Plain-language summary: We collect your name, email, business details, and financial health assessment results when you submit a form or take our assessment. We store this in HubSpot (US-based, POPIA-capable) and use it only to respond to your enquiry and provide services you've requested. We never sell your data. You can request deletion at any time by emailing hello@swiftact.cloud.
This Privacy Policy applies to Swift ACT (Pty) Ltd, trading as Doughgetters ("Swift ACT", "we", "us", "our"), a registered professional accounting and CFO advisory practice based in Pretoria, South Africa.
Website: swiftact.cloud
Email: hello@swiftact.cloud
Information Officer: Michiel Claassen
SAIPA Registration: Professional Accountant (SA)
Swift ACT is the responsible party ("Responsible Party") as defined under the Protection of Personal Information Act, 4 of 2013 ("POPIA") for all personal information processed through this website and our services.
We collect personal information through two channels on this website:
A. Contact Form (contact.html)
| Field | Type | Required |
|---|---|---|
| First and last name | Identity | Yes |
| Email address | Contact | Yes |
| Phone number | Contact | No |
| Business name | Business | Yes |
| Role / title | Business | No |
| Industry | Business | Yes |
| Annual turnover range | Business | No |
| Services of interest | Preference | No |
| Message / challenge description | Enquiry | No |
| How you heard about us | Marketing | No |
| POPIA consent timestamp | Compliance | Yes |
B. Financial Health Check Tool (swift-act-financial-health-tool.html)
| Field | Type | Required |
|---|---|---|
| First name, last name, email | Identity / Contact | Yes |
| Phone number | Contact | No |
| Business name, role, industry | Business | Yes |
| Employee count, turnover bracket | Business | No |
| Current accounting software | Business | No |
| Who manages the books | Business | No |
| Primary financial goal | Preference | No |
| Assessment scores (7 categories, 0–100) | Assessment | Generated |
| Weak and strong areas | Assessment | Generated |
| Submission timestamp | Compliance | Generated |
We do not collect payment card details, ID numbers, or sensitive personal information as defined under POPIA Section 26 through this website.
Under POPIA Section 11, we are required to have a lawful basis for processing your personal information. We rely on the following:
| Purpose | Lawful Basis |
|---|---|
| Responding to your contact form enquiry | Consent (POPIA s.11(1)(a)) and legitimate interest |
| Delivering your Financial Health Check results and AI report | Consent (POPIA s.11(1)(a)) |
| Sending nurture emails after assessment completion | Consent — you confirm this on the assessment cover page |
| Creating a contact record in our CRM (HubSpot) | Legitimate interest in managing business relationships |
| Complying with legal and regulatory obligations | Legal obligation (POPIA s.11(1)(c)) |
We will never use your personal information for any purpose incompatible with the purpose for which it was collected, without obtaining your prior consent.
We use the following third-party services to process and store your personal information. Each is used solely for the purpose of delivering services to you and operating our practice.
| Service | Purpose | Data location | POPIA compliance |
|---|---|---|---|
| HubSpot, Inc. Privacy Policy ↗ |
CRM — stores contact records, enquiry details, and assessment scores | United States (adequacy measures in place) | GDPR and POPIA-capable; Data Processing Agreement available |
| Make.com (Celonis SE) Privacy Policy ↗ |
Automation — routes form submissions from website to HubSpot and triggers follow-up actions | European Union | GDPR compliant; processes data transiently — no long-term storage |
| Netlify, Inc. Privacy Policy ↗ |
Website hosting — serves all pages of swiftact.cloud | United States (global CDN) | SOC 2 Type 2, ISO 27001; processes no personal data beyond server logs |
| Anthropic, PBC Privacy Policy ↗ |
AI — the Financial Health Check tool uses the Claude API to generate personalised recommendations from your assessment scores | United States | Data sent to the API includes your assessment scores and business context — not your name or email |
HubSpot and Netlify are US-based. Under POPIA Section 72, personal information may only be transferred to a foreign country if that country has adequate data protection laws, or if the recipient is bound by appropriate contractual measures. Both HubSpot and Netlify maintain GDPR-equivalent data processing agreements which we rely on for POPIA cross-border compliance. By submitting a form on this website, you acknowledge and consent to this transfer.
