 days post-cancellation, then purged unless legally required.
  • Analytics and Logs: Usage logs retained for 12 months, then anonymized and aggregated for trend analysis or deleted.
  • Chat Transcripts: Support chat logs retained for 24 months unless requested earlier deletion; AI search queries anonymized immediately, raw logs deleted after 90 days.
  • Billing Records: Invoices, receipts, payment transaction logs retained for at least 7 years for financial compliance.
7. Data Security
  • Encryption: All data in transit secured via TLS 1.2+; sensitive data (tokens, credentials) encrypted at rest using AES-256.
  • Access Controls: Role-based access control (RBAC) limits database and application access to authorized personnel; strict tenant isolation prevents cross-tenant data access.
  • Network Security: Firewalls, intrusion detection/prevention systems, and regular vulnerability assessments safeguard our infrastructure.
  • Development Practices: Secure coding (OWASP Top 10 mitigation), code reviews, automated security scanning in CI/CD pipelines.
  • Incident Response: Documented incident response plan for timely detection, containment, and notification of data breaches; aim to notify affected parties within 72 hours of confirming a breach :contentReference[oaicite:11]{index=11}.
  • Certifications & Audits: ISO 27001 certification (or equivalent) for hosting providers; annual third-party security audits and penetration tests.
8. International Data Transfers
  • Datanet Solutions (Pty) Ltd. is headquartered in South Africa (Johannesburg) and uses data centers in multiple regions (EU, US). When transferring Personal Data across borders, we rely on:
    • GDPR Adequacy Decisions: Transfers from the EU to our South African or U.S. facilities are covered by relevant adequacy mechanisms (e.g., EU–South Africa Data Protection Agreement).
    • Standard Contractual Clauses (SCCs): For transfers not covered by adequacy, we use EU-approved SCCs or equivalent legal safeguards.
    • Local Laws Compliance: We comply with South Africa’s Protection of Personal Information Act (POPIA) for lawful processing and cross-border safeguards.
9. Your Rights and Choices
  • 9.1 Access, Rectification, Erasure:
    • Access: Request a copy of your Personal Data that we hold.
    • Rectify: Correct inaccurate or incomplete data (update your profile or contact support).
    • Erase (“Right to be Forgotten”): Under certain circumstances, request deletion of your Personal Data; does not apply to data retained for legal reasons (e.g., billing records).
  • 9.2 Data Portability: Request a machine-readable copy of Personal Data you provided (CSV, JSON) when feasible.
  • 9.3 Objection & Restriction: Object to or request restrictions on processing (e.g., marketing, profiling); we comply unless compelling legitimate grounds exist.
  • 9.4 Marketing Communications: Opt out of promotional emails/newsletters anytime via “Unsubscribe” or account settings; we still send service-related/transactional emails.
  • 9.5 Cookie Settings: Manage cookies via browser settings; see our Cookie Policy for details.
10. Specific Jurisdictional Disclosures
10.1 European Union (EU) / United Kingdom (UK):
  • Legal Basis: Processing based on contractual necessity (performance of a contract), consent (optional features), legitimate interests (security, fraud prevention), and compliance with legal obligations.
  • Data Protection Officer (DPO): For EU/UK residents, DPO at dpo@profesaas.com.
  • Data Subject Rights: GDPR rights (restriction, lodge complaint with supervisory authority).
10.2 South Africa (POPIA):
  • Responsible Party: Datanet Solutions (Pty) Ltd., Johannesburg, South Africa. Contact: dpo@profesaas.com.
  • Processing Conditions: Data processed according to POPIA principles—lawfulness, minimality, purpose limitation, security safeguards.
  • Information Officer: IO at io@profesaas.com for POPIA inquiries.
10.3 California (CCPA/CPRA):
  • Consumer Rights: Right to know categories of Personal Data collected, request deletion (unless exception applies), opt out of selling/sharing (we do not sell).
  • Do Not Sell or Share: Profesaas does not sell or share Personal Data.
  • Contact: For California inquiries, email privacy@profesaas.com.
10.4 Other Jurisdictions:

We comply with applicable local privacy laws (e.g., Canada’s PIPEDA, Australia’s Privacy Act). If you reside elsewhere, you may exercise rights similar to those described; please contact privacy@profesaas.com.

11. Children’s Privacy

Profesaas does not knowingly collect or process personal information from children under 13 years of age. If we learn we have inadvertently collected data from a child under 13, we will delete it promptly. If you believe a child’s data was provided without parental consent, contact privacy@profesaas.com.

12. Changes to This Policy

We may update this Privacy Policy as our services evolve or laws change. “Last Updated” at the top reflects the most recent revision. We encourage periodic review. If we make material changes, we will notify you (e.g., via email or prominent notice on our Website) before they take effect :contentReference[oaicite:12]{index=12}.

13. Contact Information

For any unresolved complaints, you may lodge a complaint with your local data protection authority or supervisory body.

Profesaas is dedicated to empowering nonprofits, foundations, and social enterprises with technology that amplifies their impact. Our comprehensive platform streamlines operations, enhances collaboration, and helps mission-driven organizations create meaningful change.

Join the growing community of organizations using our platform to do good, better.

FEATURES
INFO
CONTACT
Copyright © Profesaas. Designed with by Datanet Solutions (Pty) Ltd All rights reserved