KlikSend
SA-Built · POPIA-aligned
LEGAL / PRIVACY

Privacy Policy

This Privacy Policy explains how KlikSend (the “Service”), a NanoCrew secure file-transfer portal operated by Municipex (Pty) Ltd trading as NanoCrew (the “Operator”, “we”, “us”, “our”), collects, uses, shares, protects, and retains personal information. KlikSend does one thing: it lets you upload files and share them through secure, optionally password-protected, expiring links. This policy is aligned with the Protection of Personal Information Act, 2013 (POPIA) and should be read together with our Terms & Conditions and Data Retention Policy.

This document is a professional template intended to be reviewed, adapted, and approved by the Operator’s appointed Information Officer and qualified legal counsel before reliance. It does not constitute legal advice.

Who we are

The responsible party for personal information processed through KlikSend is Municipex (Pty) Ltd t/a NanoCrew. KlikSend is one of three tools in the NanoCrew family and pairs with NanoCrew Sync. You can reach us at info@nanocrew.ai. We provide the Service across South Africa, the broader African continent, and internationally.

What personal information we collect

We collect only what is necessary to operate a secure file-transfer service:

  • •  Login details. The email address and name you provide when you create a KlikSend login account, together with your email-verification state.
  • •  Files you upload. The content of the files you choose to upload for transfer. You decide what you upload and to whom you send it.
  • •  File metadata. Information describing your transfers, such as filename, file size, and upload, expiry, and download timestamps.
  • •  Share links and passwords. The secure, time-limited links generated for each transfer and any optional password you set to protect a link. Share passwords are stored only as a salted cryptographic hash, never in plaintext.
  • •  Access and security logs. Technical records generated when the Service is used, which may include IP addresses, request timestamps, user-agent strings, and error diagnostics.

We do not ask for, and KlikSend has no need of, any personal information beyond what is described above. The content of the files you upload is determined entirely by you.

Purpose and lawful basis for processing

We process personal information for the following purposes: to create and secure your login account; to receive, store, and transfer the files you upload; to generate and manage secure expiring links and any optional link passwords; to allow recipients you nominate to download transfers; to maintain the security and integrity of the Service, including detecting and investigating abuse; and to meet our legal obligations.

In terms of POPIA, our lawful bases for processing include the performance of our agreement with you (so that we can provide the file-transfer service you have requested), our legitimate interests and those of third parties in operating and securing the Service, compliance with applicable law, and, where relevant, your consent. Where we rely on consent, you may withdraw it at any time, although doing so may prevent us from providing the Service.

Who we share information with

We do not sell personal information, and we do not share it except as set out below:

  • •  Recipients you choose. When you create a transfer and share its link, the recipients you nominate can download the files you uploaded. You control who receives a link and whether it is protected by a password.
  • •  Infrastructure sub-processors. We use reputable cloud hosting and object-storage providers to store and serve files, and email providers to send transactional messages (such as verification and password-reset emails). These operators process data on our behalf, under contract, and only on our instructions.
  • •  Legal requirements. We may disclose information where required to comply with a lawful request, court order, or applicable law, or to protect the rights, safety, and security of users and the Service.

Retention

We keep personal information only for as long as is necessary for the purposes described above, in line with section 14 of POPIA. By default, a transfer’s files expire 7 days after upload (a shorter expiry can be set when you create it), after which the share link stops working and the files can no longer be downloaded; deleting a transfer removes its files from storage. Login-account details are kept while your account remains active. Access and security logs are kept for a limited period. Full details, including specific retention periods and how data is securely disposed of, are set out in our Data Retention Policy.

How we protect information

We apply appropriate, reasonable technical and organisational measures to safeguard personal information, as required by POPIA. These include encryption of data in transit (TLS/HTTPS); presigned, time-limited download links that grant access only for a short, defined window; access controls that limit who and what can reach stored files; salted cryptographic hashing of login and optional share passwords (so they are never stored in plaintext); and logging and monitoring to detect and respond to security events. No method of transmission or storage is perfectly secure, but we work to maintain safeguards proportionate to the sensitivity of the information involved.

Your rights under POPIA

As a data subject, you have the right to be notified that we are collecting your personal information; to request confirmation of, and access to, the personal information we hold about you; to request that we correct or delete personal information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained; to object, on reasonable grounds, to the processing of your personal information; to withdraw any consent you have given; and to lodge a complaint with the Information Regulator. You may also request access to records in accordance with the Promotion of Access to Information Act, 2000 (PAIA), subject to the procedures in that Act and in the Operator’s PAIA manual. Note that, by design, once a transfer or file is deleted it cannot be recovered or produced.

The Information Regulator (South Africa) can be contacted at enquiries@inforegulator.org.za. To exercise any of your rights, please contact our Information Officer using the details below.

Information Officer

The Operator’s appointed Information Officer is responsible for ensuring compliance with POPIA and for handling data-subject requests and privacy enquiries. You can reach the Information Officer at info@nanocrew.ai, addressed to Municipex (Pty) Ltd t/a NanoCrew. When you contact us, please use a valid email address (for example, you@example.co.za) so that we can respond to your request.

Cross-border processing

Because we serve users across South Africa, Africa, and internationally, and because our infrastructure and email sub-processors may operate in more than one country, your personal information may be transferred to, stored in, or processed in jurisdictions outside South Africa. Where this occurs, we take steps, as contemplated by section 72 of POPIA, to ensure that any recipient is subject to laws, binding corporate rules, or agreements that uphold an adequate level of protection substantially similar to that provided under POPIA, or that another lawful ground for the transfer applies.

Changes to this policy

We review this policy at least annually, and additionally whenever there is a material change to our processing activities, technical infrastructure, or applicable law. Material changes will be reflected by updating the date below and, where appropriate, by notice through the Service. Your continued use of KlikSend after an update takes effect constitutes acceptance of the revised policy.

Contact

Questions about this policy, or requests relating to your personal information, may be directed to the Operator’s Information Officer at info@nanocrew.ai.

Last updated: June 2026 · Municipex (Pty) Ltd t/a NanoCrew · info@nanocrew.ai