Privacy Policy

Introduction and Scope
Definitions and Interpretation
Legal Basis and Compliance Framework
Information Officer and Contact Details
Personal Information We Collect
How We Collect Personal Information
Purpose of Processing Personal Information
Legal Basis for Processing
Sensitive Personal Information and Special Personal Information
Data Subjects Under 18 Years of Age
Disclosure and Sharing of Personal Information
Cross-Border Transfers of Personal Information
Data Security Measures
Data Retention and Destruction
Your Rights as a Data Subject
Cookies and Similar Technologies
Direct Marketing and Consent
Automated Decision-Making and AI Systems
Third-Party Services and Integrations
Breach Notification Procedures
Changes to This Privacy Policy
Complaints and Regulatory Contact

1. INTRODUCTION AND SCOPE

1.1 Mirai Stack (Pty) Ltd ("Mirai Stack," "we," "us," or "our") is committed to protecting your privacy and ensuring the lawful processing of your Personal Information in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA) and other applicable South African legislation.
1.2 This Privacy Policy applies to all Personal Information processed by Mirai Stack in connection with:
• Our internal software platforms: Prosoche, Agora, FitSocial, The Connect, Stitches, KenganStudy, and KenganSocial;
• Client software projects developed for external organizations;
• Our website at www.miraistack.co.za;
• All software engineering, platform architecture, and digital infrastructure services we provide;
• Any other interactions where we collect, use, store, or process your Personal Information.
1.3 This Privacy Policy explains:
• What Personal Information we collect;
• How and why we collect, use, store, and process your Personal Information;
• Your rights regarding your Personal Information;
• How we protect your Personal Information;
• How to contact us regarding privacy matters.
1.4 By accessing our Platforms, using our Services, or providing your Personal Information to us, you acknowledge that you have read and understood this Privacy Policy and consent to the processing of your Personal Information as described herein, except where such consent is not required by law.
1.5 This Privacy Policy is incorporated by reference into our Terms and Conditions and forms part of our binding agreement with you.

2. DEFINITIONS AND INTERPRETATION

2.1 In this Privacy Policy, unless the context otherwise requires:
"Child" means a natural person under the age of 18 years who is not legally competent, without the assistance of a competent person, to take any action or decision in respect of any matter concerning him- or herself;
"Competent Person" means any person who is legally competent to consent to any action or decision being taken in respect of any matter concerning a Child;
"Consent" means any voluntary, specific, and informed expression of will in terms of which permission is given for the processing of Personal Information;
"Data Subject" means the person to whom Personal Information relates, being you as the user of our Platforms and Services;
"Information Officer" means the person designated by Mirai Stack to oversee POPIA compliance and handle data protection matters;
"Operator" means a person who processes Personal Information for a Responsible Party in terms of a contract or mandate, without coming under the direct authority of that party;
"Personal Information" means information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing juristic person, including but not limited to:
• Information relating to race, gender, sex, pregnancy, marital status, national, ethnic or social origin, colour, sexual orientation, age, physical or mental health, well-being, disability, religion, conscience, belief, culture, language, and birth;
• Information relating to education, medical, financial, criminal, or employment history;
• Any identifying number, symbol, email address, physical address, telephone number, location information, online identifier, or other particular assignment;
• Correspondence sent by the person that is implicitly or explicitly of a private or confidential nature;
• The views or opinions of another individual about the person;
• The name of the person if it appears with other Personal Information or if the disclosure of the name itself would reveal information about the person;
"Processing" means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:
• Collection, receipt, recording, organization, collation, storage, updating or modification, retrieval, consultation, use, dissemination by means of transmission, distribution or making available in any other form, or merging, linking, as well as restriction, degradation, erasure, or destruction of information;
"Responsible Party" means a public or private body or any other person which, alone or in conjunction with others, determines the purpose of and means for processing Personal Information;
"Special Personal Information" means Personal Information concerning:
• Religious or philosophical beliefs;
• Race or ethnic origin;
• Trade union membership;
• Political persuasion;
• Health or sex life;
• Biometric information of a Data Subject;
• Criminal behavior of a Data Subject to the extent that such information relates to the alleged commission of any offense or any proceedings in respect of any offense allegedly committed by the Data Subject or the disposal of such proceedings;
"Unique Identifier" means any identifier that is assigned to a Data Subject and is used by a Responsible Party for the purposes of its operations and that uniquely identifies that Data Subject in relation to that Responsible Party.
2.2 Terms defined in our Terms and Conditions have the same meaning in this Privacy Policy unless otherwise specified.
2.3 Headings are for convenience only and shall not affect interpretation.

