Privacy Notice

Who this notice applies to

This Privacy Notice describes how Tech Knowledge Open Systems (Pty) Ltd (“TKOS”, “we”, “us”) processes personal information when you use the TKOS platform — including hosted phone, contact center, AI suite, messaging and wholesale voice services — or visit www.tkos.co.za.

We act as a Responsible Partyunder the South African Protection of Personal Information Act, 2013 (“POPIA”) and a Controllerunder the EU General Data Protection Regulation 2016/679 (“GDPR”) for personal information about our customers, prospects and visitors. For end-user data your organisation processes through TKOS (call recordings, contact records, agent activity), TKOS acts as your Operator / Processor under your Data Processing Addendum.

What we collect

Information you give us

Name, work email, phone number and company when you sign up, request a demo or contact us.
Billing details processed through our PCI-DSS-certified payment provider — we don't store full card numbers.
Support correspondence, including any attachments you choose to share.

Information collected automatically

Service telemetry — IP address, device, browser, OS, referrer, and usage events necessary to operate the platform.
Call signalling metadata (CDRs) — caller, callee, duration, region, route — required for billing and quality of service.
Cookies and similar technologies — essential, preference, analytics. See Cookies & tracking.

Information from third parties

Identity verification, sanctions and PEP screening for high-risk numbering products, conducted by accredited bureaus.
CRM enrichment data (LinkedIn, Clearbit-equivalent) for B2B prospect outreach — opt-out is available at any time.

How we use it

We process personal information only for the purposes listed below, each tied to a lawful basis under POPIA / GDPR.

Service delivery — provisioning numbers, routing calls, sending messages and enforcing your account permissions. (Contract.)
Customer support — answering tickets, debugging incidents and tracing SIP traffic with your authorisation. (Contract / Legitimate interests.)
Billing & fraud prevention — invoicing, anti-fraud signal scoring, sanctions screening. (Legal obligation / Legitimate interests.)
Product improvement — aggregated, de-identified telemetry to improve reliability and AI accuracy. (Legitimate interests.)
Marketing — opt-in newsletter and product announcements. You can unsubscribe with one click. (Consent.)

We do not sell personal information, and we never use customer call content to train general-purpose AI models.

International transfers

Our primary processing region is Johannesburg, South Africa (jnb-1), with optional regional pinning to Cape Town, Frankfurt, Ashburn or Singapore. When personal information is transferred outside South Africa or the EEA, we rely on:

EU Standard Contractual Clauses (SCCs) module 2 / 3, with transfer impact assessments where required;
POPIA Section 72 derogations — your consent, contract necessity, or transfers to jurisdictions with adequate protection;
Supplementary technical measures: TLS 1.3, AES-256 at rest, per-tenant KMS keys.

How long we keep it

Retention is the minimum period needed for the purpose, plus any period required by South African or EU law (e.g. tax, AML, ICASA).

Account records — for the duration of the contract and 7 years thereafter for tax compliance.
Call signalling (CDRs) — 12 months by default; configurable per region down to 90 days.
Call recordings — only retained if your organisation enables recording. Default 90 days, configurable.
Marketing data — until you opt out, plus 12 months suppression list to honour your preference.
Support tickets — 36 months for compliance reference.

You can request earlier deletion at any time — see Your rights.

How we protect it

Security isn't a tier on TKOS — it is the foundation. The short version:

TLS 1.3 in transit; AES-256 at rest with per-tenant KMS keys.
SAML SSO, SCIM provisioning, scoped API tokens and IP allow-listing.
Tamper-evident audit log exportable to your SIEM.
HIPAA-aligned controls for healthcare clients and STIR/SHAKEN actively implemented on US-bound traffic.
24/7/365 NOC with tier-3 engineers handling incident response on first call.

Full detail lives on the Security page and our DPA.

Your rights

POPIA and GDPR give you control over your personal information. You can:

Access — get a copy of the personal information we hold about you.
Rectify — correct inaccurate or incomplete information.
Erase — request deletion (right to be forgotten), subject to legal retention.
Restrict or object — limit how we process your data, including for marketing.
Port — receive your data in a machine-readable format.
Withdraw consent — at any time, without affecting prior lawful processing.
Lodge a complaint — with the Information Regulator (South Africa) or your EU supervisory authority.

Email info@techopensystems.co.za with the subject line Data subject request. We respond within 30 days.

Cookies & tracking

We use a minimal set of cookies. Strictly-necessary cookies cannot be turned off. Preference and analytics cookies are opt-in via our consent banner and can be revoked at any time from the cookie settings link in the page footer.

Strictly necessary — session, CSRF, login.
Preferences — region, theme, language choice.
Analytics — first-party Plausible-style metrics. No cross-site profiling.

Children

TKOS services are designed for businesses. We do not knowingly collect personal information from children under 18. If you believe a child has provided personal information, contact us and we will delete it.

Changes to this notice

We may update this notice to reflect changes in law, our service or operating practices. Material changes are emailed to account admins at least 30 days before they take effect. The effective date at the top of the page is the source of truth for the current version.

