Privacy Policy
This privacy policy (“Policy”) explains how The Resilience Matrix (“we”, “us”, “our”) collects, uses, stores, and protects your personal information in compliance with the Protection of Personal Information Act 4 of 2013 (“POPIA”) of the Republic of South Africa.
Last updated: February 2026
1. Responsible Party
The responsible party for the processing of your personal information, as defined in POPIA, is:
You may lodge a complaint with the Information Regulator (South Africa) at inforeg.org.za if you believe your personal information has been processed in violation of POPIA.
2. Personal Information We Collect
We collect the following categories of personal information:
2.1 Information You Provide
| Data | When Collected | Purpose |
|---|---|---|
| Email address | Waitlist registration | Premium launch notification, lead management |
| Company name | Waitlist registration | Understanding our user base, potential B2B outreach |
| AI adoption estimate (%) | Waitlist registration | AI adoption research, product development |
| Job descriptions | Each analysis | Providing the resilience score, aggregate trend analysis |
2.2 Information Collected Automatically
| Data | Purpose | Storage |
|---|---|---|
| IP address | Rate limiting, abuse prevention | In-memory only (not persisted) |
| Usage count, registration status | Enforcing free-tier limits | Your browser (localStorage) — never sent to our servers |
We do not use cookies for tracking or advertising. We do not use third-party analytics services (no Google Analytics, no Meta Pixel).
3. Legal Basis for Processing (POPIA Section 11)
We process your personal information on the following grounds:
- Consent (s11(1)(a)): By submitting the waitlist registration form, you voluntarily consent to the processing of your email, company name, and AI adoption estimate for the stated purposes.
- Legitimate interest (s11(1)(f)): Job descriptions are processed to provide the resilience analysis you requested. Aggregate, anonymised data may be used for AI adoption trend research.
- Contract (s11(1)(b)): Processing is necessary to provide the analysis service you requested.
4. How We Use Your Information
- • To provide AI resilience analysis results
- • To notify you when premium features launch (if you joined the waitlist)
- • To track aggregate, anonymised AI adoption trends across industries
- • To improve the accuracy and quality of the scoring engine
- • To prevent abuse (rate limiting)
We will never sell your personal information to third parties. We will never use your email address for unsolicited marketing beyond the premium launch notification you opted into.
5. Third-Party Processors & Cross-Border Transfers
Your information may be processed by the following third-party service providers, some of which operate outside the Republic of South Africa. Per POPIA Section 72, we ensure these parties maintain adequate data protection measures:
| Provider | Purpose | Location |
|---|---|---|
| Vercel Inc. | Website hosting, serverless functions | United States |
| Supabase Inc. | Database storage (analyses, leads) | United States |
| Groq Inc. | AI inference (resilience scoring) | United States |
| ntfy.sh | Admin push notifications (rate limit alerts, waitlist interest) | Germany / EU |
Job descriptions submitted for analysis are sent to Groq's API for processing. Groq does not retain input data beyond the duration of the API call per their data processing terms.
6. Data Retention
| Data | Retention Period |
|---|---|
| Waitlist registration (email, company, AI adoption %) | Until premium launch or until you request deletion |
| Analysis results (job description, score, breakdown) | 24 months for aggregate research, then anonymised or deleted |
| IP addresses (rate limiting) | Not persisted (in-memory only, cleared on server restart) |
7. Your Rights Under POPIA
As a data subject, you have the right to:
- Access (s23): Request confirmation of what personal information we hold about you and obtain a copy.
- Correction (s24): Request correction or deletion of inaccurate, irrelevant, or excessive personal information.
- Deletion (s24): Request deletion of your personal information. We will comply within 30 days unless a legitimate reason for retention exists.
- Objection (s11(3)): Object to the processing of your personal information on reasonable grounds.
- Withdraw consent: Withdraw your consent to processing at any time, without affecting the lawfulness of processing before withdrawal.
- Complaint (s74): Lodge a complaint with the Information Regulator if you believe your rights have been violated.
To exercise any of these rights, email privacy@theresiliencematrix.com. We will respond within 30 days as required by POPIA.
8. Security Measures
We implement appropriate technical and organisational measures to protect your personal information (POPIA s19), including:
- • All data transmitted over HTTPS (TLS 1.3)
- • Database access restricted via row-level security policies
- • API rate limiting to prevent abuse
- • Prompt injection detection to prevent misuse of the analysis engine
- • No storage of passwords (we do not have user accounts)
- • Environment variables for all API keys and secrets
9. Children's Information
The Resilience Matrix is designed for professionals and is not directed at children under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will delete it promptly. Per POPIA s35, processing of children's personal information requires prior consent of a competent person.
10. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated by updating the “Last updated” date at the top of this page. Your continued use of the service after changes constitutes acceptance of the revised Policy.
11. Contact
For any questions about this Policy, to exercise your data subject rights, or to lodge a complaint:
Information Officer
If you are not satisfied with our response, you may lodge a complaint with the Information Regulator (South Africa):
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Email: complaints.IR@justice.gov.za
Website: inforeg.org.za