THUSO
Get started free

Legal

Privacy Policy

Last updated: 9 June 2026

THUSO VAULT (Pty) Ltd ("THUSO", "we", "us") operates the THUSO platform at thuso247.co.za and app.thuso247.co.za. We help South African families organise their important information and stay safe. Because we hold deeply personal information, your privacy is the foundation of everything we do.

This policy explains what we collect, why, how we protect it, and your rights under the Protection of Personal Information Act, 4 of 2013 (POPIA).

1. Who is responsible for your information

THUSO VAULT (Pty) Ltd is the "responsible party" under POPIA.

  • Information Officer: Letlhogonolo Modiga
  • Email: support@thuso247.co.za
  • Registered in: South Africa

2. What we collect

Account information: name, email address, phone number, password (stored encrypted — we never see it).

Vault content you choose to store: insurance policies, documents (e.g. wills, IDs, certificates), property and asset details, trusted people and their contact details, legacy messages (text, voice, video), and financial information you add.

Special personal information (with your explicit consent): your South African ID number and ID document (for identity verification), and health information you choose to store (medical aid details, allergies, medications, blood type, chronic conditions). POPIA gives this information extra protection, and so do we — it is collected only with your consent, used only for the purposes below, and your ID number is stored encrypted.

Location information: only when you trigger the Thuso Guard panic feature, and only to share with your chosen emergency contacts. We do not track your location in the background.

Technical information: device type, browser, and usage logs needed to keep the service secure and working.

3. Why we collect it (purpose)

We use your information solely to:

  1. Provide the THUSO service — storing and organising your vault, calculating your Clarity Score, and powering features you activate.
  2. Verify your identity (ID verification) to protect your account and your family.
  3. Send safety alerts — sharing your location and emergency medical card with your chosen emergency contacts when you trigger HELP.
  4. Operate the Legacy Plan — releasing chosen vault items to your chosen legacy contacts only under the safeguards you configured.
  5. Provide AI features — when you use the AI Advisor or Document Scanner, the relevant content is processed by our AI service provider to generate your result. Your vault is not used to train AI models.
  6. Process payments through PayFast (we never see or store your card details).
  7. Send essential service messages — check-ins, reminders you enable, verification emails, and security alerts.
  8. Meet our legal obligations.

We will never sell your personal information. We will never use the contents of your vault for advertising.

4. Who we share it with (operators)

We use a small number of trusted service providers ("operators" under POPIA) to run THUSO:

  • Hosting and database: our application and data are hosted on secure cloud infrastructure, protected by encryption and row-level security.
  • Payments: PayFast (Pty) Ltd processes subscription payments. Card details are handled entirely by PayFast.
  • AI processing: content you submit to AI features is processed by our AI gateway provider to generate responses.
  • Email and notifications: providers used to deliver verification emails, alerts, and push notifications.

These providers may store information outside South Africa. Where they do, we rely on providers that protect personal information to a standard substantially similar to POPIA, as section 72 of POPIA requires.

We share vault content with no one else — except the people you designate (trusted people, emergency contacts, legacy contacts) under the rules you set.

5. How we protect it

  • Encryption of data in transit (HTTPS) and at rest
  • Row-level security: every record is locked to your account
  • Optional two-factor authentication and biometric (passkey) sign-in
  • ID numbers stored encrypted
  • Access controls and audit logging
  • POPIA-compliant breach notification: if a breach affecting your information occurs, we will notify you and the Information Regulator as required by section 22 of POPIA.

No system is perfectly secure, but we treat your vault the way we would want our own family's information treated.

6. How long we keep it

We keep your information while your account is active. If you delete an item, it is removed from your vault. If you delete your account, your personal information and vault contents are permanently deleted from our systems within 30 days, except where the law requires us to keep specific records (e.g. payment records for tax purposes).

7. Your rights under POPIA

You have the right to:

  • Access the personal information we hold about you
  • Correct information that is wrong or out of date
  • Delete your information (close your account at any time from Settings)
  • Object to processing and withdraw consent for special personal information (note: withdrawing consent for ID or health information may disable the related features)
  • Complain to the Information Regulator if you believe we have mishandled your information:

Information Regulator (South Africa)
Email: enquiries@inforegulator.org.za
Website: inforegulator.org.za

To exercise any of these rights, email support@thuso247.co.za.

8. Children

THUSO is for people aged 18 and over. We do not knowingly collect personal information from children. Parents may store information about their children (e.g. birth certificates) in their own vault as part of their family records.

9. Cookies

We use only essential cookies needed for sign-in and security. We do not use advertising or tracking cookies.

10. Changes to this policy

If we make material changes, we will notify you by email or in the app before they take effect.

11. Contact us

THUSO VAULT (Pty) Ltd
Email: support@thuso247.co.za
Website: thuso247.co.za