Privacy Policy

POPIA Compliance: Protecting our users' personal information is of paramount importance. The ICBS platform fully complies with the Protection of Personal Information Act, 2013 (POPIA), which is South Africa's comprehensive data privacy law governing how personal data may be collected, used, stored, and shared. In accordance with POPIA and global best practices, we collect personal information only for specific, defined purposes related to the functioning of the platform, and we process it lawfully and transparently. We do not sell or disclose personal information to third parties for unrelated purposes, and we implement strong safeguards to keep user data confidential and secure. All users have the rights afforded by POPIA, including the right to access their personal data we hold, and to request correction or deletion of any incorrect or irrelevant information. Data Collection and Use: When you register or use the ICBS platform, we will collect certain personal details from you and your group members. This information can include identifying details such as full name, South African ID number or passport number, contact information such as physical address, email address, and phone number, and financial information such as banking account details for linking to the platform, or payment card details if making purchases. We collect your ID number and other identity documents to verify your identity and eligibility, ensuring that each individual is uniquely identified on the platform and is linked to their correct group. Contact information is used for communication, account verification, and sending transaction notifications or statements. Banking information is used to facilitate deposits into the group funds or withdrawals and payouts to members' wallets, as well as to process voucher purchases or other financial transactions you initiate.

All personal data is collected directly from you or your authorized group representative, and only with your knowledge and consent. We limit the use of your personal information to what is needed for operating the ICBS services such as managing your membership in groups, processing your contributions and benefits, enabling payments to merchants, and complying with legal obligations such as financial record-keeping and anti-fraud requirements. Data Storage and Security: ICBS employs industry-standard security measures to protect personal information. Data you provide is stored securely on our systems, which are protected by encryption, firewalls, and access controls. Sensitive financial information, such as credit and debit card details, is not stored on our servers; whenever you make a card payment, those details are processed securely by our accredited payment gateway provider which is PCI-DSS compliant and are not retained by ICBS beyond the transaction. We only store tokens or references needed to complete transactions or to comply with audit requirements, but not the card numbers or CVV codes themselves. Banking account details for EFT transfers or debit orders are stored in an encrypted form and are used strictly for facilitating the transactions you authorize. Access to any personal data is restricted on a need-to-know basis within our organization: only authorized personnel or systems that require your information to serve you can access it, and even then, only the minimum necessary data is revealed. We also employ continuous monitoring to detect and prevent any unauthorized access. In the unlikely event of a data breach that compromises personal information, ICBS will follow POPIA's guidelines for breach notification, including informing affected users and the Information Regulator as required, and will take immediate steps to secure the data and prevent further access. Group and Shield Data Governance: A unique aspect of ICBS is that much of the financial activity happens within member-governed groups. Each Common Bond Group and each Shield on the platform may collect or generate data about its members such as contribution records, benefit claims, or member lists. ICBS requires each group to uphold basic privacy principles for any internal use of member data. Group administrators are expected to treat members' personal details with confidentiality and to use them only for legitimate group purposes.

The platform provides tools for groups to manage their own data governance. By default, personal identifying information such as ID numbers or exact birth dates are not exposed to general group members; they are only used in the backend for verification and eligibility such as checking age for certain benefits and are visible only to the member themselves and authorized admins or officials who require it. Each Shield might also have specific data needs to record beneficiary names and relationship to the member. Such information is shared within the group only to the extent necessary and must be handled according to that group's agreed privacy norms. Every access or change to group data on the platform is logged, creating an audit trail that group members and platform auditors can review if needed. This ensures that any misuse of personal data within a group such as an admin viewing or downloading data without permission can be traced and addressed. In summary, while ICBS provides the technical infrastructure and enforces overall compliance with POPIA, each group carries the responsibility to respect and protect the privacy of its members in daily operations, and the platform is designed to support them in doing so. Auditable and Permission-Based Access: The ICBS platform is built to ensure transparency with accountability. All user actions and financial transactions on the platform are auditable: every contribution, withdrawal, vote, or benefit payout is recorded with a timestamp and the user and group associated. Users with the appropriate permissions can view transaction histories to verify that funds are handled properly. At the same time, the system is permission-based, meaning no user can access data or perform actions beyond what their role allows. For instance, a regular group member can see the contributions and balance of their own group's Shields, but cannot see the detailed personal information of another group's members; a group administrator can see who has contributed and request payouts, but cannot access other groups' data. The platform's architecture mirrors real-world social trust boundaries: data is segmented by group, and roles within each group determine access levels. This ensures that personal information and group financial data are only accessible to the right people. Even within a group, sensitive actions such as approving a large expense or adding a new member may require consensus or multiple approvals as set by the group's governance rules, adding another layer of control. ICBS's commitment to privacy and security means that users remain in control of their data: you can update your personal details in your profile, you can see records of your own transactions, and you can trust that other users cannot access your information unless you have given permission through group settings or platform features. We also regularly review our privacy practices and security protocols to adapt to new threats or regulatory changes, and we provide ongoing training to our staff and guidance to group leaders about data protection. By using ICBS, you acknowledge and consent to this collection and use of personal data as described, and we in turn commit to protecting your information with the utmost care in line with POPIA and international best practices. For any questions or concerns about privacy on the ICBS platform, or to exercise your rights under POPIA, please contact our Information Officer at info@impact-digital.co.za or via the customer service contact details below. We are here to help and value the trust you place in us as custodians of your personal information.