Contact us

For privacy questions, data subject requests or to reach our Information Officer:

Email: info@techopensystems.co.za
Post: Tech Knowledge Open Systems, Spaces Broadacres Willow Wood, 220 3rd Avenue, Fourways, Gauteng 2191, South Africa
Phone: +27 10 070 6007 (Mon–Fri, 07:00–20:00 SAST)

You also have the right to lodge a complaint with the South African Information Regulator or your local EU supervisory authority.

Document control

This page replaces all prior versions. Material changes are emailed to account admins at least 30 days before they take effect. Archived versions are available on request.

Request prior version

Who this notice applies to

What we collect

Information you give us

Name, work email, phone number and company when you sign up, request a demo or contact us.
Billing details processed through our PCI-DSS-certified payment provider — we don't store full card numbers.
Support correspondence, including any attachments you choose to share.

Information collected automatically

Service telemetry — IP address, device, browser, OS, referrer, and usage events necessary to operate the platform.
Call signalling metadata (CDRs) — caller, callee, duration, region, route — required for billing and quality of service.
Cookies and similar technologies — essential, preference, analytics. See Cookies & tracking.

Information from third parties

Identity verification, sanctions and PEP screening for high-risk numbering products, conducted by accredited bureaus.
CRM enrichment data (LinkedIn, Clearbit-equivalent) for B2B prospect outreach — opt-out is available at any time.

How we use it

We process personal information only for the purposes listed below, each tied to a lawful basis under POPIA / GDPR.

Service delivery — provisioning numbers, routing calls, sending messages and enforcing your account permissions. (Contract.)
Customer support — answering tickets, debugging incidents and tracing SIP traffic with your authorisation. (Contract / Legitimate interests.)
Billing & fraud prevention — invoicing, anti-fraud signal scoring, sanctions screening. (Legal obligation / Legitimate interests.)
Product improvement — aggregated, de-identified telemetry to improve reliability and AI accuracy. (Legitimate interests.)
Marketing — opt-in newsletter and product announcements. You can unsubscribe with one click. (Consent.)

We do not sell personal information, and we never use customer call content to train general-purpose AI models.

International transfers

EU Standard Contractual Clauses (SCCs) module 2 / 3, with transfer impact assessments where required;
POPIA Section 72 derogations — your consent, contract necessity, or transfers to jurisdictions with adequate protection;
Supplementary technical measures: TLS 1.3, AES-256 at rest, per-tenant KMS keys.

How long we keep it

Retention is the minimum period needed for the purpose, plus any period required by South African or EU law (e.g. tax, AML, ICASA).

Account records — for the duration of the contract and 7 years thereafter for tax compliance.
Call signalling (CDRs) — 12 months by default; configurable per region down to 90 days.
Call recordings — only retained if your organisation enables recording. Default 90 days, configurable.
Marketing data — until you opt out, plus 12 months suppression list to honour your preference.
Support tickets — 36 months for compliance reference.

You can request earlier deletion at any time — see Your rights.

How we protect it

Security isn't a tier on TKOS — it is the foundation. The short version:

TLS 1.3 in transit; AES-256 at rest with per-tenant KMS keys.
SAML SSO, SCIM provisioning, scoped API tokens and IP allow-listing.
Tamper-evident audit log exportable to your SIEM.
HIPAA-aligned controls for healthcare clients and STIR/SHAKEN actively implemented on US-bound traffic.
24/7/365 NOC with tier-3 engineers handling incident response on first call.

Full detail lives on the Security page and our DPA.

Your rights

POPIA and GDPR give you control over your personal information. You can:

Access — get a copy of the personal information we hold about you.
Rectify — correct inaccurate or incomplete information.
Erase — request deletion (right to be forgotten), subject to legal retention.
Restrict or object — limit how we process your data, including for marketing.
Port — receive your data in a machine-readable format.
Withdraw consent — at any time, without affecting prior lawful processing.
Lodge a complaint — with the Information Regulator (South Africa) or your EU supervisory authority.

Email info@techopensystems.co.za with the subject line Data subject request. We respond within 30 days.

Cookies & tracking

Strictly necessary — session, CSRF, login.
Preferences — region, theme, language choice.
Analytics — first-party Plausible-style metrics. No cross-site profiling.

Children

Changes to this notice

Contact us

For privacy questions, data subject requests or to reach our Information Officer:

Email: info@techopensystems.co.za
Post: Tech Knowledge Open Systems, Spaces Broadacres Willow Wood, 220 3rd Avenue, Fourways, Gauteng 2191, South Africa
Phone: +27 10 070 6007 (Mon–Fri, 07:00–20:00 SAST)

You also have the right to lodge a complaint with the South African Information Regulator or your local EU supervisory authority.

Document control

This page replaces all prior versions. Material changes are emailed to account admins at least 30 days before they take effect. Archived versions are available on request.

Request prior version

Who this notice applies to

What we collect

Information you give us

Information collected automatically

Information from third parties

How we use it

Who we share with

International transfers

How long we keep it

How we protect it

Your rights

Cookies & tracking

Children

Changes to this notice

Contact us

Privacy Notice

Who this notice applies to

What we collect

Information you give us

Information collected automatically

Information from third parties

How we use it

Who we share with

International transfers

How long we keep it

How we protect it

Your rights

Cookies & tracking

Children

Changes to this notice

Contact us