This Privacy Policy explains how Leaditio collects, uses, stores, and protects your personal information in accordance with the Protection of Personal Information Act, Act 4 of 2013 (POPIA). We are committed to your privacy and to handling personal information responsibly. If you have any questions, contact our Information Officer at info@leaditio.com.
SECTION 01
Who We Are
Leaditio is a lead generation marketplace operated by Kgusiame Group, a company registered in the Republic of South Africa, with its principal place of business in Johannesburg, Gauteng, South Africa.
As the operator of the Platform, Leaditio acts as a Responsible Party under POPIA in respect of personal information collected directly through the Platform for the purposes of lead scoring, matching, and platform administration. Leaditio also acts as an Operator in respect of Consumer lead data that is delivered to registered Buyers, who themselves become Responsible Parties upon receipt of that data.
Contact details for our Information Officer:
- Email: info@leaditio.com
- Phone: +27 78 894 9331
- Address: Johannesburg, Gauteng, South Africa
SECTION 02
Information We Collect
2.1 From Consumers (Lead Submitters)
When a Consumer submits a service enquiry form on the Platform or via a partner publisher, we collect:
- Full name
- Mobile phone number (primary contact)
- Email address
- Suburb and city of residence
- Type of service required (e.g., solar installation, insurance quote)
- Stated budget range or financial parameters
- Urgency or timeline (e.g., "within 1 month")
- IP address at time of form submission
- Consent timestamp and form version identifier
- Source or referral channel (e.g., Google Ads, organic search)
2.2 From Buyers
When registering as a Buyer and during the use of Buyer account services:
- Full name and job title of the account holder
- Company name and registered business address
- CIPC registration number and VAT number
- Business email address and contact phone number
- Payment and billing information (processed and stored by Paystack; Leaditio does not store card details)
- Lead delivery preferences (vertical, geography, delivery method)
- Dashboard activity and lead management records
2.3 Automatically Collected Data
We automatically collect the following data when any user interacts with the Platform:
- Page views and navigation paths
- Form interaction events (field focus, completion rate, time to submit)
- Device type, operating system, and browser version
- Source and referral data (UTM parameters, referring domain)
- Session duration and frequency metrics
This data is used exclusively for platform quality improvement, fraud detection, and lead scoring calibration. It is not shared with Buyers or third parties for advertising purposes.
SECTION 03
How We Use Your Information
3.1 Consumer Data
- Lead matching: Match Consumer enquiries with appropriate registered Buyers based on service type, geography, and buyer preferences
- Quality scoring: Run Consumer data through our AI scoring engine to assign a quality score before delivery
- Lead delivery: Transmit the Lead record (including contact details) to up to 3 matched Buyers (or 1 for exclusive leads)
- Consent logging: Record and retain proof of Consumer consent for audit and POPIA compliance purposes
- Fraud detection: Screen for duplicate, fraudulent, or low-quality submissions before delivery
3.2 Buyer Data
- Account management: Creating and managing Buyer accounts, lead preferences, and dashboard access
- Lead delivery: Routing leads to the correct Buyer accounts via dashboard, API, or WhatsApp
- Billing and invoicing: Processing subscription fees and pay-per-lead transactions via Paystack
- Customer support: Responding to queries, replacement requests, and account issues
3.3 General Platform Use
- Platform performance monitoring and technical improvements
- Fraud detection and prevention across both Consumer and Buyer interactions
- Legal compliance, including compliance with POPIA and court orders
- Aggregate analytics to improve lead quality and matching accuracy (data is anonymised at this stage)
SECTION 04
Legal Basis for Processing (POPIA Section 11)
Under Section 11 of POPIA, personal information may only be processed if at least one of the following conditions is met. Leaditio relies on the following grounds:
| Data Subject | Processing Activity | Lawful Basis (POPIA s.11) |
|---|---|---|
| Consumer | Capturing and scoring the lead submission | Consent — Consumer explicitly consents via the form checkbox at time of submission |
| Consumer | Delivering lead to matched Buyers | Consent — Scope of consent explicitly includes sharing with up to 3 registered service providers |
| Consumer | Retaining consent records | Legal obligation — Required to demonstrate compliance with POPIA s.11(1)(a) |
| Buyer | Account registration and management | Legitimate interest — Necessary to perform the commercial contract between Buyer and Leaditio |
| Buyer | Billing and payment processing | Contractual necessity — Required to fulfil the subscription or pay-per-lead agreement |
| Both | Fraud detection and platform security | Legitimate interest — Necessary to protect the Platform and its users from abuse |
SECTION 05
Data Sharing
Leaditio does not sell personal information. We do not share personal data with advertising networks, data brokers, or third-party marketing services. Sharing is limited to the following:
5.1 Sharing with Registered Buyers
- Consumer lead data is shared only with registered and verified Buyers whose service category and geography match the Consumer's enquiry
- A maximum of 3 Buyers receive any single shared lead; exclusive leads are shared with only 1 Buyer
- Buyers are contractually bound to use Consumer data only for the purpose of responding to the Consumer's stated service request
- Buyers are prohibited from reselling Consumer data or adding it to unrelated marketing lists
5.2 Third-Party Service Processors
Leaditio uses the following third-party service providers who may process personal data on our behalf as Operators under POPIA:
Data Processor Agreements: All third-party processors are bound by Data Processing Agreements (DPAs) that restrict use of personal data to the specific services provided to Leaditio and require compliance with POPIA and/or GDPR as applicable.
