Privacy Policy
Last updated: 13 March 2026
Key Wealth ("we", "our", "us") is a client relationship management platform built for South African financial advisory firms. This Privacy Policy explains how we collect, use, store, and protect personal information when you use the Key Wealth application ("the App").
This policy complies with the Protection of Personal Information Act 4 of 2013 (POPIA), the Financial Advisory and Intermediary Services Act (FAIS), the Financial Intelligence Centre Act (FICA), and Google Play Store requirements.
1. Information We Collect
1.1 Account & Authentication Data
- Email address and password (email/password sign-in)
- Google account details — name, email, profile photo (Google Sign-In)
- Phone number (phone number verification via SMS)
- Display name, profile image, assigned role
1.2 Client Personal Information
Financial advisors enter client data to manage advisory relationships. This may include:
- Identity: Full name, title, initials, South African ID number, passport number, date of birth, gender, nationality, marital status
- Contact: Email address, cell phone, home phone, business phone, WhatsApp number, fax number, physical address, postal address
- Employment: Employer, occupation, industry
- Financial: Monthly income, bank name, account number, account type, branch code, tax number
- Compliance (FICA/KYC): Source of funds, source of wealth, risk rating, politically exposed person (PEP) status, mandate date
1.3 Financial & Wealth Data
- Assets: Asset name, class, market value, purchase value, yield, outstanding debt, institution, account number
- Insurance Policies: Policy number, provider, type, premium amount, cover amount, inception/renewal/expiry dates, beneficiaries
- Wealth Entities: Trusts, companies, holdings — registration numbers, estimated values
- Financial Needs Analysis: Income, expenses, dependants, existing cover, retirement goals — used to calculate insurance and savings recommendations
1.4 Operational Data
- Communications (email, WhatsApp, SMS, phone call logs)
- Notes and activity records
- Tasks, reminders, and workflow progress
- Client relationships (spouse, child, business partner, etc.)
- Email templates with personalisation placeholders
1.5 Documents & Files
Users may upload documents including:
- ID documents, proof of address, proof of income
- Tax clearance certificates, bank statements
- FICA declarations, risk profile questionnaires
- Policy documents, signed agreements
Accepted file types: PDF, JPG, PNG, DOC, DOCX, XLS, XLSX. Maximum file size for AI categorisation: 4 MB.
1.6 Audit & Security Data
- All actions are logged in an immutable audit trail (who did what, when, to which record)
- Login/logout events, data changes, document uploads/deletes
2. How We Use Your Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| User authentication & access control | Email, password, phone, Google account | Contract performance |
| Client relationship management | Client personal, financial & contact data | Legitimate interest / contract |
| Regulatory compliance (FICA/FAIS) | ID, tax, PEP status, source of funds, compliance documents | Legal obligation |
| Financial needs analysis | Income, expenses, assets, dependants, goals | Contract / legitimate interest |
| Document management & expiry tracking | Uploaded files, document categories, expiry dates | Legal obligation / contract |
| AI-powered document categorisation | File name, file content (sent to Anthropic API) | Legitimate interest |
| AI-powered portfolio insights | Aggregated portfolio metrics (no individual client data) | Legitimate interest |
| Communications & notifications | Email, phone, message content | Contract performance |
| Audit trail & security | User actions, timestamps, affected records | Legal obligation / legitimate interest |
| Analytics & reporting | Aggregated, anonymised business metrics | Legitimate interest |
3. Third-Party Services
We use the following third-party services to operate the App:
| Service | Provider | Data Shared | Purpose |
|---|---|---|---|
| Firebase Authentication | Email, phone, OAuth tokens | User sign-in and identity | |
| Cloud Firestore | All application data | Primary database | |
| Firebase Storage | Uploaded documents and images | File storage | |
| Firebase Cloud Functions | Function inputs/outputs | Server-side processing | |
| Google Sign-In | Google account profile | OAuth authentication | |
| Anthropic AI API | Anthropic | Document content (for categorisation), aggregated portfolio metrics (for insights) | AI-powered features |
We do not sell, rent, or trade personal information to any third party. Data shared with third-party services is used solely to provide the described functionality.
4. Data Storage & Security
- Cloud storage: All data is stored in Google Firebase infrastructure with encryption at rest and in transit (TLS/HTTPS).
- Local storage: The App stores authentication session tokens locally. No personal data is persisted on-device.
- Access control: Role-based access control (RBAC) ensures users only see data relevant to their role (Owner, Branch Manager, Admin, Advisor, Client).
- Audit logging: All data access and modifications are recorded in an immutable audit trail.
- Firestore Security Rules: Server-side rules enforce access control at the database level.
5. Data Retention
- Client data: Retained for the duration of the advisory relationship and as required by FAIS record-keeping obligations (minimum 5 years after the relationship ends).
- FICA documents: Subject to category-based expiry (e.g., Proof of Address: 3 months, Tax Clearance: 12 months). Expired documents are flagged but not automatically deleted.
- Audit logs: Retained indefinitely for compliance and security purposes. Audit entries are immutable and cannot be modified or deleted.
- Account data: Retained until the account is deleted by an authorised administrator.
6. Your Rights (POPIA)
Under the Protection of Personal Information Act (POPIA), you have the right to:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete information.
- Deletion: Request deletion of your personal information, subject to regulatory retention requirements.
- Objection: Object to the processing of your personal information.
- Portability: Request your data in a structured, commonly used format.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact your financial advisor or the firm administrator. Requests will be processed within 30 days as required by POPIA.
7. Children's Privacy
The App is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. Dependant information (such as ages of children for financial needs analysis) is provided by the parent or guardian and is used solely for financial planning purposes.
8. Cookies & Tracking
The App does not use cookies for tracking or advertising purposes. Firebase may use technical cookies or local storage for authentication session management. We do not use any third-party analytics, advertising, or tracking SDKs.
9. Data Transfers
Data may be processed in Google Cloud regions outside South Africa (Firebase infrastructure). Data sent to Anthropic for AI features may be processed in the United States. All transfers are protected by appropriate security measures including encryption in transit.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through the App. The "Last updated" date at the top of this page indicates when this policy was last revised.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact:
- Email: admin@kwealth.co.za
- Information Officer: Frohan Landman — 2 Brill Street, Westdene, Bloemfontein, 9301 · 051 880 0111
12. Google Play Store Data Safety
In accordance with Google Play Store requirements, here is a summary of our data practices:
| Data Type | Collected | Shared | Purpose |
|---|---|---|---|
| Name | Yes | No | Account, app functionality |
| Email address | Yes | Limited | Authentication, communications |
| Phone number | Yes | No | Authentication, contact |
| ID numbers | Yes | No | Regulatory compliance (FICA) |
| Address | Yes | No | Client management |
| Financial information | Yes | No | Financial advisory services |
| Photos | Yes | No | Profile images |
| Files & documents | Yes | Limited | Document management, AI categorisation |
| App activity | Yes | No | Audit trail, security |
"Limited" sharing means data is shared only with service providers (Google Firebase, Anthropic) strictly for the purpose of delivering app functionality, not for advertising or marketing.
© 2026 Key Wealth (Pty) Ltd · FSP 49228 · ORG 4687