POPIA Compliance Statement

Last updated: 1 April 2026

1. Our Commitment to POPIA Compliance

Keovation Solutions (Pty) Ltd, the company behind OremAI, is fully committed to complying with the Protection of Personal Information Act, 2013 (Act 4 of 2013) (“POPIA”). As a digital reputation protection platform that processes personal information daily, we recognise the responsibility we bear in safeguarding our users' data.

POPIA compliance is not merely a legal obligation for us — it is a core principle embedded in the design and operation of OremAI. We process personal information lawfully, minimise the data we collect, and empower our users with full control over their own information.

2. Information Officer

In accordance with Section 55 of POPIA, we have appointed an Information Officer responsible for ensuring compliance:

  • Company: Keovation Solutions (Pty) Ltd
  • Email: popia@oremai.co.za
  • Jurisdiction: Republic of South Africa

The Information Officer is responsible for encouraging compliance, handling data subject access requests, and liaising with the Information Regulator where necessary.

3. Lawful Basis for Processing

We process personal information under the following lawful grounds as defined by POPIA:

  • Consent (Section 11(1)(a)): When you create an account, initiate a scan, or submit a contact form, you provide explicit consent for us to process the information you supply for the stated purpose.
  • Legitimate interest (Section 11(1)(f)):We process certain data to deliver the core service you have requested — scanning public sources to identify your exposed personal information, calculating risk scores, and submitting removal requests. This processing is necessary for the performance of our service and is done with your full knowledge and engagement.
  • Legal obligation (Section 11(1)(c)): We retain certain billing and transaction records as required by South African tax law.

4. Categories of Personal Information Processed

OremAI processes the following categories of personal information:

  • Identity information: Full name, email address, phone number.
  • Financial information: Billing details, company name, VAT number (for paid subscribers).
  • Digital exposure data: Information discovered about you from publicly accessible sources, including data broker listings, social media profiles, public records, and web mentions.
  • Risk assessment data: Exposure scores, risk indicators, and historical scan results.
  • Communication data: Messages submitted via our contact form and support channels.

5. How We Protect Your Information

We implement the following technical and organisational safeguards to protect personal information:

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit.
  • Row-level security (RLS) policies in our database ensuring users can only access their own records.
  • Role-based access controls limiting internal access to personal data to authorised personnel only.
  • Regular security audits and vulnerability assessments.
  • Automatic data purging after retention periods expire.
  • Use of South African-hosted infrastructure where possible to maintain data sovereignty.

6. Cross-Border Data Transfers

OremAI's core scanning functionality involves querying international data sources and data broker databases. This means that some processing of your identifiers (name, email) may occur outside of South Africa during the scanning process. We ensure that:

  • Cross-border transfers are limited to what is strictly necessary for delivering the scan and removal services.
  • Third-party processors engaged by OremAI are bound by data processing agreements that provide protections substantially similar to POPIA.
  • No personal data is permanently stored outside South Africa without adequate safeguards in place.

7. Your POPIA Rights

Under POPIA, you have the following rights as a data subject:

  1. Right to be notified (Section 18): You have the right to be informed when your personal information is collected and how it will be used.
  2. Right of access (Section 23): You may request confirmation that we hold your personal information and request a copy of it.
  3. Right to correction (Section 24): You may request that we correct, update, or destroy personal information that is inaccurate, irrelevant, excessive, or misleading.
  4. Right to deletion (Section 24): You may request that we delete your personal information when it is no longer necessary for the purpose for which it was collected.
  5. Right to object (Section 11(3)): You may object to the processing of your personal information on reasonable grounds relating to your particular situation.
  6. Right to complain (Section 74): You may lodge a complaint with the Information Regulator of South Africa if you believe your rights have been infringed.

8. How to Exercise Your Rights

To exercise any of your POPIA rights, please submit a written request to our Information Officer:

Please include your full name, the email address associated with your OremAI account, and a clear description of the right you wish to exercise. We will acknowledge your request within 5 business days and provide a substantive response within 30 days, as required by POPIA.

If you are not satisfied with our response, you may lodge a complaint with the Information Regulator of South Africa:

9. Contact

For any POPIA-related enquiries or data subject requests, please contact:

  • Email: popia@oremai.co.za
  • Company: Keovation Solutions (Pty) Ltd
  • Jurisdiction: Republic of South Africa