1. Introduction and Scope

Decabase (Pty) Ltd (Registration No. 2021/709341/07) ("Decabase", "we", "us" or "our") is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African legislation.

This Privacy Policy explains how we collect, use, store and protect personal information when you visit our website at decabase.co.za (the "Website"). By using the Website, you acknowledge that you have read and understood this policy.

2. Information We Collect

We collect personal information only when you voluntarily provide it to us through our contact form. The information we collect includes:

• Your name
• Your email address
• Your company name (optional)
• The content of your message

We do not use cookies. Your theme preference (light or dark mode) is stored locally in your browser using localStorage and is never transmitted to our servers.

We do not use third-party analytics, tracking pixels, or advertising technologies on this Website.

3. How We Use Your Information

We use the personal information you provide for the following purposes:

• To respond to your enquiry or message
• To communicate with you about our SAP consulting services
• To maintain records of business correspondence

We will not use your personal information for any purpose other than those stated above without first obtaining your consent.

4. Legal Basis for Processing

Under POPIA, we process your personal information on the following lawful grounds:

• Consent — by submitting the contact form, you consent to us processing the information you provide
• Legitimate interest — to respond to your enquiry and conduct our business operations
• Contractual necessity — where processing is required to enter into or perform a contract with you

5. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only with the following service providers who assist us in operating the Website:

• Email service provider (Gmail / Google Workspace) — for delivering and storing contact form submissions
• Hosting provider (Plash) — for serving the Website

These providers process data only on our behalf and in accordance with our instructions. We take reasonable steps to ensure they maintain appropriate security measures.

6. Data Retention

We retain personal information collected through the contact form for as long as reasonably necessary to fulfil the purpose for which it was collected, typically no longer than 24 months from the date of your last interaction with us. After this period, your data will be securely deleted or anonymised.

You may request earlier deletion at any time by contacting us (see Section 13 below).

7. Information Security

We implement reasonable technical and organisational measures to protect your personal information, including:

• TLS encryption for all data transmitted between your browser and our Website
• Encrypted SMTP (STARTTLS) for email transmission of contact form submissions
• Access controls limiting who can view contact form data

While we take reasonable precautions, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security of your information.

8. Your Rights Under POPIA

As a data subject under POPIA, you have the right to:

• Request confirmation of whether we hold personal information about you
• Request access to your personal information
• Request correction of inaccurate, irrelevant, excessive, out-of-date, incomplete, or misleading information
• Request deletion or destruction of your personal information
• Object to the processing of your personal information
• Withdraw your consent to processing at any time
• Lodge a complaint with the Information Regulator if you believe your rights have been infringed

To exercise any of these rights, please contact us using the details in Section 13. We will respond to your request within a reasonable time, and in any event within 30 days.

9. Third-Party Links

The Website may contain links to third-party websites, including blog posts hosted on Medium, open-source projects on GitHub, and SAP documentation. These external sites are not operated by us, and we are not responsible for their content or privacy practices. We encourage you to review the privacy policies of any third-party site you visit.

10. Use of Artificial Intelligence and Emerging Technologies

Overview. We may use artificial intelligence (AI) and related tools and technologies in connection with our consulting services, internal operations, and the delivery of client projects (collectively, "AI-Assisted Services"). This includes the use of AI-powered development tools, code assistants, and large language models (LLMs) to accelerate SAP development and improve service quality. Where personal data is processed by these technologies, such processing is limited to the purposes described in this Privacy Policy.

Data we use. AI-Assisted Services do not result in the collection of any new categories of personal data beyond what is described in Section 2 of this Privacy Policy. In the course of delivering our services, certain information — such as your name, email address, or project-related correspondence — may be processed using AI tools provided by third-party LLM providers (such as Anthropic, OpenAI, or SAP). We take reasonable steps to minimise the personal data shared with these providers and to ensure they maintain appropriate security and confidentiality standards.

AI model training. We do not use your personal data to train AI models. Any data processed through third-party AI tools is subject to those providers' data processing agreements, which prohibit the use of customer data for model training.

Third-party AI platforms. We may make tools, resources, or content available through third-party AI platforms, applications, or interfaces (such as MCP servers or AI assistants). When you interact with a third-party AI platform, your use of that platform is subject to that platform's own terms of service and privacy policy, not this Privacy Policy. We do not control, and are not responsible for, how third-party platforms collect, use, store, or share your data.

Automated processing. Where AI tools are used in the delivery of our services, this may involve automated processing of project-related data. This processing does not produce decisions with legal or similarly significant effects on you.

11. Children’s Privacy

The Website and our services are directed at businesses and professionals. We do not knowingly collect personal information from children under the age of 18. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

13. Contact and Information Officer

If you have any questions about this Privacy Policy, wish to exercise your rights, or need to report a concern about how your personal information is handled, please contact us:

You also have the right to lodge a complaint with the Information Regulator (South Africa):