Effective date: 1 June 2026 · Version 2.1
IntelliAI Group (Pty) Ltd, registration number 2024/987654/07, is the responsible data controller for all personal information processed through the Solomon Execution Engine (SEE) and its operational divisions. Our registered address is 14th Floor, The Marc, 129 Rivonia Rd, Sandton, 2196, Gauteng, South Africa. The Data Sovereignty Officer can be contacted at dso@intelliaigroup.co.za.
We collect only data necessary for Platform operation and workload execution. This includes: Operator identification information (name, email, role, division assignment); authentication credentials (hashed passwords, MFA tokens, SAML assertions); workload data submitted for processing (which varies by division and is governed by division-specific data processing addenda); system telemetry (IP addresses, browser fingerprints, session logs, performance metrics); and communications data (support tickets, inquiries, correspondence).
We do not collect sensitive personal information beyond what is required for specific authorized workloads (e.g., health records processed through IntelliHealth AI under strict POPIA Section 26 safeguards).
All data processing is conducted under one or more lawful bases as defined by POPIA Section 11: (a) consent of the data subject, obtained at account registration and for each workload submission; (b) performance of a contract with the data subject (Platform subscription agreement); (c) compliance with legal obligations (SARS tax regulations, FSCA financial reporting, HPCSA health data requirements); (d) legitimate interests of the data subject or the public; (e) performance of a public law duty by a public body.
We do not sell personal information to third parties. Data may be shared with: division-specific regulatory authorities as required by law (SARS, FSCA, HPCSA, DMRE); trusted third-party service providers who process data on our behalf under binding data processing agreements (cloud infrastructure, monitoring tools, identity providers); and law enforcement agencies pursuant to a valid court order issued by a South African court. All third-party processors are subject to POPIA-compliant data processing agreements and R5 Verification Gate auditing.
Under POPIA Section 72, no personal information processed by IntelliAI Group may be transferred outside the Republic of South Africa unless the recipient country ensures an adequate level of protection. All primary data processing occurs within our Johannesburg Sovereign HPC Cluster. Limited technical data (anonymized telemetry, error logs) may be processed in jurisdictions with equivalent data protection laws. Any cross-border transfer requires explicit Operator consent and R5 Verification Gate approval.
Under POPIA Sections 23-26, Operators and data subjects have the right to: (a) request confirmation of whether their personal information is held; (b) request access to their personal information (subject access request processed within 30 days); (c) request correction or deletion of inaccurate information; (d) object to processing for direct marketing purposes; (e) lodge a complaint with the Information Regulator (South Africa). All requests are processed through the Sovereignty Controls panel in the SEE Control Panel under R4: Temporal Binding.
Operational data is retained in accordance with applicable legal requirements: tax records — 5 years (SARS requirements); health records — 6 years (HPCSA guidelines); financial records — 5 years (Companies Act, 2008); legal documents — 5 years post-matter closure; platform telemetry — 2 years for operational analysis; account data — retained for the duration of the subscription plus 12 months. Upon expiration of retention periods, data is securely destroyed under POPIA Section 28 with verified destruction certificates.
Technical and organizational security measures include: AES-256-GCM encryption at rest with HSM key management; TLS 1.3 encryption in transit; biometric access controls at Tier III-equivalent data centers; 24/7 physical and logical monitoring; R5 Verification Gate mandatory auditing of all data access; constitutional governance enforcement through R2 (Zero Thermal Loss) preventing data leakage; R6 (No Forgetting) ensuring immutable audit trails; and annual SOC 2 Type II audits verified by independent AICPA-accredited auditors.
In the event of a personal information breach, IntelliAI Group will notify the Information Regulator (South Africa) within 72 hours as required by POPIA Section 22. Affected data subjects will be notified within 48 hours of regulator notification, including a description of the breach, the categories of data affected, and recommended mitigation steps. All breaches are investigated under R5 Verification Gate and logged under R6: No Forgetting for permanent audit retention.
The Data Sovereignty Officer (DSO) oversees POPIA compliance and data protection. Contact: Data Sovereignty Officer, IntelliAI Group (Pty) Ltd, 14th Floor, The Marc, 129 Rivonia Rd, Sandton, 2196, South Africa. Email: dso@intelliaigroup.co.za. Operators may also lodge complaints with the Information Regulator (South Africa): JD House, 27 Stiemens St, Braamfontein, Johannesburg, 2001; email: inforeg@justice.gov.za; website: www.justice.gov.za/inforeg/.