Last updated: 1 May 2026
This Privacy Policy explains how Vireza ("we", "us", "our") collects, uses, stores, and protects your personal information when you use our cloud accounting platform. We are committed to protecting your privacy and complying with applicable data protection laws, including the South African Protection of Personal Information Act (POPIA) and the EU General Data Protection Regulation (GDPR) where applicable.
We collect the following categories of information:
We use the information we collect to:
We do not sell your personal information to third parties. We do not use your financial data for advertising or profiling purposes.
Your data is stored on Neon PostgreSQL, a cloud-hosted managed database service operating in the EU (eu-west-2 region). Data is encrypted at rest and in transit using industry-standard TLS encryption.
Access to production databases is restricted to authorised systems only. Passwords are stored using Argon2 hashing. Sensitive fields (such as encryption keys) use AES-256 encryption. We maintain audit logs of all data access and modification events within the application.
While we implement appropriate technical and organisational security measures, no system is completely secure. In the event of a data breach affecting your personal information, we will notify you and the relevant authorities as required by law.
We share data with the following third-party service providers to deliver the Service:
All third-party processors are contractually bound to use your data only for the purposes of providing their services to us and to maintain appropriate data security standards.
The Vireza web application uses strictly necessary cookies for authentication (secure, httpOnly session tokens) and CSRF protection. We do not use third-party advertising cookies or tracking pixels within the application.
The marketing website (vireza.co.za) may use minimal analytics to understand visitor behaviour. No personally identifiable information is collected through marketing site analytics.
Depending on your jurisdiction, you may have the following rights regarding your personal data:
To exercise any of these rights, please contact us at privacy@vireza.co.za. We will respond within 30 days. For GDPR requests, we will respond within the statutory 30-day period. For POPIA requests, we will respond within the statutory period prescribed by the Act.
We retain your account and financial data for as long as your account is active. If you cancel your subscription, your data is retained for 30 days to allow for reactivation, after which it is permanently deleted from production systems.
Backup data may be retained for up to 90 days. Audit logs are retained for 24 months to comply with financial record-keeping requirements. Anonymised usage analytics may be retained indefinitely.
As our infrastructure providers operate internationally, your data may be transferred to and processed in countries outside South Africa or the European Economic Area. Where such transfers occur, we ensure appropriate safeguards are in place, including standard contractual clauses where required by GDPR.
The Service is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a child, we will delete it promptly.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by displaying a prominent notice in the application. Continued use of the Service after changes constitutes acceptance of the updated policy.
For privacy-related queries, data access requests, or complaints, please contact us at privacy@vireza.co.za.