JumpPoint Legacy

Privacy Policy

Last Updated: March 23, 2026

1. Information We Collect

We collect information you provide directly to us, including:

  • Account information (email address, name)
  • Vault documentation and beneficiary information
  • Contact details you choose to provide
  • Usage data and analytics

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Generate your Estate Packet documentation
  • Communicate with you about the Service
  • Monitor and analyze usage patterns
  • Detect and prevent fraud or abuse

3. Data Encryption and Security

We take data security seriously and implement multiple layers of protection:

  • AES-256-GCM Encryption: All sensitive data is encrypted at rest using industry-standard encryption
  • Key Isolation: Each vault has its own unique encryption key
  • Zero-Trust Architecture: Every request is authenticated and authorized
  • PPI/POPIA Compliance: We adhere to privacy regulations for personal information protection

4. Protection of Personal Information (POPI Act Compliance)

4.1 Responsible Party

DataFuse (Pty) Ltd (Reg No: 2017/354756/07) is the responsible party for the processing of your personal information under the Protection of Personal Information Act, 2013 (POPIA). We are committed to protecting your privacy and ensuring that your personal information is processed lawfully, fairly, and transparently.

Company Details:
DataFuse (Pty) Ltd
Registration Number: 2017/354756/07
VAT Number: 4120287463
Country: South Africa

4.2 Information Officer

Our Information Officer is responsible for ensuring compliance with POPIA and handling data subject requests. You may contact our Information Officer for any privacy-related inquiries or to exercise your rights under POPIA:

Contact Information:
Email: admin@jumppointlegacy.com
Phone: +27 82 556 5295 / +27 82 572 9032
Address: 19 Heron Drive, Three Rivers East, Vereeniging, 1929, South Africa

4.3 Applicable Legislation

JumpPoint Legacy complies with the following South African and international data protection laws:

  • POPIA (Protection of Personal Information Act, 2013): South Africa's primary data protection legislation governing the processing of personal information
  • ECT Act (Electronic Communications and Transactions Act, 2002): Governs electronic transactions and communications in South Africa
  • GDPR (General Data Protection Regulation): For users in the European Union, we ensure compliance with GDPR requirements

4.4 POPI Act Conditions

We process your personal information in accordance with the eight conditions for lawful processing under POPIA:

1. Accountability

We take full responsibility for the personal information we process and have implemented appropriate policies, procedures, and technical measures to ensure compliance with POPIA. We maintain records of all processing activities and conduct regular privacy impact assessments.

2. Processing Limitation

We process your personal information lawfully, fairly, and transparently. We only collect and process information that is necessary for the specific purposes outlined in this Privacy Policy. Processing is based on your consent, contractual necessity, or legitimate interests.

3. Purpose Specification

We collect personal information for specific, explicitly defined, and lawful purposes related to providing our digital estate planning services. These purposes include:

  • Creating and managing your secure vault
  • Generating Estate Packet documentation
  • Processing subscription payments
  • Communicating with you about the Service
  • Maintaining audit trails and vault history
  • Ensuring security and preventing fraud

4. Further Processing Limitation

We do not process your personal information for purposes incompatible with the original purpose for which it was collected, unless we obtain your consent or are required by law to do so.

5. Information Quality

We take reasonable steps to ensure that your personal information is complete, accurate, not misleading, and updated where necessary. You can update your information at any time through your account dashboard.

6. Openness

We are transparent about how we collect, use, and share your personal information. This Privacy Policy provides clear information about our data practices, and we notify you of any material changes to our processing activities.

