Privacy Policy

We collect personal information only when necessary to provide our services. This includes:

• Account data: Name, email address, and password (stored as a hashed value) when you create a MaxiCyber account.
• Scan data: Your domain name and the organisation details you provide when requesting a vulnerability scan.
• Contact data: Contact form submissions, including your name, email, phone number, and message content.
• Subscription and payment data: Subscription tier, billing dates, and PayFast transaction identifiers. We do not store full card numbers — payments are processed by PayFast (Pty) Ltd and subject to their privacy policy.
• Usage data: Server logs including IP addresses, browser user-agent strings, and pages visited. These are retained for security and fraud-prevention purposes.

We do not collect special categories of personal information (e.g. race, religion, health data).

We use the personal information we collect to:

• Create and manage your MaxiCyber account.
• Execute and deliver your vulnerability scan and associated reports.
• Process subscription payments and issue invoices.
• Respond to contact form enquiries and support requests.
• Send transactional emails: scan completion notifications, account alerts, and subscription receipts. We do not send unsolicited marketing emails without your prior consent.
• Improve the security, reliability, and performance of our platform.
• Comply with legal obligations, including POPIA breach notification requirements.

We process your personal information on the following grounds under POPIA:

• Contract performance: Processing necessary to provide the services you have requested (vulnerability scans, account management).
• Legitimate interests: Security monitoring, fraud prevention, and platform improvement.
• Consent: For optional marketing communications (you may withdraw consent at any time via the unsubscribe link in any email).
• Legal obligation: Where required by South African law.

We do not sell your personal information. We share it only with:

• Service providers: Neon (database hosting, hosted in the EU under GDPR), Microsoft Azure (email delivery and compute, hosted in South Africa and Europe), and PayFast (payment processing, South Africa).
• Legal authorities: Only when required by a valid South African court order or regulatory authority.

All third-party service providers are obligated to process your information securely and only for the purposes we specify.

We retain your personal information for as long as necessary to fulfil the purpose for which it was collected:

• Account and scan data: Retained for the duration of your account plus 12 months after closure.
• Payment records: Retained for 5 years for tax and audit purposes.
• Server logs: Retained for 90 days.

When retention periods expire, data is securely deleted or anonymised.

We implement industry-standard security controls to protect your personal information, including TLS 1.3 encryption in transit, at-rest encryption for database storage, access control with role-based permissions, and regular security assessments using our own vulnerability scanning platform.

In the event of a data breach that is likely to result in harm to any data subject, we will notify the Information Regulator of South Africa and affected individuals as required by POPIA Section 22.

As a data subject under South African law, you have the right to:

• Access the personal information we hold about you.
• Correct inaccurate or incomplete personal information.
• Delete your personal information (subject to our legal retention obligations).
• Object to the processing of your personal information.
• Withdraw consent at any time (for consent-based processing).
• Complain to the Information Regulator of South Africa: www.justice.gov.za/inforeg

To exercise any of these rights, contact us at info@maximumgroupdigital.co.za. We will respond within 30 days.

MaxiCyber uses only technically essential cookies required for authentication (session token) and security (CSRF protection). We do not use advertising cookies, cross-site tracking cookies, or any third-party analytics cookies.

You may disable cookies in your browser settings, but this will prevent you from logging into your account.

Our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal information from persons under 18. If we become aware that we have collected personal information from a minor, we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our services or legal obligations. When we make material changes, we will notify registered users by email and update the "Last updated" date at the top of this page.

If you have any questions about this Privacy Policy or how we handle your personal information, please contact our Information Officer:

You also have the right to lodge a complaint with the Information Regulator of South Africa:
www.justice.gov.za/inforeg