NexusOps.ai
Free Assessment
Legal · Policy 01

Privacy Policy

A public-facing data protection notice explaining how NexusOps AI collects, uses, stores, shares, and protects personal information under the Protection of Personal Information Act 4 of 2013 (POPIA).

Effective
April 2026
Version
v1.0
Review cycle
Annual
Applies to
All data subjects

1. Introduction

NexusOps AI Proprietary Limited (“NexusOps AI”) is committed to protecting the personal information of all individuals whose data we process. This Privacy Policy explains how we collect, use, store, share, and protect personal information in accordance with the Protection of Personal Information Act 4 of 2013 (“POPIA”) and all applicable South African data protection legislation.

This Policy applies to all personal information processed through the NexusOps AI platform, its AI-powered vertical workflow products (PipelineIQ, BidIQ, PracticeIQ, SchemeIQ, FinIQ), and any associated services.

NexusOps AI processes personal information in accordance with the principles of lawfulness, minimality, transparency, purpose limitation, accountability and security safeguards as required under POPIA.

The provision of personal information may be mandatory where required for service delivery or legal compliance. Failure to provide such information may result in NexusOps AI being unable to provide services.

2. Who we are

NexusOps AI is a South African AI integration and automation company delivering vertical workflow solutions to the formal South African business market. We provide AI-powered tools for financial automation, tender and procurement management, sales pipeline automation, medical practice operations, medical scheme operations, hospitality and tourism operations, and digital marketing intelligence.

  • Responsible partyNexusOps AI (Pty) Ltd, registered in the Republic of South Africa.
  • Information officerAs registered with the Information Regulator of South Africa.
  • Contactprivacy@nexusopsai.co.za
  • Websitenexusopsai.co.za
  • Registered address51 the Straight Avenue, Pineslopes, Fourways, Gauteng, 2191

3. Personal information we collect

We process the following categories of personal information, depending on the product and service context:

Category
Personal information collected
Identity
Full name, identity number, date of birth, gender
Contact
Physical address, email address, mobile number
Financial (FinIQ)
Business financial transactions, VAT registration, payroll data, SARS reference numbers, bank account details (where applicable)
Procurement (BidIQ)
Director details, CIDB registration, CSD supplier data, company registration documents, bid pricing structures
Sales & CRM (PipelineIQ)
Lead contact details, CRM activity records, sales pipeline data, communication logs, deal history
Medical Practices (PracticeIQ)
Patient appointment details, contact information for patient outreach, and claim-relevant administrative data (no clinical records held by NexusOps AI)
Medical Schemes (SchemeIQ)
Member identifiers, benefit query records, pre-authorisation case data, and scheme correspondence (no clinical records held by NexusOps AI)
Hospitality & Tourism
Guest booking data, reservation history, loyalty programme membership, accommodation preferences, travel itinerary details
Digital Marketing / SEO
Website analytics data, keyword performance records, campaign attribution data, client brand asset references (pseudonymised where possible)
Behavioural
Platform usage, workflow interactions, AI-generated recommendations acted upon
Technical
IP addresses, device identifiers, session tokens (for platform security)

We limit the collection of personal information to what is adequate, relevant, and not excessive in relation to the purpose for which it is processed.

NexusOps AI does not intentionally process special personal information, including health data, biometric data, religious beliefs, or political opinions, unless explicitly authorised by the data subject and processed in accordance with POPIA.

4. How we collect personal information

Personal information is collected:

  • Directly from clients and their end-users via the NexusOps AI platform and its vertical products.
  • From third-party integrations authorised by the client (e.g. SARS eFiling, CSD portal, hospitality property management systems, CRM platforms, scheme administration systems).
  • Via WhatsApp-first interfaces where end-users interact directly with our AI agents.
  • From publicly available regulatory and business databases (CIDB, CSD, CIPC) for procurement intelligence purposes.
  • Through the use of cookies and similar tracking technologies on our website and platform.

5. Purpose of processing

We process personal information exclusively for the following purposes:

  • AI workflow automation: Delivering automated financial, tender, sales, medical practice, medical scheme, hospitality operations, and digital marketing workflow services to clients.
  • Financial compliance (FinIQ): Processing transaction and tax data to support SARS compliance, VAT returns, and payroll obligations.
  • Tender management (BidIQ): Processing company and director data to support public procurement compliance and bid submission.
  • Sales automation (PipelineIQ): Processing prospect and CRM data to support client sales pipelines.
  • Medical practice operations (PracticeIQ): Processing patient communication and administrative data to support practice reception, billing, and lead management.
  • Medical scheme operations (SchemeIQ): Processing member query and case data to support benefit navigation, pre-authorisation, and retention.
  • Hospitality & tourism operations: Processing guest and reservation data to automate bookings, guest communications, and operational workflows for hotels, lodges, and tour operators.
  • Digital marketing intelligence: Processing website and campaign analytics data to support AI-driven SEO strategy, content automation, and digital marketing optimisation for clients.
  • Platform security and compliance: Maintaining audit trails, incident logs, and regulatory records.
  • Service improvement: Aggregated, anonymised analytics to improve AI model performance (no individual re-identification).

We limit the collection of personal information to what is adequate, relevant, and not excessive in relation to the purpose for which it is processed. Personal information will not be processed for purposes that are incompatible with those listed above. Where personal information is not collected directly from the data subject, the source of such information will be disclosed upon request.

