Legal Center & Compliance

We collect information necessary to deliver enterprise IT solutions, maintain service quality, and ensure security compliance.

1.1 Personal & Business Information

• Identity Data: Full name, professional title, company name, department, and role
• Contact Data: Business email, phone numbers, corporate address, and emergency contacts
• Account Data: Login credentials, user preferences, and security settings (passwords are hashed using bcrypt)
• Financial Data: Billing information, purchase history, and payment methods (processed via PCI-DSS compliant gateways)

1.2 Technical & Usage Data

• System Logs: IP addresses, browser signatures, device fingerprints, and access timestamps
• Service Data: API usage patterns, feature utilization, error reports, and performance metrics
• Communication Records: Support tickets, chat transcripts, email correspondence, and call logs
• Project Data: Source code repositories, technical specifications, and deployment configurations (when applicable)

• Service Provision: Delivering software development, cloud infrastructure, cybersecurity, and IT consulting services
• System Optimization: Analyzing usage patterns to improve platform performance, reliability, and user experience
• Security Operations: Threat detection, fraud prevention, intrusion monitoring, and vulnerability management
• Compliance & Legal: Meeting regulatory requirements, tax obligations, and responding to lawful data requests
• Business Communications: Service updates, security alerts, billing notifications, and scheduled maintenance notices
• Product Development: Aggregated analytics for feature prioritization and roadmap planning (anonymized data only)

We maintain strict vendor oversight. Your data is shared only with:

Infrastructure Partners

AWS (EU-Ireland & SA-Cape Town regions), Microsoft Azure, Google Cloud Platform. All partners maintain SOC 2 Type II and ISO 27001 certifications.

Payment Processors

Stripe, PayPal, and PayFast (South Africa). Payment data is tokenized; we never store complete credit card numbers.

Communication Tools

Slack (enterprise plan), Microsoft Teams, Zoom (encrypted meetings), and SendGrid (transactional emails with TLS 1.3).

Legal Obligations

When required by court order, subpoena, or to protect vital interests (fraud prevention, national security requests subject to legal review).

• Penetration Testing: Quarterly third-party security assessments and bug bounty programs
• Monitoring: 24/7 SOC (Security Operations Center) with automated threat detection
• Backup Strategy: Encrypted backups with 30-day retention, tested monthly for integrity
• Employee Screening: Background checks and mandatory security training for all personnel with data access

Under applicable data protection laws (GDPR, POPIA, CCPA), you have the following rights:

Right	Description	Response Time
Access	Request a copy of your personal data	30 days
Rectification	Correct inaccurate or incomplete data	15 days
Erasure	Request deletion ("Right to be Forgotten")	30 days
Portability	Receive data in machine-readable format	30 days
Objection	Object to processing based on legitimate interests	Immediate

Exercising Rights: Submit requests to dpo@platkelvconcept.com with subject line "Data Rights Request". We verify identity before processing to prevent unauthorized access.

We use cookies to maintain sessions, analyze traffic, and improve user experience. Categories include:

• Essential (Required): Authentication, CSRF protection, load balancing. Cannot be disabled.
• Functional: Language preferences, accessibility settings, UI customization.
• Analytics: Google Analytics 4 (IP anonymized), Mixpanel (opt-in required).
• Marketing: LinkedIn Insight Tag, Google Ads (only with explicit consent).

We retain data only as long as necessary for business operations, legal compliance, and security requirements:

• Active Accounts: Retained indefinitely while service is active
• Inactive Accounts: Soft deletion after 2 years of inactivity (recoverable for 30 days)
• Financial Records: 7 years per South African tax law requirements
• Server Logs: 90 days for security monitoring, then anonymized
• Backup Data: 30 days rolling window, encrypted and geographically distributed

• You must be 18 years or older and have legal capacity to enter binding contracts
• Business entities must be duly registered and authorized to conduct business
• You warrant that all provided information is accurate, current, and complete
• Violation of these terms may result in immediate service suspension

