Privacy Policy

Effective date: 2026-07-05 — Operated by CDSoft Ltd, South Africa

This policy explains how we handle personal information on this Platform (smorg.co.za). We try to collect as little as necessary and be clear about what we do with what we keep.

1. Who we are

CDSoft Ltd is a South African company. We operate this Platform. For the account information of our users we are the responsible party under the Protection of Personal Information Act 4 of 2013 (POPIA). For candidate data that organisations store on the Platform, the organisation is the responsible party and we act as their operator (see section 5).

Contact us

2. What we collect

For account holders (recruiters and hiring organisations):

For all visitors:

3. What we don’t collect

4. Why we collect it

DataPurpose
Email addressAccount authentication, platform notifications
Organisation detailsYour branded presence and job listings on the Platform
Usage logsDebugging, platform reliability
Session dataKeep you logged in securely

We do not sell personal information. We do not use your content for advertising.

5. Candidate data in your organisation’s records

The Platform lets organisations store and manage candidate information — applications, CVs, contact details, notes. For that data, the organisation is the responsible party under POPIA and CDSoft Ltd is an operator processing it on the organisation’s instructions. The organisation decides what is collected and why; we store and process it to provide the software.

If you are a candidate whose information is held in an organisation’s records on this Platform: your relationship is with that organisation. Requests for access, correction, or deletion should go to them. If you contact us directly, we will refer your request to the organisation and may act ourselves where the law requires.

6. Who we share data with

We use a small number of infrastructure providers to operate the Platform:

We do not share your data with third parties beyond what you choose to publish in your organisation’s listings and public pages.

7. Cross-border transfers

Cloudflare and Anthropic operate globally. Your data may be processed outside South Africa. This is permitted under POPIA Section 72 where the recipient is subject to equivalent protection obligations — both Cloudflare and Anthropic satisfy this requirement through their respective data processing agreements.

8. How long we keep your data

DataRetention
Active accountHeld while your account is active
Deleted accountAccount, organisation, and its records removed within 30 days of deletion
Usage logs90 days rolling
Payment records5 years (SARS compliance)

If your account has been inactive for 12 months, we will email you before deleting it.

9. Your rights under POPIA

As an account holder you have the right to:

To exercise any of these rights, contact us. We will respond within 30 days. Candidates whose data is held in an organisation’s records: see section 5.

10. Security

Connections to the Platform are encrypted (HTTPS). Data at rest is encrypted by Cloudflare’s storage infrastructure. Access to production systems is restricted to authorised personnel.

No system is completely immune to breach. If a breach occurs that poses a material risk to your rights, we will notify you and the Information Regulator as required by POPIA.

11. Children

The Platform is not directed at anyone under 18. We do not knowingly collect information from minors.

12. Changes to this policy

If we make material changes to how we handle your personal information, we will notify active users by email at least 14 days before the change takes effect.

Information Officer: Brent Greeff — contact us