7. How we share personal information

NexusOps AI shares personal information only in the following circumstances:

  • With authorised clients: The company, hospitality operator, medical practice, scheme administrator, or organisation that has contracted NexusOps AI for services.
  • With integration partners: Third-party systems authorised by the client (e.g. SARS eFiling, property management systems, CRM platforms, digital marketing platforms, scheme administration systems).
  • With sub-processors: Cloud infrastructure and AI model providers operating under binding data processing agreements with equivalent POPIA protections.
  • With regulators: Where required by law, court order, or directive from a competent authority (e.g. Information Regulator, SARS, relevant sector regulators).

NexusOps AI does not sell, rent, or trade personal information. A current list of sub-processors and third-party service providers is available upon request.

8. Cross-border data transfers

NexusOps AI recognises that cloud-based processing may result in passive cross-border transfers and ensures that such transfers are covered by appropriate safeguards and contractual controls.

Transfers only occur where one or more of the following conditions are met:

  • The recipient is subject to laws, binding corporate rules, or agreements that provide an adequate level of protection substantially similar to POPIA.
  • The transfer is necessary for the performance of a contract with the data subject.
  • The data subject has provided explicit consent.
  • The transfer is for the benefit of the data subject.

NexusOps AI implements appropriate safeguards, including:

  • Data processing agreements incorporating standard contractual clauses.
  • Due diligence assessments of cloud providers.
  • Verification of security and access controls.
  • Restrictions on onward transfers by sub-processors.

9. Retention of personal information

We retain personal information only for as long as necessary to fulfil the purposes set out in this Policy, or as required by law. Retention periods are governed by our Data Retention & Deletion Policy.

Typical retention periods include:

  • Financial records: up to 5 years in accordance with South African Revenue Service requirements.
  • Client contractual data: duration of contract plus applicable legal prescription periods under South African law.
  • Platform usage data: retained for operational and security purposes for a limited period.

10. Security of personal information

NexusOps AI implements appropriate technical and organisational measures to protect personal information, including:

  • AES-256 encryption of data at rest and TLS 1.2+ for data in transit.
  • Role-based access controls and multi-factor authentication across all systems.
  • Data minimisation and pseudonymisation where appropriate.
  • Regular penetration testing and vulnerability assessments.
  • Immutable audit logging of all access to personal information.
  • Incident response and breach notification procedures.

11. Your rights as a data subject

Under POPIA, data subjects have the following rights:

Right
Description
Right of Access (s23)
Request confirmation of whether NexusOps AI holds your personal information and obtain a copy.
Right to Correction (s24)
Request that inaccurate or incomplete personal information be corrected or deleted.
Right to Object (s11(3))
Object to the processing of your personal information on reasonable grounds.
Right to Deletion (s24)
Request destruction or deletion of personal information no longer lawfully retained.
Right to Withdraw Consent (s11)
Where processing is consent-based, withdraw consent at any time without affecting prior lawful processing.
Right to Complain (s73)
Lodge a complaint with the Information Regulator of South Africa.

To exercise any of these rights, contact our Information Officer at privacy@nexusopsai.co.za. We will respond within 30 calendar days.

Requests may be submitted using prescribed POPIA forms where applicable. NexusOps AI may require reasonable identity verification before processing such requests in order to prevent unauthorised access.

12. Automated decision-making

NexusOps AI uses artificial intelligence systems to generate recommendations and automate workflows. These systems do not make solely automated decisions that produce legal consequences for data subjects without appropriate human oversight.

Where automated processing materially influences outcomes (e.g. financial insights, tender scoring assistance, or sales prioritisation), such outputs are:

  • Subject to human review.
  • Explainable at a high level upon request.
  • Not determinative without client control.

Data subjects may request:

  • Human intervention.
  • An explanation of outcomes.
  • The ability to contest decisions.

13. Direct marketing

NexusOps AI may process personal information for direct marketing purposes only:

  • with the data subject’s consent; or
  • where permitted under Section 69 of POPIA.

Data subjects may opt out of marketing communications at any time by using unsubscribe mechanisms or contacting the Information Officer. A record of consent is maintained.

14. Cookies and tracking technologies

NexusOps AI uses cookies and similar technologies to:

  • authenticate users;
  • analyse platform usage; and
  • improve service performance.

Categories of cookies used:

  • Essential cookies (authentication and security).
  • Analytics cookies (usage insights).
  • Optional marketing cookies (where applicable and consented to).

Users may manage cookie preferences via their browser settings. Where required, consent will be obtained before placing non-essential cookies. See our Cookie Policy for further detail.

15. Data breaches

In the event of a security compromise involving personal information, NexusOps AI will notify affected clients within 24 hours of becoming aware of the breach and will assist with notification to the Information Regulator and affected data subjects.

16. Complaints

If you are dissatisfied with how NexusOps AI has handled your personal information, you may lodge a complaint with the Information Regulator of South Africa:

17. Updates to this policy

This Policy may be updated from time to time. The current version will be available at nexusopsai.co.za/privacy-policy. Where material changes are made, NexusOps AI will take reasonable steps to notify affected data subjects in advance where practicable.

Last updated: April 2026 · Version 1.0