Acceptable use policy

Effective date: 2026-05-29

This Acceptable Use Policy ("AUP") sets out what you may and may not do with the Khanyitas Service. It forms part of the Terms of Service. A material breach of the AUP entitles us to suspend or terminate your account under section 11 of those terms.

The principle behind everything here: Khanyitas exists to help South African businesses comply with the law. Don't use it to break the law, mislead anyone, or harm anyone.

1. Lawful use only

You must use the Service:

• In compliance with all laws that apply to you, including POPIA, the FIC Act, the Companies Act, the Tax Administration Act, the Cybercrimes Act, the CPA, the ECT Act, and the laws of every other jurisdiction in which your data subjects are located.
• For the purposes the Service is designed for: managing your own compliance obligations, maintaining your records, responding to data-subject requests, recording breach incidents, training your staff, and similar.
• For your own organisation. The base subscription is for one organisation per account.

2. Specifically prohibited

You must not use the Service to:

2.1 Evade compliance or deceive regulators

• Generate fraudulent or misleading documents, including a privacy notice, PAIA manual, DPIA, or operator agreement that misrepresents what you actually do with personal information.
• Fabricate DSAR responses, breach-incident records, training records, or other artefacts to deceive a data subject, a regulator, an insurer, an auditor, or a procurement counterparty.
• Backdate records to misrepresent when an event occurred or when a control was in place.
• Use the verifiable-compliance-trail feature to certify activity you did not actually carry out.

2.2 Harm data subjects

• Process personal information without a lawful basis under POPIA s11.
• Process special personal information (POPIA s26) or children's personal information (POPIA s34) without a corresponding ground in POPIA s27 or s35.
• Retain personal information beyond what the law permits or what is necessary for your stated purpose.
• Use the Service to facilitate unlawful surveillance of staff or members of the public.

2.3 Misuse the platform

• Probe, scan, or test the security of the Service, except through a coordinated disclosure programme we have agreed to in writing.
• Attempt to gain unauthorised access to other customers' data or to our infrastructure.
• Disrupt or degrade the Service for other customers, including by submitting excessive automated requests outside the published API rate limits.
• Scrape or harvest content from the Service beyond your own data, or beyond the public content the Service makes available on its marketing pages.
• Reverse-engineer or attempt to extract source code, except where this right is granted by law that cannot be excluded.

2.4 Misuse content

• Republish or resell Khanyitas's generated templates, branding, copy, or design as your own product.
• Sublicence the Service to third parties so they can use it directly.
• Use Khanyitas-generated documents to provide legal advice to third parties.

2.5 Abuse credentials

• Share account credentials with anyone outside your organisation.
• Create multiple accounts to evade tier limits or quota controls.
• Sell, transfer, or otherwise dispose of an account except as part of a bona fide sale of the underlying business and on notice to us.

3. Fair use for the base tiers

The base tiers (Starter, Growth, Scale) are sized for single-organisation compliance operations. Fair-use considerations:

• One organisation per subscription unless you have an arrangement with us in writing.
• The data-register, DSAR, breach, and training modules are for your own organisation's activity, not for resold compliance services.
• API rate limits (when published) apply per organisation and protect Service quality for everyone.

If you are a compliance consultancy or accountant managing multiple clients' compliance, contact us at hello@khanyitas.co.za — we are designing a partner programme for that use case and a single-tenant subscription is not the right product for it.

4. Reporting violations

If you become aware of a violation of this AUP — your own, someone else's, or a security issue with the Service — please tell us at hello@khanyitas.co.za as soon as practical. Reporting in good faith does not on its own trigger sanctions; we want to understand and fix issues.

5. Consequences of violation

Depending on severity, we may:

1. Warn you and ask you to remedy the breach.
2. Suspend access to part or all of the Service while we investigate.
3. Terminate the subscription for material breach under section 11 of the Terms of Service.
4. Report unlawful conduct to the relevant regulator or to the South African Police Service where required by law.

Where the breach is capable of remedy and you remedy it promptly on notice, we will not generally proceed beyond step 1. We do not refund Fees on a termination for cause under this AUP.

6. Changes to this AUP

We may update this AUP from time to time. Material changes are notified by email at least 30 days before they take effect. Where you do not accept the change you may cancel your subscription before the effective date.

7. Effective date

This AUP is effective from 2026-05-29.

Contact

hello@khanyitas.co.za