Privacy Policy

Sigmoid Analytica is an AI systems consultancy operating from South Africa. Our website is located at sa-informatics.com. We are the data controller for personal data submitted through this website.

This policy is written to satisfy both the South African Protection of Personal Information Act (POPIA) and the EU/UK General Data Protection Regulation (GDPR), whichever applies to you.

If you have any questions about this policy or how we handle your data, contact us at hello@sa-informatics.com.

Information you provide. When you submit our contact form we collect the data you choose to enter:

• Full name and work email address
• Phone number and country (optional)
• Company name, company size, and your role
• A description of the workflows you want to automate
• Tools or platforms you currently use (optional)
• Monthly volume, project timeline, decision-maker status
• How you heard about us
• Your preferred response mode (call or email reply first)

Information collected automatically. When you submit the contact form we also record:

• Your IP address and browser user-agent string — used to rate-limit submissions and detect duplicate enquiries
• UTM parameters in the page URL (source, medium, campaign, content) and the referring page URL — used to understand which content drives enquiries
• A computed lead-fit score, derived from the answers above

We do not collect payment data, government identifiers, biometric data, or special-category data as defined under GDPR Article 9 or POPIA section 26.

We use the data you submit to:

• Assess whether your workflows are candidates for automation
• Respond to your enquiry within one business day
• Schedule a discovery call if there is a workflow fit
• Rate-limit abusive submissions and detect duplicates
• Understand, in aggregate, which content drives qualified enquiries

We do not use your data for automated decision-making with legal or similarly significant effects, and we do not sell or share your data with third parties for their own commercial purposes.

We process your data on two distinct bases:

• Legitimate interests (GDPR Article 6(1)(f); POPIA section 11(1)(f)) for responding to a business enquiry you have initiated and for the anti-abuse measures above.
• Your consent (GDPR Article 6(1)(a); POPIA section 11(1)(a)) for analytics and marketing cookies. You can grant or withdraw consent at any time through the cookie banner or the Cookie settings link in the page footer.

Providing data is voluntary. You may withdraw your enquiry at any time by contacting us.

We use the following processors to operate this site. Each is contractually bound to handle your data in line with applicable data-protection law.

• Vercel (vercel.com) hosts the website. Vercel edge logs may contain your IP address and request metadata in accordance with standard web-server behaviour.
• Supabase (supabase.com) is our enquiry database. The form fields, IP address, user-agent, UTMs, referrer URL and lead score are stored here.
• Google LLC processes data through several services we use: Gmail (Google Workspace) delivers your enquiry to us and sends you a confirmation; Google Analytics 4 and Google Tag Manager collect anonymised analytics only after you grant analytics consent.
• Cal.com (cal.com) renders the booking widget embedded on our contact page. If you book a call there, Cal receives your name, email and any notes you enter.
• LinkedIn (linkedin.com)'s Insight Tag runs only after you grant marketing consent to help us measure professional-audience advertising effectiveness.

Some processors (Google, LinkedIn, Vercel, Cal.com) operate outside South Africa and the EEA. Cross-border transfers are covered by the standard contractual safeguards each processor publishes (EU Standard Contractual Clauses, UK IDTA, equivalent POPIA mechanisms).

• Enquiry rows in our database: up to 24 months from the date of submission, after which they are deleted if no engagement followed.
• IP address and user-agent: retained only for the rate-limit and duplicate-detection windows (60 minutes and 7 days respectively) and then truncated or removed.
• Enquiry emails in our inbox: up to 12 months if no commercial engagement follows.
• Engagement data: if we enter a project, data is retained for the duration of the engagement plus 6 months for contractual and audit purposes.
• Cookies and analytics data:retention is set per category in line with your consent and the processor's own retention defaults — see the Cookie Policy for details.

This website uses a category-based cookie consent system. Strictly necessary cookies (such as the consent record itself) are always active. Preferences, Analytics and Marketing cookies only run after you give consent through the banner shown on your first visit, and you can change your choices at any time using the Cookie settings link in the footer.

Analytics is provided by Google Analytics 4 in privacy-preserving mode (IP anonymisation, no personally identifying data sent), configured against Google Consent Mode v2. Marketing measurement uses the LinkedIn Insight Tag when consent is given.

See the Cookie Policy for the full category breakdown.

Under GDPR and POPIA you have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Object to processing based on legitimate interests
• Withdraw consent for analytics and marketing cookies at any time
• Receive your data in a portable format
• Lodge a complaint with the relevant supervisory authority — see section 10

To exercise any of these rights, email us at hello@sa-informatics.com. We respond to verifiable requests within 30 days.

The site is served over HTTPS with TLS 1.2+ and modern security headers. Enquiry data is stored in encrypted databases accessible only to authenticated administrators. Operational secrets (mail credentials, database keys) are scoped to the server and never exposed to the browser.

No security system is perfect. If you have reason to believe your data has been mishandled, please contact us immediately at the address above.

We may update this policy from time to time. The “last updated” date at the top of this page reflects when substantive changes were last made. We encourage you to review this page periodically.

For any data-related queries, contact us at hello@sa-informatics.com.

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the supervisory authority in your jurisdiction. In South Africa this is the Information Regulator (inforegulator.org.za). In the United Kingdom this is the Information Commissioner's Office (ico.org.uk). In the European Union it is the data-protection authority of the member state where you reside.