Privacy Policy

Last updated: April 2026

1. Introduction

EZ FUNDS (Pty) Ltd is committed to protecting your privacy and personal information in compliance with the Protection of Personal Information Act (POPIA) of South Africa. This Privacy Policy explains how we collect, use, store, and protect your personal information.

By using our services, you consent to the processing of your personal information as described in this policy.

2. Responsible Party

EZ FUNDS (Pty) Ltd is the responsible party for your personal information.

POPIA Information Officer: EZ FUNDS Privacy Team

Email: support@ezfund.co.za

Website: www.ezfund.co.za

3. Information We Collect

We collect the following types of personal information when you apply for a loan:

Identity Information: Full name, surname, South African ID number, email address
Contact Information: Phone number, email address
Financial Information: Bank account details (bank name, account number, branch code, account type), salary pay date
Loan Information: Loan amount requested, repayment schedule, payment history, invoice records
Documents: ID document (photo or PDF), bank statements
Security Information: Login attempts, IP addresses, browser type (for fraud prevention)

4. How We Collect Information

We collect personal information from the following sources:

Directly from you: When you complete our online loan application form, upload documents, or set up debit order details
Automatically: Session cookies (to keep you logged in) and login attempt records (for security)

We do not collect information from credit bureaus, third-party data providers, or use third-party tracking cookies.

5. How We Use Your Information

We process your personal information for the following purposes:

Processing and assessing your loan application
Verifying your identity using your ID document
Managing your loan account, invoices, and repayments
Setting up debit order collection for repayment
Sending you email notifications about your application status (submitted, approved, rejected, disbursed)
Sending payment reminders and receipts
Sending one-time verification codes (OTP) for secure login
Preventing fraud and unauthorized access to accounts
Complying with South African financial regulations

6. How We Protect Your Information

We implement strong technical measures to protect your personal information:

Encryption at rest: Your SA ID number, phone number, and bank account number are encrypted using AES-256-GCM encryption before being stored in our database. Even if the database were compromised, this data cannot be read without the encryption key.
Password hashing: Your password is hashed using bcrypt (10 rounds) and is never stored in plain text. We cannot see your password.
Encrypted connections: All data in transit is protected by HTTPS/TLS encryption.
Two-factor authentication: All logins require a one-time verification code sent to your email.
Rate limiting: Login attempts are limited to 5 per 15 minutes to prevent brute-force attacks.
Session security: Sessions are tied to your IP address and browser for fraud detection.
Data masking: Sensitive information (ID numbers, account numbers) is masked in admin views — only the last 4 digits are visible to staff.
Security headers: Our website uses X-Frame-Options, Content Security Policy, and other headers to prevent common web attacks.
Document storage: Uploaded documents are stored in encrypted cloud storage (Vercel Blob) with access controls.

7. Who We Share Your Information With

We may share your personal information with:

Payment service providers: For processing debit orders and payments
Email service provider (Mailtrap): For sending transactional emails (OTP codes, notifications)
Cloud infrastructure (Vercel, Neon): For hosting our application and database
Legal authorities: When required by South African law

We do not sell your personal information to any third party. All service providers are contractually obligated to protect your information.

8. Cookies

EZ FUNDS uses only essential cookies:

sessionKeeps you logged in securelyExpires: 30 days or on logout

ez_cookie_consentRemembers your cookie preferenceExpires: 1 year

We do NOT use:

Google Analytics or any tracking cookies
Facebook Pixel or advertising cookies
Cross-site tracking of any kind

9. How Long We Keep Your Information

We retain your personal information for the following periods:

Active accounts: For as long as your account is active and you have outstanding loans
After account closure: 5 years as required by South African financial regulations (National Credit Act)
Login and security data: 24 hours for login attempts, 30 days for sessions
OTP codes: Automatically deleted after 5 minutes

After the retention period, we securely delete or anonymize your information.

10. Your Rights Under POPIA

Under the Protection of Personal Information Act, you have the right to:

Access: Request a copy of all personal information we hold about you
Correction: Request correction of any inaccurate information
Deletion: Request deletion of your information (subject to legal retention requirements)
Object: Object to processing of your information for marketing
Complaint: Lodge a complaint with the Information Regulator of South Africa

To exercise any of these rights, email us at support@ezfund.co.za with the subject line "POPIA Request". We will respond within 30 days.

11. Complaints

If you believe your personal information has been misused:

1. Contact us first at support@ezfund.co.za

2. If not resolved, you may contact the Information Regulator:

Information Regulator (South Africa)

Email: inforeg@justice.gov.za

Website: www.justice.gov.za/inforeg

12. Updates to This Policy

We may update this Privacy Policy from time to time. Any significant changes will be communicated via email to your registered email address and posted on our website.

Your continued use of our services after changes constitutes acceptance of the updated policy.