Legal Desk · Data Protection
This page sets out POPIA-aware placeholder principles for protecting supplier, buyer, compliance and procurement workflow data inside AiForm Procure.
AiForm Procure should be operated with awareness of South Africa's Protection of Personal Information Act. Production policies should define responsible parties, lawful processing grounds, retention, access handling and cross-border considerations where relevant.
Security principles include collecting only necessary data, protecting sensitive supplier and procurement records, limiting access by role, monitoring important activity and maintaining reliable operational controls.
Access should be restricted according to user role and business need. Supplier, buyer, admin and finance workflows should only expose information needed for authorised procurement activity.
Supplier documents such as compliance evidence and banking verification support should be protected from public exposure and handled through controlled review workflows.
Users may need mechanisms to request access, correction, deletion, restriction or review of personal information, subject to lawful procurement, audit and recordkeeping obligations.
Data protection questions, access requests or correction requests should be directed through the contact channel until a formal information officer or privacy contact is appointed.
Audit logs, workflow records and governance reports can help demonstrate how procurement decisions, supplier changes and document reviews were handled.
This data protection page is not final legal advice. It should be reviewed against the final data architecture, Supabase configuration, storage controls and operating entity obligations.
