This privacy notice explains what personal information TechCloud collects about visitors and clients, why we collect it, who we share it with, and the rights you have under the Protection of Personal Information Act, 2013 (POPIA). It applies to techcloud.co.za and any service we provide directly to South African small businesses.

Last updated: 8 June 2026.

In short

We are the responsible party. TechCloud is the controller of your personal information for everything you do on this website and any service we provide you.
We collect what we need to help you, and very little else. Contact details when you submit a form; anonymous usage data so we can see what's actually useful; ad-related data only if you opt in.
Anonymous first-party analytics are on by default under POPIA §11(1)(f) (legitimate interest of the responsible party). Marketing and ads stay off until you accept them on the cookie banner.
You can opt out, request your data, ask for corrections, or complain to the Information Regulator — at any time.

1. Who we are

TechCloud is a cloud-first managed IT support and Microsoft 365 services provider based in Paulshof, Johannesburg. For the purposes of POPIA we are the responsible party:

Address: 103 LeeuwKop Road, Paulshof 2152, South Africa
Phone: 010 590 0090
Email: info@techcloud.co.za
Information Officer: Sudhashen Naicker (contactable on the above details)

2. What information we collect

We collect different categories of information depending on what you do on this site or with our service:

Contact details — name, email, phone number, company name, the message you send us. You give it to us via the contact form, email, phone, or WhatsApp.
Account & billing — domain name, M365 tenant ID, invoice address, VAT number, services you've signed up for. Collected when you become a client.
Technical & analytics — IP address, browser type, pages visited, time on page, anonymous click data, anonymous session replays. Collected automatically by Google Analytics 4 and Microsoft Clarity.
Advertising — Google advertising IDs, conversion events, remarketing audience membership. Only collected if you click "Accept all" on the cookie banner.

3. Why we collect it — our lawful grounds

Under POPIA §11, we may process personal information only on specific lawful grounds. Our grounds for each type of processing are:

Providing the service you asked for — §11(1)(b) (necessary for the conclusion or performance of a contract). Applies to: client services, lead forms, support tickets, M365 onboarding, billing.
Anonymous first-party analytics — §11(1)(f) (legitimate interest of the responsible party). Applies to: GA4 and Microsoft Clarity. We use this to understand which pages are useful and which aren't. We do not use it to identify you personally or to target ads. You can opt out anytime via Cookie preferences in the footer.
Marketing and ads — §11(1)(a) (your consent). Applies to: Google Ads conversion tracking and remarketing. We only set these cookies after you click "Accept all" on the banner.
Legal obligations — §11(1)(c). Applies to: SARS records, tax invoices, statutory record-keeping.

Your right to object to processing under §11(3) is always available — see Section 7.

4. Who processes data on our behalf

We use a small number of service providers (operators under POPIA) to deliver this site and our service. Each has a written agreement obliging them to keep your data secure and confidential:

Cloudflare — hosts and delivers the website (CDN + edge compute). Processes IP addresses and request metadata for caching and security.
Neon — hosts our application database (lead form submissions, client records).
Brevo — sends transactional email notifications to us when you submit the contact form.
Google (Analytics + Ads) — anonymous web analytics and, with your consent, advertising. See Google's privacy policy.
Microsoft (Clarity) — anonymous heatmaps and session replays. See Microsoft's privacy statement.
Microsoft (365) — for clients on our managed M365 service, Microsoft is the operator hosting your mailbox, OneDrive and Teams. You retain ownership of that content.
Upload-Post — orchestrates our own social media posting (does not handle visitor or client data).

5. International transfers

Some of our service providers process personal information outside South Africa. POPIA §72 permits this where the recipient is subject to a law, binding corporate rules or binding contract that gives effect to substantially similar conditions to POPIA. Specifically:

Cloudflare — global edge network. The edge node for SA visitors is typically Johannesburg, but data may transit through other regions. Cloudflare is subject to the EU–US Data Privacy Framework.
Google — Analytics and Ads infrastructure is hosted globally. Subject to the EU–US Data Privacy Framework.
Microsoft — Clarity and M365 infrastructure can be hosted globally. M365 tenants we provision for SA clients default to the South Africa North (Johannesburg) data centre. Subject to the EU–US Data Privacy Framework.
Brevo — based in France (EU), subject to the GDPR which POPIA recognises as substantially similar.

6. How long we keep your data

Contact form submissions: 24 months from your last contact, then deleted.
Active client records: for the duration of the service relationship plus 5 years (SARS / Companies Act minimum).
Analytics data (GA4): 14 months default retention.
Session replays (Microsoft Clarity): 13 months.
Cookie consent record: 6 months from your last choice — after that the banner reappears.
Email correspondence: up to 7 years for tax/audit purposes.

7. Your rights under POPIA

You have the right to:

Be informed about what we collect and why — this notice.
Access the personal information we hold about you — write to info@techcloud.co.za. We'll respond within 30 days.
Correct any inaccurate information.
Delete personal information, subject to legal retention requirements (we may need to keep tax records for 7 years).
Object to processing on legitimate interest grounds (§11(3)). For analytics, opt out via Cookie preferences in the footer.
Withdraw consent for marketing cookies at any time. The "Reject all" button on the banner does this in one click.
Lodge a complaint with the Information Regulator if you believe we have not handled your information properly (details below).

8. Cookies and tracking technologies

A separate, plain-language Cookie Policy explains every cookie this site sets, why, and how to change your choices: Cookie Policy →. The short version:

Necessary — always on. Just the cookie that remembers your consent choice.
Analytics — on by default under POPIA §11(1)(f). Opt out via Cookie preferences in the footer.
Marketing — off until you accept on the banner.

9. Security

We use appropriate technical and organisational measures to protect your information: TLS encryption in transit, encrypted storage at rest, role-based access for staff, MFA on all admin accounts, and a documented incident response process. If we ever experience a security compromise that affects your personal information, we will notify both you and the Information Regulator without unreasonable delay, as required by POPIA §22.

10. Contact us — and how to lodge a complaint

For any privacy question, data subject request, or to raise a concern with us directly:

Email: info@techcloud.co.za
Phone: 010 590 0090
Post: 103 LeeuwKop Road, Paulshof 2152

If you are not satisfied with how we have handled your concern, you have the right to complain to the Information Regulator (South Africa):

POPIA complaints email: POPIAComplaints@inforegulator.org.za
General enquiries: enquiries@inforegulator.org.za
Phone: 010 023 5200 (or 0800 017 160 toll-free)
Address: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191
Web: inforegulator.org.za

11. Changes to this policy

We will update this notice when the way we handle information changes. The "Last updated" date at the top tells you when this version was published. Material changes will be highlighted on this page; minor wording fixes will not.

Privacy Policy