7. Security Safeguards

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, damage, or destruction:

  • AES-256-GCM encryption for all sensitive data at rest
  • Unique encryption keys for each vault (key isolation)
  • Secure authentication via trusted third-party providers (Clerk)
  • Zero-trust architecture with authentication and authorization on every request
  • Regular security audits and vulnerability assessments
  • Secure database hosting with connection pooling and encryption in transit
  • Comprehensive audit logging and vault history tracking

8. Data Subject Participation

You have the right to:

  • Access: Request confirmation of whether we hold your personal information and access that information
  • Correction: Request correction or deletion of inaccurate, irrelevant, excessive, or outdated information
  • Objection: Object to the processing of your personal information on reasonable grounds
  • Deletion: Request deletion of your personal information (right to be forgotten)
  • Data Portability: Request your personal information in a structured, commonly used format
  • Withdraw Consent: Withdraw consent for processing where consent was the lawful basis

To exercise any of these rights, please contact our Information Officer through the Contact Us page. We will respond to your request within a reasonable timeframe as required by POPIA.

4.5 Cross-Border Data Transfers

Your personal information may be transferred to and processed in countries outside of South Africa, including countries that may not have the same level of data protection as South Africa. When we transfer your information internationally, we ensure that:

  • The recipient country has adequate data protection laws, or
  • We have implemented appropriate safeguards (such as standard contractual clauses), or
  • We have obtained your consent for the transfer

4.6 Data Breach Notification

In the event of a data breach that is likely to cause harm to you, we will notify you and the Information Regulator as required by POPIA. We have implemented incident response procedures to detect, respond to, and mitigate security incidents promptly.

4.7 Complaints

If you believe that we have processed your personal information unlawfully or that we have not adequately addressed your concerns, you have the right to lodge a complaint with:

The Information Regulator (South Africa)
Website: inforegulator.org.za
Email: inforeg@justice.gov.za

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

  • With your explicit consent
  • To comply with legal obligations
  • To protect our rights and prevent fraud
  • With service providers who assist in operating our platform (under strict confidentiality agreements)

6. Data Retention

We retain your information for as long as your account is active or as needed to provide services. You may delete your account at any time, which will permanently remove all your data from our systems.

7. Your Rights

In addition to the rights outlined in Section 4.4 (Data Subject Participation) under POPIA, you have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Delete your account and all associated data
  • Export your data
  • Opt-out of marketing communications

7.1 Data Export and Portability

Under POPIA (Section 4.4, Data Subject Participation) and GDPR (Article 20), you have the right to receive your personal information in a structured, commonly used, and machine-readable format. This is known as the right to data portability.

What Data Can Be Exported?

You can request an export of all personal information we hold about you, including:

  • Account Information: Your name, email address, and account settings
  • Contact Details: Your saved contact information (address, phone number, etc.)
  • Vault Items: All digital asset records, including item names, platforms, account IDs, beneficiary designations, and recorded intents
  • Estate Packet: Your estate description and executor information
  • Vault History: Complete audit trail of all changes to your vault and contact details
  • Saved Documents: Any Estate Packet PDFs you have generated and saved

Export Format

Your data will be provided in JSON format (machine-readable) along with a human-readable PDF summary. This format allows you to:

  • Review your data in a clear, organized format
  • Import your data into other services or applications
  • Keep a personal backup of your information

How to Request a Data Export

Current Process: To request a data export, please contact our Information Officer:

  • Email: admin@jumppointlegacy.com
  • Phone: +27 82 556 5295 / +27 82 572 9032
  • Subject Line: "Data Export Request"

Please include your account email address and any specific information you would like to export. We will verify your identity and provide your data export within 30 days as required by POPIA.

Future Enhancement: We are developing a self-service data export feature that will be available directly in your account dashboard. This will allow you to download your data instantly without contacting support. We will notify all users when this feature becomes available.

Data Export Security

To protect your privacy and security:

  • We will verify your identity before providing any data export
  • Data exports will be delivered via secure, encrypted channels
  • Export files will be password-protected
  • We will log all data export requests for audit purposes

Timeframe

We will respond to your data export request within 30 days of receiving your request, as required by POPIA. If we need additional time or information to process your request, we will notify you promptly.

No Cost

Data export requests are provided free of charge. However, if you make excessive or repetitive requests, we may charge a reasonable administrative fee as permitted by POPIA.

8. Cookies and Tracking

We use cookies and similar technologies to maintain your session and improve user experience. This section provides detailed information about the cookies we use and how you can control them.

