1. Introduction
This policy explains how Ruka collects, uses, stores, shares, and protects personal information when visiting the website, using software, or engaging with services. The policy applies to all Ruka products including SmartChat, SmartBook, SmartTrack, SmartNudge, SmartHealth, and future tools.
2. Purpose of This Policy
Ruka respects privacy and complies with:
- The Protection of Personal Information Act, 2013 (POPIA) of South Africa
- The General Data Protection Regulation (GDPR) where applicable
3. Information We Collect
3.1 Information You Provide Directly
- Full name, company name, job title, contact information
- Billing and payment details
- Account registration information
- Support request and consultation information
- Uploaded content (files, chat messages, contact data)
3.2 Information Collected Automatically
- IP address and geolocation data
- Browser type, device information, operating system
- Usage data, interaction logs, performance metrics
- Access times, login events, referral sources
3.3 Information from Third-Party Sources
Data may come through integrations with WhatsApp, Meta, Google, OpenAI, or connected systems. These sources have their own privacy policies.
4. How We Use Your Information
Data processing serves legitimate purposes including:
- Delivering and maintaining services
- Authenticating and managing accounts
- Processing payments and invoicing
- Providing customer support
- Sending service notifications and updates
- Improving system performance and functionality
- Conducting analytics and research
- Complying with laws and preventing fraud
- Sending marketing materials with consent
We do not use your personal data for automated decision-making that produces legal or similarly significant effects.
5. Legal Basis for Processing (GDPR)
Processing occurs under:
- Performance of contract (service delivery)
- Compliance with legal obligations
- Legitimate interests (system improvement and security)
- Consent (marketing or optional collection)
6. How We Store and Protect Information
Security measures include:
- Secure cloud infrastructure (Google Cloud Platform)
- Encryption in transit and at rest
- Firewalls and intrusion detection
- Role-based access control
- Regular security audits and penetration testing
- Data minimization and anonymization
While Ruka takes all reasonable precautions, no system is fully immune to unauthorized access.
7. Data Retention
Personal information is retained only as long as necessary for:
- Fulfilling policy purposes
- Complying with contractual or legal obligations
- Resolving disputes or enforcing agreements
Data is securely deleted or anonymized when no longer required.
8. Sharing and Disclosure of Information
Ruka does not sell or rent personal information. Limited sharing occurs with:
- Trusted service providers (cloud hosts, billing systems, communication platforms)
- Legal or regulatory authorities when required
- Third-party APIs or integrations users connect
- Business partners under non-disclosure and data processing agreements
All third parties contractually comply with POPIA and GDPR standards.
9. International Data Transfers
Data may be stored or processed outside South Africa in countries offering equivalent protection levels. Using the services constitutes consent to such transfers with appropriate safeguards.
10. Your Rights
Under POPIA and GDPR, users have rights to:
- Access personal information copies
- Request correction or deletion
- Withdraw consent
- Object to certain processing
- Request restriction or portability
Exercise rights by contacting legal@ruka.africa with identity verification.
11. Cookies and Tracking Technologies
Cookies improve user experience and track usage patterns. Browser settings allow management or disabling, though some features may not function properly without cookies.
12. Data Processed on Behalf of Clients
When clients collect data through Ruka services:
- Ruka acts as data processor; client remains controller
- Client is responsible for obtaining valid consent and lawful collection
- Ruka processes only as instructed, not for own purposes
13. Children's Privacy
Services are for business and professional use. Ruka does not knowingly collect information from individuals under 18. Contact legal@ruka.africa for deletion assistance if minors provided information.
14. AI Systems and Automation
Services like SmartChat and SmartTrack use artificial intelligence for responses, analytics, and recommendations. AI-generated outputs should not be treated as factual or legally binding advice.
15. Marketing Communications
Service-related or promotional communications may be sent via email, SMS, or WhatsApp. Opt out anytime through unsubscribe instructions or direct contact. Transactional and security notifications continue as necessary.
16. Data Breach Notification
Upon a breach compromising personal information, Ruka will:
- Notify affected parties and authorities as legally required
- Take immediate containment and remedy steps
- Cooperate fully with investigations
17. Changes to This Privacy Policy
Updates may occur with material changes published on the website. Continued service use constitutes acceptance of the revised policy.
18. Contact Us
Legal Department – Ruka (Pty) Ltd
Email: legal@ruka.africa
Location: Johannesburg, South Africa
19. Complaints
For non-compliance concerns, lodge complaints with the Information Regulator of South Africa:
- Website: inforegulator.org.za
- Email: complaints.IR@justice.gov.za