Privacy Policy
Last updated: 14 April 2026 · Version 1.0 (beta) · POPIA-aligned
This policy explains what personal information Tau Kgosi Capital collects, why we collect it, how we protect it, and your rights under South Africa's Protection of Personal Information Act (POPIA).
1. Responsible party
[COMPANY LEGAL NAME], trading as "Tau Kgosi Capital", is the responsible party (controller) for your personal information under POPIA. Information Officer: [INFORMATION OFFICER NAME, role], contact privacy@taukgosicapital.co.za.
2. Personal information we collect
| Category | Examples | Purpose |
|---|
| Account | Email, name, password hash | Authentication, service delivery |
| Brokerage | MT5 account number, broker, server, encrypted credentials, balance, trade history | Trade execution, performance reporting |
| Telegram | Your Telegram chat ID (if you link it via /verify) | Sending trade notifications |
| Technical | IP address, browser session, login attempts, admin actions | Security, fraud prevention, audit |
| Communications | Emails you send us, support tickets | Responding to your requests |
3. Lawful basis for processing (POPIA § 11)
- Contract performance — we need your account info to provide the Service you signed up for.
- Your consent — for Telegram linkage and any marketing (which you can withdraw at any time).
- Legitimate interest — for security logging, fraud prevention, and audit of admin actions.
- Legal obligation — where required by law (e.g. retention of financial records).
4. How we protect your information
- All traffic encrypted via HTTPS (TLS) with certificates from Let's Encrypt.
- Passwords stored as SHA-256 hashes (never plaintext).
- MT5 credentials encrypted at rest.
- Admin panel access restricted to authorized staff with audit logging of every action.
- Server located in a secured data centre with operating-system-level access controls.
No system is perfectly secure. If a data breach affecting your personal information occurs, we will notify you and the Information Regulator without undue delay as required by POPIA § 22.
5. Third parties we share with
- Your MT5 broker — to place and manage trades on your account. We do not share your brokerage data with anyone else.
- Telegram (Telegram FZ-LLC, Dubai) — if you link your Telegram chat, we send trade notification messages through the Telegram Bot API. Their privacy policy applies.
- Email delivery provider — for transactional email (registration, password reset). Currently: Gmail SMTP (Google LLC).
- Infrastructure — our server is hosted with [HOSTING PROVIDER].
We do not sell your personal information. We do not use your data for advertising.
6. International transfers
Some of our processors are located outside South Africa (e.g. Telegram in the UAE, Google in the United States). Where this happens, we ensure the receiving party provides an adequate level of protection, or we rely on your consent or contractual necessity as permitted by POPIA § 72.
7. Retention
- Account data: kept while your account is active, plus 5 years after closure (SA financial record-keeping norms).
- Trade history: retained for audit and regulatory purposes as required by applicable law.
- Server logs and login attempts: 90 days.
- Admin audit log: 7 years (internal governance).
8. Your rights under POPIA
You have the right to:
- Access — request a copy of the personal information we hold about you;
- Correction — ask us to correct information that is inaccurate or incomplete;
- Deletion — ask us to delete your information, subject to legal retention obligations;
- Objection — object to processing based on legitimate interest;
- Withdraw consent — at any time, without affecting lawfulness of prior processing;
- Lodge a complaint — with the Information Regulator of South Africa (inforegulator.org.za).
To exercise any of these rights, email privacy@taukgosicapital.co.za. We will respond within 30 days.
9. Cookies and sessions
We use a single session cookie (session) to keep you logged in. It is HTTP-only, HTTPS-only, and expires when you log out or close your browser. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.
10. Children
The Service is not directed to persons under 18. We do not knowingly collect information from minors. If you become aware a minor has provided us information, contact us and we will delete it.
11. Account closure
When you close your account, we delete your MT5 credentials immediately and your Telegram linkage. Remaining account and trade data is retained per section 7 and then deleted.
12. Changes to this policy
We will post changes at this URL with a revised "Last updated" date. Material changes will be notified by email.
13. Contact
Information Officer: [NAME] — privacy@taukgosicapital.co.za