8.1 What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They help websites remember your preferences and provide a better user experience.

8.2 Cookies We Use

JumpPoint Legacy uses the following types of cookies:

  • Essential Cookies (Clerk Session Cookies): These cookies are necessary for the authentication and security of our platform. They maintain your logged-in session and ensure secure access to your vault. These cookies are set by Clerk, our authentication provider, and include:
    • __session: Maintains your authentication session
    • __client_uat: Tracks authentication state
    Duration: Session cookies (deleted when you close your browser) or persistent cookies (up to 7 days for "Remember Me" functionality)
  • Functional Cookies: These cookies remember your preferences and settings to provide a personalized experience. Examples include language preferences and display settings.
    Duration: Up to 1 year

8.3 Third-Party Cookies

We use third-party services that may set their own cookies:

  • Clerk: Authentication and session management cookies (essential for service functionality)
  • Paddle: Payment processing cookies (only during checkout process)

8.4 How to Control Cookies

You have several options to control or limit how cookies are used:

  • Browser Settings: Most browsers allow you to refuse cookies or delete existing cookies. You can usually find these settings in the "Options" or "Preferences" menu of your browser. Please note that disabling essential cookies will prevent you from logging in and using the Service.
  • Browser-Specific Instructions:
    • Chrome: Settings → Privacy and security → Cookies and other site data
    • Firefox: Settings → Privacy & Security → Cookies and Site Data
    • Safari: Preferences → Privacy → Cookies and website data
    • Edge: Settings → Cookies and site permissions → Cookies and site data
  • Sign Out: Signing out of your account will clear session cookies. You can also use your browser's "Clear browsing data" feature to remove all cookies.

8.5 Impact of Disabling Cookies

If you disable or refuse cookies, please note that:

  • You will not be able to log in or access your vault (essential cookies are required)
  • Some features may not function properly
  • Your preferences and settings will not be saved

8.6 POPIA and GDPR Compliance

Our use of cookies complies with POPIA (Protection of Personal Information Act) and GDPR (General Data Protection Regulation) requirements:

  • We only use essential cookies necessary for service functionality
  • We provide clear information about the cookies we use
  • We give you control over non-essential cookies through browser settings
  • We do not use cookies for advertising or tracking across other websites

8.7 Updates to Cookie Policy

We may update our cookie practices from time to time. Any changes will be reflected in this Privacy Policy with an updated "Last Updated" date at the top of the page.

9. Third-Party Services

We use third-party services to provide and improve our platform. These providers have their own privacy policies governing their use of your information:

  • Clerk: Authentication and user management services
  • Neon: Serverless PostgreSQL database hosting
  • Paddle: Payment processing and subscription management (Merchant of Record)

Why We Use Clerk: Clerk provides enterprise-grade authentication and user management with built-in security features including multi-factor authentication (MFA), session management, and secure password handling. By using Clerk, we ensure that your authentication credentials are managed by security experts using industry best practices, rather than building and maintaining our own authentication system. Clerk handles sensitive authentication data (passwords, session tokens) so we never store or have access to your password. This separation of concerns enhances security by reducing the attack surface of our application.

Why We Use Paddle: Paddle acts as our Merchant of Record, which means they handle all payment processing, global tax compliance (VAT, sales tax, GST), and subscription management across 200+ countries. This ensures a seamless checkout experience for our global customer base while automatically handling complex international tax requirements. When you make a payment, Paddle processes your payment information and shares necessary transaction details with us to fulfill your subscription.

10. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect information from children.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers as detailed in Section 4.5 (Cross-Border Data Transfers).

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

13. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

DataFuse (Pty) Ltd
Address: 19 Heron Drive, Three Rivers East, Vereeniging, 1929, South Africa
Email: admin@jumppointlegacy.com
Phone: +27 82 556 5295 / +27 82 572 9032

For privacy-related inquiries, you may also reach out to our Information Officer as detailed in Section 4.2.