POPIA-compliant
by design.
All personal data processed by Arkhive — including biometric identifiers and banking credentials — is handled under the Protection of Personal Information Act (POPIA, Act 4 of 2013). Encrypted in transit and at rest, retained only as long as the law requires.
What we hold, why we hold it, and how long.
What we collect
Government-issued ID, facial biometric template, banking credentials, transaction history, contact details. The minimum required to verify and pay you.
How we use it
Identity verification (KYC/AML), payment release, regulatory reporting, fraud prevention, and platform improvement. Never sold or rented.
How it's secured
AES-256 encryption at rest, TLS 1.3 in transit. Biometric templates stored as one-way hashes — the original face image is never retained.
How long we keep it
Five years post-account-closure (FICA requirement), then permanently purged from primary and backup systems within 90 days.
You own your data. Always.
Access
Request a complete export of every record we hold on you. Delivered as a structured archive within 30 calendar days.
Correction
Inaccurate records can be amended on request. Material corrections (e.g. name, ID) require supporting documentation under FICA.
Deletion
Request erasure once the regulatory retention period has elapsed. Active accounts cannot be deleted while open transactions exist.
Objection & Portability
Object to specific processing or request your data in a portable, machine-readable format for transfer to another provider.
Lodge a query or complaint.
Arkhive's appointed Information Officer reviews every POPIA request and complaint within 5 business days. Escalations may be raised with the Information Regulator of South Africa.