We never sell, rent, or trade your personal information to any third party for marketing or commercial purposes.
| Data type | Retention period | Reason |
|---|---|---|
| Contact form enquiries (no engagement) | 12 months | Reasonable follow-up window |
| Financial Health Check results (no engagement) | 12 months | Reasonable follow-up window |
| Active client records | Duration of engagement + 5 years | SARS record-keeping requirements |
| Email marketing consent records | Until consent is withdrawn + 3 years | POPIA compliance evidence |
| Netlify server logs | 30 days | Standard hosting logs — IP addresses, page requests |
After the applicable retention period, personal information is deleted from HubSpot and our records. You may request earlier deletion at any time — see Section 06.
Under POPIA, you have the following rights regarding your personal information:
| Right | What it means | How to exercise it |
|---|---|---|
| Access | Request a copy of all personal information we hold about you | Email hello@swiftact.cloud |
| Correction | Request that inaccurate or incomplete information be corrected | Email hello@swiftact.cloud |
| Deletion | Request that your personal information be deleted from our systems | Email hello@swiftact.cloud |
| Objection | Object to the processing of your personal information for direct marketing | Unsubscribe link in any email, or email us |
| Restriction | Request that we restrict processing while a complaint is being resolved | Email hello@swiftact.cloud |
| Complaint | Lodge a complaint with the Information Regulator of South Africa | See details below |
We will respond to all access, correction, and deletion requests within 30 days of receipt, as required by POPIA.
Information Regulator of South Africa
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
justice.gov.za/inforeg ↗
complaints.IR@justice.gov.za
We take the security of your personal information seriously. The following measures are in place:
In transit: All data submitted through our website is transmitted over HTTPS using TLS 1.2 or higher. Form submissions to our automation webhook are encrypted in transit.
At rest: Personal information stored in HubSpot is encrypted at rest using AES-256. Access to HubSpot is protected by two-factor authentication and role-based access controls.
Webhook security: Form submissions include a cryptographic secret token that our automation system verifies before processing. Submissions without the correct token are rejected — this prevents spoofed or malicious submissions from creating records in our CRM.
Website hosting: swiftact.cloud is hosted on Netlify, which holds SOC 2 Type 2 and ISO 27001 certifications and provides DDoS protection across all layers.
Access controls: Only authorised Swift ACT team members have access to client data. Access is reviewed regularly.
In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the Information Regulator as required by POPIA Section 22, within the prescribed timeframes.
swiftact.cloud is a static website. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
Netlify, our hosting provider, may set technical session cookies necessary for site delivery and security. These cookies do not identify you personally and are not used for marketing purposes.
If we introduce analytics or marketing tools in future, this policy will be updated and a cookie consent mechanism will be added to the website.
Our services are directed exclusively at business owners and professionals. We do not knowingly collect personal information from persons under the age of 18. If you believe a minor has submitted information through our website, please contact us immediately at hello@swiftact.cloud and we will delete it promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page.
We encourage you to review this policy periodically. Continued use of swiftact.cloud after changes are posted constitutes your acceptance of the updated policy.
Previous versions of this policy are available on request by emailing hello@swiftact.cloud.
For all privacy-related enquiries, requests, or complaints, please contact our Information Officer directly:
Swift ACT (Pty) Ltd trading as Doughgetters
Pretoria, South Africa
Email: hello@swiftact.cloud
Website: swiftact.cloud
We aim to respond to all privacy-related requests within 30 days. If your request is complex or there are a large number of requests, we may extend this by a further 30 days — we will notify you if this is the case.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa at justice.gov.za/inforeg ↗.