Privacy Policy

1. Introduction

Pro-IT ("we", "us", "our"), trading as Pro-IT (https://www.pro-it.biz), is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 ("POPIA") and other applicable data protection laws.

LeaveCore is a product developed and operated by Pro-IT. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use the LeaveCore platform.

2. Information We Collect

Account information: name, email address, department, role within your organization.

Leave data: leave requests, balances, approvals, doctor's notes/supporting documents.

Payment information: we do not collect or store full credit card details. PayFast (our payment processor) handles card data. We store only a tokenized reference, card brand, and last four digits.

Usage data: login timestamps, session information, and audit logs for security purposes.

Technical data: IP addresses and browser information for security and analytics.

3. How We Use Your Information

To provide and maintain the leave management service.

To process subscription payments and send billing-related communications.

To send service notifications (leave approvals, reminders, system updates).

To ensure security and prevent unauthorized access.

To improve the Service based on aggregated, anonymized usage patterns.

4. Legal Basis for Processing (POPIA)

We process your personal information based on: (a) your consent when you create an account; (b) the necessity to perform our contract with you (the subscription agreement); (c) our legitimate interest in maintaining security and improving the Service; (d) compliance with legal obligations.

5. Data Sharing

We do not sell your personal information. We share data only with: (a) PayFast for payment processing; (b) your organization's administrators as required for leave management; (c) law enforcement when required by South African law.

6. Data Storage and Security

Your data is stored on secured servers. We use encryption at rest and in transit, bcrypt password hashing, and AES-256 encryption for sensitive fields.

Access to personal data is restricted to authorized personnel only.

7. Data Retention

We retain your data for the duration of your subscription plus 30 days after account deletion to allow data export.

Audit logs are retained for 12 months for compliance purposes.

You may request earlier deletion by contacting our Information Officer.

8. Your Rights Under POPIA

You have the right to: (a) access your personal information; (b) request correction of inaccurate data; (c) request deletion of your data; (d) object to processing of your data; (e) receive your data in a portable format; (f) lodge a complaint with the Information Regulator.

To exercise these rights, contact our Information Officer or use the data export and account deletion features in your account settings.

9. Cookies and Tracking

LeaveCore uses essential cookies for session management (authentication). We do not use tracking cookies or third-party advertising cookies.

If analytics are enabled, we use privacy-friendly analytics that do not track individual users or use cookies.

10. Children's Privacy

The Service is not intended for use by children under 18. We do not knowingly collect personal information from children.

11. Information Officer

Our Information Officer can be contacted at support@pro-it.biz for any privacy-related inquiries or POPIA requests.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email. The effective date is shown at the top of this page.