Live regulatory feed
cipc·no substantive changeinforegulator·The old content was a synthetic baseline placeholder with no substantive information. The new content is the live HTML of the Information R…
Khanyitas

Compliance, on autopilot

POPIA, FICA, and Companies Act compliance — without the consultant retainer.

Khanyitas handles your data register, DSAR requests, breach response and beneficial-ownership filings, so your small business stays compliant while you stay in business.

Generate a privacy notice — freeStart a full account

No card required for the free tool. Built for South African SMEs by Navrix Solutions (Pty) Ltd.

Free, no signup, five minutes

Generate a POPIA-compliant privacy notice right now.

Tell us about your business and how you handle personal information. We'll render a complete notice that mirrors the Information Regulator's published guidance — POPIA section 18 disclosures, lawful-basis tagging, the section 72 cross-border disclosure, and section 23 data-subject rights. Save it as a PDF, paste it on your website, or upgrade to a full account to keep it in sync with your data register.

Start generating →What it covers

SA breach score

The 72-hour clock, watched.

POPIA section 22 gives a responsible party no specific number of hours to notify the Information Regulator — only “as soon as reasonably possible”. The Regulator's own guidance treats anything beyond 72 hours as requiring justification. Khanyitas tracks both clocks for every customer and surfaces the aggregate live below.

Open across Khanyitas

Calibrating. Live counts populate as customers declare incidents through the breach workflow.

Incidents detected · last 12 months

The bar chart fills in as customers run their breach workflows through Khanyitas. We never seed it with synthetic data.

Aggregated counts only. Khanyitas never discloses which customer had which incident, when, or affecting whom.

What you get on day one

A complete compliance pack assembles itself.

One onboarding flow seeds the four foundational artefacts. Khanyitas keeps them in sync as your data register evolves and regulatory changes land.

  1. Data register

    Every processing activity, lawful basis, retention period, and operator dependency in one auditable list.

  2. Privacy notice

    POPIA-anchored, hosted at a stable URL, kept in sync as your data register evolves.

  3. DSAR workflow

    Intake form, ID verification, response drafting, and the 30-day clock — all instrumented.

  4. Breach playbook

    The 72-hour Regulator clock plus the Cybercrimes Act SAPS clock, with evidence pack and notice templates pre-staged.

What you get on day one.

POPIA, end-to-end

Data register, privacy notice, lawful-basis tracking, and DSAR workflow — wired together so a single change ripples through every artefact.

FICA risk-based onboarding

Beneficial-ownership capture, risk scoring, sanctions and PEP screening hooks. Reports export in the Accountable Institution format.

Companies Act, kept current

Director and shareholder register, beneficial ownership filings, annual-return reminders. We track legislative changes so you don't have to.

72-hour breach response

If something goes wrong, you have a clock to beat. Khanyitas keeps the evidence pack, the regulator template, and the data-subject notice ready to send.

Start free. Upgrade to run your compliance.

The free tier lets you see where you stand and generate your core policies. The paid plans add the operations layer — monitoring alerts, DSAR workflow, auto-updating policies, the verifiable trail, and more. South African Rand, cancellable any time.

Free

See where you stand and generate your core policies.

R0

  • Compliance assessment + posture score
  • 3 core policy generations (yours to keep — no watermark)
  • Read-only regulatory feed (shared monitoring)
  • Single POPIA breach clock
Start free

No card required. Upgrade any time to run your compliance — monitoring alerts, DSAR workflow, auto-updating policies, and more.

Or go paid to run your compliance:

Starter

R350/mo

POPIA essentials for sole proprietors and small teams.

  • Data register & privacy notice
  • DSAR intake & response workflow
  • POPIA breach playbook
  • Monthly compliance digest
Start Starter

Growth

R750/mo

Everything in Starter plus FICA workflows and beneficial-ownership filings.

  • Everything in Starter
  • FICA risk-based onboarding workflows
  • Beneficial-ownership register & filings
  • Quarterly board-ready compliance report
  • Priority response within one business day
Start Growth

Scale

R1 500/mo

Verifiable trail, auto-regenerated policies, sectoral RoPA templates, same-business-day breach support.

  • Everything in Growth
  • Verifiable compliance trail (share with procurement, insurers, auditors)
  • Auto-regenerated policies on regulatory change
  • Sector-specific RoPA templates
  • Same-business-day breach-response support
Start Scale

Billed in ZAR via Paystack. Annual plans are 12 months for the price of 11; cancel any time and unused full months are refunded pro-rata.