Privacy Policy
How Phoenix Link (Pty) Ltd collects, uses, and protects your information.
Last updated: 2025-12-02
Phoenix Link (Pty) Ltd
Privacy Policy
Last Updated: 1 December 2025
Phoenix Link (Pty) Ltd ("Phoenix Link", "we", "our", or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, share, and protect your information when you use our website, products, and services.
This policy applies to all Phoenix Link products and services, including but not limited to: Phoenix SmartFlow CRM, Phoenix Whisper, DeepTree, AIChatFriends, trading bots, and our website at www.phoenixlink.co.za.
By using our services, you consent to the collection and use of your information as described in this policy. If you do not agree, please do not use our services.
1. Our Commitment to Data Protection
Phoenix Link processes personal information in accordance with the Protection of Personal Information Act (POPIA) of South Africa and other applicable data protection laws.
Our core principles:
• Accountability: We take responsibility for the personal information we process
• Purpose Limitation: We collect data only for specific, lawful purposes
• Minimisation: We collect only the data necessary for our stated purposes
• Quality: We take reasonable steps to ensure data is accurate and up to date
• Transparency: We are open about how we handle your data
• Security: We implement appropriate measures to protect your data
• Data Subject Rights: We respect and facilitate your rights over your personal information
2. Information We Collect
2.1 Information You Provide Directly
When you create an account, make a purchase, or contact us, you may provide:
• Identity Information: Name, email address, phone number
• Account Credentials: Username, password (encrypted)
• Payment Information: Billing address, payment method details (processed by secure third-party providers)
• Business Information: Company name, VAT number (if applicable)
• Communication Data: Support tickets, emails, feedback you send us
• API Keys: Third-party API keys you provide for BYOK services (stored securely, encrypted at rest)
2.2 Information Collected Automatically
When you use our services, we automatically collect:
• Device Information: Device type, operating system, browser type
• Usage Data: Features used, actions taken, time spent on pages
• Log Data: IP address, access times, error logs
• Cookies & Similar Technologies: See Section 8 for details
2.3 Information from Third Parties
We may receive information from:
• Payment Processors: Transaction confirmations, payment status
• Analytics Providers: Aggregated usage statistics
• Platform Integrations: Data from connected platforms (e.g., Telegram, Discord) as required to provide services
3. How We Use Your Information
We use your information for the following purposes:
|
Purpose |
Legal Basis (POPIA) |
|
Providing our Services |
Contract performance |
|
Processing payments |
Contract performance |
|
Customer support |
Contract performance / Legitimate interest |
|
Service improvements |
Legitimate interest |
|
Security & fraud prevention |
Legitimate interest / Legal obligation |
|
Marketing communications |
Consent (opt-in required) |
|
Legal compliance |
Legal obligation |
We will never sell your personal information to third parties.
4. AI Services & BYOK Data Handling
Some Phoenix Link services, including AIChatFriends, use artificial intelligence and operate on a Bring Your Own Key (BYOK) model. This section explains how data is handled in these services.
4.1 Your API Keys
• API keys you provide are encrypted at rest using industry-standard encryption
• Keys are used solely to facilitate your requests to third-party AI providers
• We do not share your API keys with anyone other than the intended provider
• You can delete your API keys at any time through your account settings
4.2 Conversation & Prompt Data
• Prompts you submit are sent to third-party AI providers (e.g., OpenAI, Anthropic, Google) to generate responses
• These providers process your data according to their own privacy policies
• Phoenix Link may temporarily store conversation data to provide the service (e.g., maintaining context)
• We do not use your conversation content to train AI models
• Conversation history retention periods vary by product — see product-specific documentation
4.3 Recommendations for Sensitive Data
We recommend you do not submit the following through AI services unless you have verified compliance requirements: personal identification numbers, financial account details, health records, confidential business information, or any data subject to regulatory requirements (e.g., POPIA special personal information).
5. Who We Share Data With
We may share your information with:
5.1 Service Providers
Third parties who help us operate our business:
• Payment Processors: Paddle, Stripe, or equivalent (to process payments)
• Hosting Providers: Cloud infrastructure services
• AI Providers: OpenAI, Anthropic, Google (for BYOK AI services)
• Analytics Services: To understand how our services are used
• Communication Platforms: Email service providers
5.2 Legal Requirements
We may disclose information if required to:
• Comply with legal obligations or valid legal processes
• Protect the rights, property, or safety of Phoenix Link, our users, or the public
• Enforce our Terms & Conditions
5.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.
6. International Data Transfers
Phoenix Link is based in South Africa. Your data may be transferred to and processed in countries outside South Africa, including:
• Countries where our cloud infrastructure providers operate
• Countries where third-party AI providers (OpenAI, Anthropic, Google) process data
• Other jurisdictions where our service providers are located
When transferring data internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or transfers to countries with adequate data protection laws, as required by POPIA.
7. Data Retention
We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected:
|
Data Type |
Retention Period |
|
Account information |
Duration of account + 2 years |
|
Transaction records |
7 years (legal/tax requirements) |
|
Support communications |
3 years from resolution |
|
API keys |
Until deleted by user or account closure |
|
Usage/analytics data |
24 months (aggregated/anonymised) |
|
Marketing preferences |
Until consent withdrawn |
After the retention period, data is securely deleted or anonymised.
8. Cookies & Tracking Technologies
We use cookies and similar technologies to improve your experience:
8.1 Types of Cookies We Use
• Essential Cookies: Required for the website to function (e.g., authentication, security)
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand how visitors use our website
• Marketing Cookies: Used to deliver relevant advertisements (only with consent)
8.2 Managing Cookies
You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of our services.
9. Your Rights Under POPIA
As a data subject, you have the following rights:
|
Right |
Description |
|
Access |
Request a copy of the personal information we hold about you |
|
Correction |
Request correction of inaccurate or incomplete information |
|
Deletion |
Request deletion of your personal information (subject to legal obligations) |
|
Objection |
Object to processing based on legitimate interests or direct marketing |
|
Restriction |
Request restriction of processing in certain circumstances |
|
Withdraw Consent |
Withdraw consent at any time (does not affect prior processing) |
|
Complaint |
Lodge a complaint with the Information Regulator |
To exercise your rights:
Contact our Information Officer at support@phoenixlink.co.za. We will respond to your request within 30 days.
We may need to verify your identity before processing your request.
10. Data Security
We implement appropriate technical and organisational measures to protect your data, including:
• Encryption of data in transit (TLS/SSL) and at rest
• Secure password hashing
• Access controls and authentication requirements
• Regular security assessments
• Secure cloud infrastructure with reputable providers
• Employee confidentiality obligations
While we take reasonable precautions, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
11. Children's Privacy
Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at support@phoenixlink.co.za.
12. Third-Party Links & Services
Our services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
13. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes:
• We will update the "Last Updated" date at the top of this policy
• Material changes will be communicated via email or prominent notice on our website
• Continued use of our services after changes indicates acceptance
14. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us:
|
Phoenix Link (Pty) Ltd Email: support@phoenixlink.co.za Website: www.phoenixlink.co.za Address: 40 Stephanus Road, Glen Marias, Kempton Park, 1619 |
Information Regulator (South Africa)
If you are not satisfied with our response to a privacy concern, you may lodge a complaint with:
• Website: www.justice.gov.za/inforeg/
• Email: enquiries@inforegulator.org.za