Login
Get Support
Get Demo

Sparkfolios Privacy Policy

Last updated: 27 Jan 2026

Sparkfolios (“Sparkfolios”, “we”, “us”, “our”) is committed to protecting your personal information and complying with the Protection of Personal Information Act, 4 of 2013 (“POPIA”). This Privacy Policy explains how we collect, use, store, share, retain, delete, and protect personal information when you use our websites, mobile applications, and workplace recognition and reward platform (collectively, the “Services”).

1) Who we are

Company: Sparkfolios Group of Companies as it
Address: Office Suite 15, Canal Edge One, Tyger Waterfront, Carl Cronje Drive, Bellville, Cape Town, 7530, South Africa
Website: www.sparkfolios.com
Privacy contact: support@sparkfolios.com

2) Scope: website visitors vs workplace platform users

Sparkfolios provides a workplace recognition and reward platform to organisations (“Employer Customers”). This policy applies to:

  1. Website visitors (e.g., browsing sparkfolios.com, submitting contact forms), and
  2. Workplace platform/app users whose accounts are typically created and managed by an Employer Customer.

Where you use Sparkfolios through an employer-provisioned account, your Employer Customer generally determines which personal information is supplied to Sparkfolios and for what operational purposes (for example, administering the recognition programme and reporting). Sparkfolios processes that information to deliver and operate the Services.

3) What personal information we collect

3.1 Website visitors and business contacts

We may collect:

  • Name and surname
  • Work email address, phone number
  • Company name and role/title
  • Enquiry details and communications with us
  • Technical data (IP address, browser/device information, basic usage logs)

3.2 Workplace platform/app users (employer-provisioned accounts)

Depending on the employer’s configuration and the Services used, we may process:

  • Identifiers and contact details (e.g., name, work email, employee number or similar identifier)
  • Organisational data (e.g., company, department, location, job level/role, manager/business unit)
  • Platform activity and programme data (e.g., recognition posts, nominations, votes, awards/rewards, points/balances, programme participation)
  • Support interactions and communications
  • Security and audit information (e.g., login events, device/session data, system logs)

3.3 Special personal information

Sparkfolios does not intentionally collect or require special personal information (such as health information, sexual orientation, political opinions, religious beliefs, or criminal history) for the ordinary operation of the Services. If an Employer Customer requires additional information for a specific programme, it will be handled under appropriate contractual controls and lawful basis.

4) Why we process personal information (purposes)

We process personal information to:

  • Provide, operate, and maintain the Services
  • Provision and administer employer-managed accounts and programme participation
  • Enable recognition and reward features, reporting and analytics
  • Provide customer support, respond to requests, and troubleshoot issues
  • Secure our systems (fraud prevention, access control, monitoring)
  • Perform audits, maintain operational integrity, and resolve disputes
  • Meet legal, regulatory, and contractual obligations
  • Communicate service-related updates (e.g., operational notices, security notices)

No advertising: Sparkfolios does not sell personal information and does not use the workplace platform/app for targeted advertising or remarketing.

5) Lawful basis for processing (POPIA)

We process personal information lawfully and in a reasonable manner that does not infringe your privacy. Depending on the context, processing is based on:

  • Contractual necessity (to deliver Services to Employer Customers)
  • Legitimate interests (operating, securing, improving the Services; reporting; fraud prevention; audit and dispute handling)
  • Legal obligations (where recordkeeping is required by law/regulation)
  • Consent only where appropriate and practical (e.g., optional marketing communications). Where we rely on consent, you may withdraw it at any time.
 

6) Cookies and similar technologies

We may use cookies or similar technologies on our website(s) to:

  • Provide core functionality
  • Improve performance and security
  • Understand website usage (analytics)

You can control cookies through your browser/device settings. Blocking certain cookies may impact website functionality.

No remarketing: We do not use cookies for behavioural advertising/remarketing in the workplace platform/app.

7) How we share personal information

We may share personal information with:

  • Service providers who help us run the Services (e.g., hosting, analytics strictly for service improvement, email delivery for service communications, support tooling). They may process information only under our instructions and appropriate safeguards.
  • Employer Customers (for employer-managed accounts), including reporting and administrative functions.
  • Regulators / law enforcement where required by law, court order, or lawful requests.
  • Professional advisers (e.g., auditors, legal counsel) where necessary.
 

We do not sell personal information.

8) International transfers

If we transfer or store information outside South Africa (for example, via cloud hosting or service providers), we will take reasonable steps to ensure appropriate protections and lawful transfer mechanisms are in place, consistent with POPIA requirements.

9) Security

We take reasonable technical and organisational measures to protect personal information against loss, unauthorised access, disclosure, alteration, or destruction. Measures may include:

  • Access controls and least-privilege permissions
  • Encryption in transit (and where appropriate, at rest)
  • Logging and monitoring
  • Secure hosting and network protections
  • Backup and disaster recovery practices

No system is 100% secure. If you suspect misuse of your account or unauthorised access, please contact us promptly.

10) Keeping information accurate

We aim to keep personal information accurate and up to date. Where accounts are managed by an Employer Customer, updates to core employment/profile data should generally be requested via the Employer Customer’s administrator/HR team (who supplies and maintains those records).

11) Retention, account deletion, and anonymisation

11.1 General retention principle

We retain personal information only for as long as necessary to fulfil the purposes described in this policy, unless longer retention is required or permitted by law, or required for audit, compliance, or dispute resolution.

11.2 Employer-managed account deletion requests

Workplace platform/app accounts are typically created and managed by an Employer Customer. Account deletion requests should therefore be submitted or confirmed by the Employer Customer (e.g., HR or the programme administrator), including when an employee resigns.

11.3 What we delete

When a valid deletion request is received and verified, we delete or remove from active systems (subject to legal/contractual requirements):

  • Login credentials and authentication records used for access
  • Contact details (e.g., email/phone) and direct identifiers
  • Profile fields that are not required for audit/compliance purposes
 

11.4 What we may retain (irreversibly anonymised and/or required records)

We may retain certain records:

  • In irreversibly anonymised form for reporting, analytics, programme integrity, auditing, fraud prevention, and dispute resolution; and/or
  • As required by law or regulation (for example, financial/audit records)

Anonymised records are not attributable to an identifiable individual.

11.5 Typical retention periods (guideline)

Actual periods may vary by Employer Customer contract and legal requirements, but typically:

  • Website enquiries and business communications: up to 24 months after last interaction (unless a longer period is required for legal reasons)
  • Platform support tickets/communications: up to 3 years after closure
  • Security/audit logs: typically, between 6–24 months (unless extended for investigations or compliance)
  • Recognition/reward transactional records: retained for the programme integrity and audit requirements; personal identifiers removed/anonymised upon deletion where feasible; certain records may be retained longer if legally required
 

12) Your rights and how to exercise them

You may have rights to request access, correction, objection, or deletion of personal information, subject to POPIA and contractual/legal requirements.

Employer-managed accounts

Where your account is managed by an Employer Customer, requests should generally be submitted via your employer’s administrator/HR team. We may require confirmation from the Employer Customer before actioning requests.

Contact

If you have privacy questions or requests, contact: support@Sparkfolios.com
We may need to verify identity/authority before fulfilling requests.

13) Children

The Services are not intended for children. Workplace platform/app use is generally restricted to individuals authorised by an Employer Customer. If we become aware we have processed a child’s personal information unlawfully, we will take steps to delete it.

14) Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on our website and update the “Last updated” date. Where appropriate, we may provide additional notice (e.g., in-product notice or email for significant changes).