PROPERTY RECOVERY
Privacy Policy
Version 1.0 — Effective date: 25 May 2026
Property Recovery ("we", "us", "our", or "PropRec") is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains what personal information we collect, why we collect it, how we use and protect it, who we share it with, and the rights you have in relation to it.
We process personal information in accordance with the Protection of Personal Information Act 4 of 2013 ("POPIA"). This policy applies to all personal information we process across our services, including our website, our Pre-Litigation Demand & Notice service, our Eviction Order Service, and our Tenant Dispute Portal (the "TDP" or the "Portal"). Where a particular service involves additional or different processing, this is explained in the relevant section below.
Please read this policy together with our Terms & Conditions. By using our website or any of our services, you confirm that you have read and understood how we process personal information as set out here.
1. Who we are (the Responsible Party)
For the purposes of POPIA, Property Recovery is the "responsible party" that determines why and how your personal information is processed. You can contact us about anything in this policy, or to exercise any of your rights, using the details below.
- Responsible party: Property Recovery
- Information Officer: [Information Officer name to be inserted]
- Email: info@propertyrecovery.co.za
2. The personal information we collect
Depending on how you interact with us, we may collect the following categories of personal information:
2.1 Information you give us directly
- Contact and identity details — such as your name, email address, telephone number, and whether you are a property owner or an agent acting on an owner's behalf.
- Matter details — information about the property and the tenant or occupier, the nature of your dispute, and a free-text description of your situation.
- Documents you upload — lease agreements, statements of account, correspondence (including WhatsApp and email exchanges), prior notices, and similar records relevant to your matter.
- Communications — the content of messages, enquiries, and other correspondence you send to us.
2.2 Information about other people
The documents and details you provide will, by their nature, contain personal information about other people — in particular the tenant or occupier, and possibly co-occupiers, guarantors, or other third parties. This information is necessary for us to assess and act on your matter. Your responsibilities in respect of this information are set out in section 7 below.
2.3 Information collected automatically
- Technical and usage data — such as your IP address, browser type, device information, and how you navigate and use our website and Portal, collected through cookies and similar technologies (see section 9).
- Account and consent records — your sign-up details and a record of the consents you give, including the date, the version of the Terms & Conditions and this Privacy Policy you accepted, and your marketing preference.
3. How and why we use your information
We only process your personal information where the law allows us to. Depending on the situation, we rely on one or more of the following lawful grounds under POPIA: your consent; the conclusion or performance of a contract with you; compliance with a legal obligation; the protection of a legitimate interest of yours; or the pursuit of our legitimate interests (or those of a third party we provide services to), balanced against your rights.
We use your personal information to:
- Assess your matter and provide the service you have requested, including generating an assessment and draft notices through the TDP;
- Instruct and coordinate the panel of attorneys who carry out the legal steps in our paid services;
- Communicate with you about your matter and respond to your enquiries;
- Enable you to move smoothly between our services (for example, from the TDP to a paid service) without re-entering your information;
- Maintain our records, manage our business, and improve our services;
- Comply with our legal and regulatory obligations; and
- Send you direct marketing, only where you have opted in to receive it (see section 8).
4. The Tenant Dispute Portal and AI processing
The TDP uses artificial intelligence to assess your matter and to generate draft notices. To do this, the information and documents you submit to the Portal are processed by a third-party AI service provider that acts as an "operator" (processor) on our behalf under a written agreement.
This AI service provider is located outside South Africa, which means your personal information — including the contents of the documents you upload — is transferred across borders and processed in another country.
Our current AI service provider is OpenAI (the provider of the GPT models). Where we engage additional or alternative AI providers, we will do so under equivalent written agreements and update this policy accordingly.
We transfer your information across borders on the basis that the recipient is bound by a written agreement that imposes data-protection obligations substantially similar to those in POPIA, and/or because the transfer is necessary for the performance of the service you have requested. We take reasonable steps to ensure your information remains protected to a standard consistent with POPIA wherever it is processed.
Important: the TDP produces draft notices for you to review and send under your own name. It does not provide legal advice, and an assessment or draft it generates does not guarantee any particular outcome. The basis on which you use the Portal is set out more fully in our Terms & Conditions.
5. Who we share your information with
We do not sell your personal information. We share it only as necessary, and only with:
- The panel of attorneys we instruct to carry out the legal steps in our paid services;
- Our AI service provider(s) (operators) who process Portal information on our behalf, as described in section 4;
- Service providers who support our business — such as hosting, IT, and communication providers — who process information on our behalf under appropriate confidentiality and data-protection terms;
- Courts, the sheriff, and other parties where this is necessary to progress your matter;
- Authorities or third parties where we are required to share information by law, or to establish, exercise, or defend legal rights.
