← Back to Flowa

Privacy Policy

Last updated: 5 July 2026

Access Capital Holdings (Pty) Ltd trading as Flowa ("Flowa", "we", "us") respects your privacy and is committed to protecting personal information in line with South Africa's Protection of Personal Information Act, 2013 (POPIA). This policy explains what we collect, why, and your rights.

1. Information we collect

2. How we use information

3. Roles & responsibility

Where a business uses Flowa to message its own customers, that business is the responsible party (data controller) and Flowa acts as an operator (processor) on its behalf, processing that data only on the business's instructions.

4. Storage & security

Data is stored in secured, access-controlled cloud infrastructure. Information is encrypted in transit (TLS) and at rest; sensitive access tokens are encrypted with AES-256-GCM. Access is restricted to authorised personnel on a least-privilege basis and protected by two-factor authentication.

5. Sharing

We share personal information only with the service providers needed to run Flowa (e.g. Meta/WhatsApp, our cloud hosting, Payfast for payments) and where required by law. We do not sell personal information.

6. Retention

We retain personal information for as long as your account is active or as needed to provide the Service and meet legal obligations. On account closure or request, we delete or anonymise the data, subject to legal retention requirements.

7. Your rights (POPIA)

You have the right to access, correct, or delete your personal information, to object to processing, and to lodge a complaint with the Information Regulator (South Africa). To exercise these rights, email info@flowa.co.za.

8. Cookies

Our websites use essential cookies to operate and, where you consent, analytics cookies to understand usage. You can control cookies through your browser settings.

9. Contact

Information Officer
Access Capital Holdings (Pty) Ltd t/a Flowa
Email: info@flowa.co.za
South Africa