Privacy Policy

Last updated: 11 June 2026 · ComplyBar is designed on a metadata-only model. Your document content stays with you.

Core principle: ComplyBar records governance signals - not content. No email body, message text, document content, keystrokes or screenshots are ever collected or transmitted by the Platform.

1. Our Metadata-Only Approach

ComplyBar is architected on a metadata-only model. When your organisation connects repositories, scans files or processes compliance events, the Platform analyses and records governance metadata - file names, sizes, types, classification signals, risk indicators and audit event timestamps. The content of your files and communications is not stored or transmitted to ComplyBar's servers.

2. What Data May Be Collected

The Platform may collect and process the following categories of information:

Account and tenant data: Organisation name, administrator name, email address, contact number, subscription status and account configuration.
Governance metadata: File names, file types, file sizes, folder paths, repository names and governance scores derived from file analysis.
Audit event data: Timestamps, event types, risk classifications and user or device identifiers associated with governance events - but not the content of those events.
Usage data: Platform feature usage logs used for product improvement and support.
Session data: Login sessions, authentication events and role-based access logs.

3. What Is Not Collected by Default

By design, the following are not collected, stored or transmitted:

The text, body or content of any email, message or document.
Keystrokes, screen recordings or screenshots.
Full document content from scanned or uploaded files.
Personal identification numbers or biometric data.
Any information beyond what is necessary for the governance signal being recorded.

4. File Scanning Privacy

When a file is submitted for scanning through the Platform:

The file is processed in-memory on the server to extract governance signals (file type, naming quality, classification signals).
File content is not persisted to the ComplyBar database.
Only the resulting metadata - file name, type, size, governance score and risk indicators - is stored.

5. OCR Privacy

For image-based or scanned PDF files where OCR (optical character recognition) is enabled:

OCR processing is performed server-side in an isolated worker process.
Extracted text is used only to derive governance signals and is not stored in the database.
OCR processing can be disabled at tenant level by your administrator.

6. Repository Connector Privacy

When repository connectors (Google Drive, OneDrive, SharePoint, etc.) are configured:

Connector authentication tokens are stored securely.
The connector accesses only the folders specified by your administrator.
File metadata is retrieved for governance assessment. File content is processed in-memory and is not stored.
You can revoke connector access at any time from the Connectors dashboard.

7. Tenant and Administrator Controls

Your organisation's administrator has full control over:

Which features are enabled for your tenant.
Which repository folders are connected and scanned.
OCR processing settings.
User access and role assignments.
Data deletion and reset of governance records.

8. Data Retention

Governance metadata, audit logs and assessment records are retained for the duration of your subscription. On termination, data may be retained for a limited period to comply with legal obligations before being securely deleted. You may request earlier deletion by contacting us.

9. Data Subject Requests

Under POPIA and applicable data protection law, individuals have the right to access, correct or request deletion of their personal information. To submit a data subject request, contact your organisation's Information Officer or email us at complybarsales@oursystem.live.

10. POPIA Alignment

ComplyBar is designed to support organisations in meeting their obligations under the Protection of Personal Information Act (POPIA). The Platform's audit trail, risk classification and governance reporting features are intended to assist Information Officers in fulfilling their statutory duties. Use of the Platform does not replace the need for a compliant POPIA framework within your organisation.

11. Contact

For privacy enquiries, please contact:

Email: complybarsales@oursystem.live
Phone: 081 427 5777
Website: www.complybar.co.za