Where we use operators to process personal information on our behalf, we require them by written agreement to process it only for the purposes we specify, to keep it confidential, and to apply appropriate security safeguards.
6. How we protect your information
We take reasonable and appropriate technical and organisational measures to protect your personal information against loss, damage, unauthorised access, and unlawful processing. These include access controls, secure hosting, and confidentiality obligations on the people and providers who handle your information.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If a security compromise affecting your personal information occurs, we will notify you and the Information Regulator where POPIA requires us to do so.
7. Information you provide about other people
When you give us information about other people — most commonly the tenant or occupier — you warrant that you are entitled to share that information with us, and that you are doing so for a lawful purpose connected to your matter.
Because the information relates to a genuine dispute and to the lawful enforcement of rights, it is generally not appropriate or practical for you to obtain the other person's consent before sharing it, and POPIA recognises lawful grounds for processing of this kind. You nonetheless undertake to provide only information that is relevant to your matter, and not to misuse the services to process another person's information for any unlawful or unrelated purpose.
8. Direct marketing
We will only send you direct marketing — such as updates about our services or related information — where you have given us your specific consent to do so, in line with section 69 of POPIA. At sign-up, marketing consent is optional and is switched off by default; you choose whether to opt in.
If you opt in, you can withdraw your consent and unsubscribe at any time, at no cost, by using the unsubscribe option in any marketing message or by contacting us using the details in section 1. Withdrawing marketing consent does not affect our ability to send you service-related communications about a matter you have engaged us on.
9. Cookies and similar technologies
Our website and Portal use cookies and similar technologies to make them work, to keep you signed in, and to understand how they are used so we can improve them. You can control or disable cookies through your browser settings, although some features may not function properly if you do. Where the law requires it, we will ask for your consent to non-essential cookies.
10. How long we keep your information
We keep your personal information only for as long as we need it for the purposes set out in this policy, or for as long as the law requires us to. Our general retention periods are:
| Category of information | Retention period |
|---|---|
| TDP assessment data and documents (where the matter does not proceed to a paid service) | 2 years from your last activity |
| Matter records where you engage a paid service | 5 years from conclusion of the matter |
| Records we are required to keep by law (e.g. statutory or regulatory record-keeping) | For the period required by the applicable law |
| Consent and account records | For as long as your account is active, and for a reasonable period afterwards |
Category of information
TDP assessment data and documents (where the matter does not proceed to a paid service)
Retention period
2 years from your last activity
Category of information
Matter records where you engage a paid service
Retention period
5 years from conclusion of the matter
Category of information
Records we are required to keep by law (e.g. statutory or regulatory record-keeping)
Retention period
For the period required by the applicable law
Category of information
Consent and account records
Retention period
For as long as your account is active, and for a reasonable period afterwards
Where a matter is actively being dealt with, we will retain the related information for as long as the engagement continues, even if a general period above would otherwise have lapsed. You may ask us to delete your information sooner (see section 11); where we are able to do so without breaching a legal obligation, we will. As an alternative to deletion, we may de-identify (anonymise) your information so that it can no longer be linked to you, and retain it in that form.
11. Your rights
Under POPIA, you have the right to:
- Be told what personal information of yours we hold and to request access to it;
- Request that we correct or update information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained;
- Request that we delete or destroy your information in the circumstances allowed by law;
- Object, on reasonable grounds, to the processing of your information;
- Withdraw any consent you have given (this does not affect processing that already took place while the consent was valid); and
- Complain to the Information Regulator (see section 12).
To exercise any of these rights, contact us using the details in section 1. We may need to verify your identity before acting on a request. Some rights are subject to conditions and exceptions under POPIA — for example, where we are legally required to keep certain information.
12. The Information Regulator
You have the right to lodge a complaint with the Information Regulator if you believe we have not handled your personal information in accordance with POPIA. We would, however, appreciate the chance to address your concern first — please contact us using the details in section 1.
- Information Regulator (South Africa)
- Email (complaints): complaints.IR@inforegulator.org.za
- Email (general / POPIA): POPIAComplaints@inforegulator.org.za
- Website: www.inforegulator.org.za
13. Changes to this policy
We may update this Privacy Policy from time to time. The version in force is the one published on our website, marked with its version number and effective date. Where changes are material, we will take reasonable steps to bring them to your attention. Previous versions are retained and remain available on request.
14. How to contact us
If you have any questions about this Privacy Policy or about how we handle your personal information, please contact our Information Officer at info@propertyrecovery.co.za.