You agree NOT to:

• Use our services for illegal activities including malware distribution, phishing, or fraud
• Attempt to breach security measures, penetrate networks, or exploit vulnerabilities without authorization
• Upload content that infringes intellectual property rights or contains malicious code
• Engage in crypto-mining, DDoS attacks, or resource abuse that degrades service for others
• Reverse engineer our proprietary software, frameworks, or methodologies
• Resell, sublicense, or transfer access rights without written consent

Client Deliverables

Upon full payment, ownership of custom-developed code, designs, and documentation transfers to you. This excludes our proprietary frameworks, libraries, and pre-existing IP ("Background IP") which remain our property and are licensed to you for the specific project.

Open Source & Third-Party

We may incorporate open-source components (MIT, Apache 2.0, GPL as appropriate). Compliance with license terms is your responsibility post-delivery.

Portfolio Rights

We retain the right to showcase non-confidential project work in our portfolio, case studies, and marketing materials unless covered by a signed NDA specifying otherwise.

To the extent permitted by law:

• Services are provided "as is" without warranties of uninterrupted or error-free operation
• We are not liable for indirect, consequential, or incidental damages including lost profits or data loss
• Maximum liability is limited to fees paid in the 12 months preceding the claim
• We are not responsible for failures due to circumstances beyond reasonable control (force majeure)

These Terms are governed by the laws of the Republic of South Africa. Disputes shall first undergo mediation in Johannesburg. If unresolved, parties submit to the exclusive jurisdiction of South African courts.

For software products licensed (not sold) by PlatKelv Concept:

• License Grant: Non-exclusive, non-transferable license to use software for internal business purposes
• Restrictions: No modification, reverse engineering, rental, or transfer to third parties
• Updates: Major version upgrades may require additional fees; minor updates included during active support period
• Audit Rights: We may audit usage annually to ensure compliance with licensed seat/user counts

License Type	Scope	Support
Standard	Single deployment, up to 5 users	Email support, business hours
Enterprise	Unlimited deployment, SSO integration	24/7 phone & email, dedicated CSM
OEM/White-label	Resale rights, custom branding	Priority engineering support

Exclusions: Scheduled maintenance, force majeure events, client-caused issues (misconfiguration, resource exhaustion), and third-party service failures outside our control.

Severity	Definition	Response Time	Resolution Target
P1 - Critical	Production system down, data loss, security breach	15 minutes	4 hours
P2 - High	Major feature impaired, significant performance degradation	1 hour	8 hours
P3 - Medium	Minor feature issues, workarounds available	4 hours	24 hours
P4 - Low	General inquiries, feature requests, documentation	8 hours	48 hours

Contact Methods: Critical issues must be reported via phone hotline (+27 11 123 4567) or emergency email (critical@platkelvconcept.com) with "P1" in subject. Standard tickets via client portal.

• Scheduled Maintenance: Sundays 02:00-06:00 SAST (lowest traffic period). 72-hour advance notice provided.
• Emergency Maintenance: May occur with 4-hour notice for critical security patches or infrastructure failures.
• Zero-Downtime Deployments: Blue-green deployment strategy used where possible to minimize impact.
• Maintenance Exclusion: Scheduled maintenance does not count toward uptime calculations.

If uptime falls below guaranteed levels, credits apply to next billing cycle:

• < 99.9%: 5% monthly credit
• < 99.5%: 15% monthly credit
• < 99%: 30% monthly credit + option to terminate without penalty

• Network Segmentation: VPC isolation, micro-segmentation, and private subnets for sensitive workloads
• DDoS Protection: CloudFlare Enterprise and AWS Shield Advanced (automatic mitigation up to 100Gbps)
• Endpoint Security: EDR (Endpoint Detection and Response) on all corporate devices
• Physical Security: SOC 2 compliant data centers with biometric access, 24/7 guards, and CCTV
• Key Management: AWS KMS and HashiCorp Vault for secrets management with automatic rotation