SECTION 06
Data Retention
| Data Type | Retention Period | Action After Retention |
|---|---|---|
| Consumer lead records | 12 months from submission date | Anonymised — personal identifiers removed, aggregate data retained |
| Consumer consent records | Indefinitely | Retained as required for POPIA compliance demonstration |
| Buyer account data | Duration of active relationship + 5 years | Securely deleted in accordance with our data destruction policy |
| Billing and payment records | 7 years from invoice date | Required for SARS compliance and financial audit purposes |
| Platform interaction logs | 90 days | Automatically purged from server logs |
| Fraud screening data | 24 months | Anonymised and used for model retraining |
Upon a verified deletion request from a Consumer, Leaditio will remove personally identifiable information from active systems within 10 business days, subject to any overriding legal retention obligations (e.g., consent records, billing records). A confirmation will be sent to the Consumer upon completion.
SECTION 07
Your POPIA Rights
Under the Protection of Personal Information Act, you have the following rights in respect of your personal information held by Leaditio:
To exercise any of these rights, email our Information Officer at info@leaditio.com with the subject line "POPIA Rights Request". Please include your full name, contact details, and a description of the right you wish to exercise.
SECTION 08
Cookies
Leaditio uses a strictly limited cookie policy. We deploy essential cookies only — cookies that are necessary for the Platform to function correctly and securely. We do not use advertising cookies, cross-site tracking cookies, or third-party analytics cookies.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Session cookie | Maintains your authenticated Buyer session while logged in to the dashboard | Session (deleted on browser close) |
| CSRF token | Protects form submissions against cross-site request forgery attacks | Session |
| Consent record | Stores a reference to the Consumer's submitted consent to prevent duplicate form submissions | 12 months |
No advertising cookies. Leaditio does not use Facebook Pixel, Google Analytics advertising features, or any third-party retargeting technology. Your browsing of the Platform is not tracked by advertising networks.
SECTION 09
Security Measures
Leaditio implements technical and organisational security measures appropriate to the nature of the personal information we process:
Technical Measures
- Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3
- Encryption at rest: All data stored in our database is encrypted using AES-256 encryption
- Access controls: Role-based access controls (RBAC) restrict access to personal data to authorised personnel only
- API security: All API endpoints require authentication via JWT tokens with short expiry windows
- Database security: Row-level security policies enforced in Supabase ensure Buyers can only access their own lead data
Organisational Measures
- Regular security audits and penetration testing conducted at least annually
- Staff with access to personal data are subject to confidentiality agreements
- Data breach response plan in place with 72-hour notification commitment to the Information Regulator
- Vendor due diligence conducted before engaging new third-party data processors
SECTION 10
Contact
For any queries about this Privacy Policy, to exercise your POPIA rights, or to report a concern about how your personal information is being handled, please contact our Information Officer:
- Email: info@leaditio.com
- Phone: +27 78 894 9331
- Address: Johannesburg, Gauteng, South Africa
- Response time: Within 10 business days of receiving your request
If you are not satisfied with our response, you have the right to escalate your complaint directly to the Information Regulator of South Africa:
- Website: www.justice.gov.za/inforeg/
- Email: inforeg@justice.gov.za
- Phone: +27 10 023 5200
For our full POPIA compliance statement, including details on third-party processors, cross-border data transfers, and your rights under each section of POPIA, please visit our POPIA Compliance page.