Verify & Expose Fraud
Privacy Policy
POPIA-Compliant Data Processing Notice
www.trusttrace.co.za | legal@trusttrace.co.za
1. Who We Are & Who This Applies To
TrustTrace (Pty) Ltd is the Responsible Party as defined under the Protection of Personal Information Act 4 of 2013 ("POPIA"). This Privacy Policy explains how we collect, use, share, store, and delete personal information in connection with the TrustTrace Platform.
This Policy applies to: (a) Reporters who register and submit Reports; (b) Visitors who browse the Platform; and (c) Subjects — individuals or entities whose information appears in Reports.
2. What Personal Information We Collect
2.1 From Reporters (Account Holders)
2.2 From Subjects (People Named in Reports)
TrustTrace processes the following categories of information about Subjects, submitted by Reporters:
Operational fraud identifiers: aliases, usernames, email addresses, phone numbers, and social media handles used in the alleged fraud;
Transactional details: bank account numbers, cryptocurrency wallet addresses, and payment references used in the alleged fraud;
Platform activity: links to or descriptions of profiles on dating apps, social media, and marketplaces;
Case references: SAPS case numbers, FSCA reference numbers, and other official regulatory references.
3. Our Lawful Basis for Processing Subject Data
Publishing information about Subjects is sensitive because it involves processing personal information without their consent. We rely on the following lawful bases under POPIA:
3.1 Public Interest (POPIA Section 27(1)(b))
The prevention, detection, and exposure of fraud is a matter of substantial public interest in South Africa. Our processing is necessary to achieve this purpose, and the public interest in protecting potential victims outweighs the privacy interests of Subjects where our verification process has confirmed the fraud allegation.
3.2 Legitimate Interest (POPIA Section 11(1)(f))
TrustTrace has a legitimate interest in maintaining a fraud registry that protects its users and the general public. We apply a balancing test: the more severe the alleged fraud and the stronger the evidence, the more clearly our legitimate interest overrides the Subject's privacy interest in keeping their fraudulent conduct private.
3.3 Legal Obligation
Where we are legally required to share information (e.g. pursuant to a court order or police request), we do so under our legal obligation.
4. How Long We Keep Information
5. Your Rights Under POPIA
The following rights apply to all data subjects (both Reporters and Subjects):
6. Cross-Border Data Transfers
Where TrustTrace uses third-party service providers located outside South Africa (including cloud hosting or AI processing services), we ensure that:
The transfer is permitted under POPIA Section 72;
The recipient country provides an adequate level of protection, or
We have binding contractual obligations in place that uphold POPIA-equivalent protections.
7. Security
We implement industry-standard technical and organisational measures to protect personal information, including:
Encrypted storage of all personal data at rest (AES-256);
TLS encryption for all data in transit;
Access controls limiting staff access to personal data on a need-to-know basis;
Regular security assessments and penetration testing;
A documented data breach response procedure. In the event of a breach affecting your rights, we will notify the Information Regulator and affected individuals within 72 hours of becoming aware.
8. Information Officer
TrustTrace's designated Information Officer, responsible for compliance with POPIA, can be contacted at: