Privacy Policy
Last updated: 5 July 2026
This policy explains what personal information PassPath collects, why we collect it, and the rights you have over it under South Africa’s Protection of Personal Information Act 4 of 2013 (POPIA). We have kept it short and in plain language — if anything is unclear, email us and we will explain.
1. Who we are
The “responsible party” under POPIA is PASSPATH (PTY) LTD (Registration No. 2026/517551/07), the company that operates PassPath, an online exam-preparation platform for South Africa’s RE5 and RE1 regulatory exams. Our registered address is available on written request to support@passpath.co.za.
Reach our Information Officer at support@passpath.co.za for anything in this policy — questions, access requests, corrections, deletions, or complaints.
2. What we collect and where it comes from
We collect personal information directly from you, and we only collect what we need to run the service:
- Full name and email address — required to create your account.
- Password — required. It is hashed and managed by our authentication provider; PassPath never sees or stores your password in plain text.
- Course and study progress — quiz results, readiness scores, and practice history, generated as you use the platform. This is what makes the product work.
- Purchase confirmation records — which course you bought, when, and for how much. We never see or store your card number (see section 6).
- Marketing preference — voluntary. You choose whether to receive marketing emails; saying no has no effect on your access.
- Basic technical logs — IP address and browser type, kept for security and to diagnose problems.
That is the full list. We do not ask for your ID number, physical address, or any special personal information, and we do not collect information about you from other companies.
3. Why we process it
We use your information to:
- create and manage your account;
- deliver the courses — track your progress, score your practice, and measure your readiness;
- process and confirm payments;
- provide support when you contact us;
- send service emails, such as purchase confirmations and access reminders;
- send marketing emails — only if you have opted in;
- keep the platform secure.
We do not use your information for anything else. Where we look at how the platform is used overall — for example, which questions people find hardest — we work with aggregated, de-identified data that cannot be traced back to you.
4. Lawful basis
We process your information because it is necessary to perform our contract with you (delivering the course you bought), because you have consented (marketing emails), or because we have a legitimate interest in keeping the service secure (technical logs). Where we rely on your consent, you can withdraw it at any time.
5. Direct marketing
In line with section 69 of POPIA, we only send marketing emails if you have opted in. Every marketing email contains a working unsubscribe link, and unsubscribing never affects your course access or the service emails you need to use your account.
6. Who we share it with
We never sell your personal information. We share it only with the service providers (POPIA calls them “operators”) who help us run PassPath, and only so they can provide the service:
- Our authentication and database provider — securely stores your account and study data.
- PayFast — payment processing. Your card details go directly to PayFast; PassPath never collects or stores card numbers.
- Our content management provider — hosts our article content (it does not hold your account data).
- Our web hosting provider — serves the website and processes technical logs.
Each operator may only use your information to provide its service to us. We may also disclose information if the law requires it — for example, to a regulator or a court.
7. Cross-border transfers
Some of our providers store data on servers outside South Africa. In line with section 72 of POPIA, we only use providers who are subject to laws, contracts, or binding rules that protect your information in a way substantially similar to POPIA.
8. Cookies
We use only essential cookies — the ones needed to keep you logged in to your account. We do not use advertising cookies or third-party analytics cookies, which is why you will not see a cookie banner on our site. If you block cookies in your browser, this website will still work, but you will not be able to stay logged in to the app.
9. How long we keep it
We keep your account information for as long as your account is active, plus a reasonable period afterwards in case you come back or a question arises. Transaction records are kept for five years, as South African tax and company law requires. Technical logs are kept only as long as needed for security. You can ask us to delete your information earlier (see section 11); we will delete everything we are not legally required to keep and tell you what, if anything, must be retained and why.
10. How we protect it
We take reasonable, appropriate measures to secure your information: all traffic to PassPath is encrypted in transit (HTTPS), passwords are hashed and never stored in plain text, access to personal data within the company is restricted, and we use reputable providers with strong security practices of their own.
If a data breach ever occurs that is likely to cause you harm, we will notify you and the Information Regulator as soon as reasonably possible, as section 22 of POPIA requires.
11. Your rights
Under POPIA you have the right to:
- ask what personal information we hold about you and get a copy;
- have inaccurate information corrected;
- request deletion of your information;
- object to processing;
- withdraw consent you have given (for example, for marketing).
To exercise any of these, email our Information Officer at support@passpath.co.za. We may ask you to verify your identity first — this protects your information from being handed to someone pretending to be you — and we respond within a reasonable time, usually a few business days. Access to your own information is free. You can also see and correct most of your details yourself in your account settings.
12. Complaints
If you believe we have mishandled your personal information, please contact us first — we take this seriously and will try to put it right. You also have the right to lodge a complaint with the Information Regulator (South Africa) at POPIAComplaints@inforegulator.org.za or via inforegulator.org.za.
13. Children
PassPath is intended for people preparing for professional regulatory exams and is only for users 18 or older. We do not knowingly collect personal information from children. If you believe a child has created an account, tell us and we will delete it.
14. Changes to this policy
We may update this policy from time to time — for example, if we add a service provider or the law changes. Each version is dated at the top of this page. If we make a material change, we will notify registered users by email before it takes effect.
This policy forms part of our Terms & Conditions.