3. LEGAL BASIS AND COMPLIANCE FRAMEWORK

3.1 Mirai Stack processes Personal Information in compliance with:
• Protection of Personal Information Act 4 of 2013 (POPIA): The primary legislation governing data protection in South Africa;
• Electronic Communications and Transactions Act 25 of 2002 (ECTA): Governing electronic communications and data messages;
• Consumer Protection Act 68 of 2008 (CPA): Protecting consumer rights regarding personal data;
• Cybercrimes Act 19 of 2020: Addressing cybersecurity and data protection;
• Promotion of Access to Information Act 2 of 2000 (PAIA): Governing access to information;
• Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002 (RICA): Governing surveillance and interception;
• Financial Intelligence Centre Act 38 of 2001 (FICA): Where financial information is processed.
3.2 We adhere to the following principles in processing Personal Information:
3.2.1 Accountability: We take responsibility for the Personal Information we process and demonstrate compliance with POPIA;
3.2.2 Processing Limitation: We collect only necessary Personal Information with consent or other lawful basis;
3.2.3 Purpose Specification: We collect Personal Information for specific, explicitly defined, and legitimate purposes;
3.2.4 Further Processing Limitation: We process Personal Information only for purposes compatible with the original purpose of collection;
3.2.5 Information Quality: We ensure that Personal Information is accurate, complete, not misleading, and updated where necessary;
3.2.6 Openness: We notify Data Subjects of the processing of their Personal Information as required by law;
3.2.7 Security Safeguards: We implement appropriate technical and organizational measures to secure Personal Information;
3.2.8 Data Subject Participation: We enable Data Subjects to access and correct their Personal Information.

4. INFORMATION OFFICER AND CONTACT DETAILS

4.1 Mirai Stack has designated an Information Officer to oversee compliance with POPIA and handle data protection matters.
4.2 Information Officer Contact Details:
Email: info@miraistack.co.za
Physical Address: Durban, South Africa
Effective Date of Designation: 04 March 2026
4.3 The Information Officer is responsible for:
• Encouraging compliance with POPIA conditions;
• Dealing with requests made by Data Subjects;
• Working with the Information Regulator in relation to investigations;
• Ensuring compliance with the provisions of POPIA;
• Maintaining the prescribed records of processing activities.
4.4 For all privacy-related inquiries, requests, or complaints, please contact the Information Officer at info@miraistack.co.za.
4.5 We will respond to privacy-related inquiries within a reasonable time, not exceeding 30 days from receipt, unless exceptional circumstances require an extension.

5. PERSONAL INFORMATION WE COLLECT

5.1 Categories of Personal Information Collected:
5.1.1 Identity and Contact Information:
• Full name and surname;
• Email address;
• Physical address;
• Telephone number;
• Date of birth;
• Identity or passport number (where required for verification);
• Account username and password (encrypted);
• Profile photograph (optional).
5.1.2 Demographic Information:
• Age range;
• Gender;
• Language preferences;
• Geographic location.
5.1.3 Financial Information (where applicable):
• Bank account details;
• Payment card information (processed by PCI-DSS compliant payment processors; we do not store complete card numbers);
• Billing address;
• Transaction history;
• VAT or tax identification numbers (for Sellers).
5.1.4 Technical and Usage Information:
• IP address;
• Device type and operating system;
• Browser type and version;
• Unique device identifiers;
• Time zone setting and location data;
• Login data;
• Platform usage patterns and preferences;
• Cookies and similar tracking technologies data.
5.1.5 Platform-Specific Information:
Prosoche:
• Journal entries and reflections;
• Mood and emotional state data;
• Personal goals and aspirations;
• Philosophical or spiritual beliefs (if voluntarily provided);
• Usage patterns of reflection tools.
Agora:
• Published content and articles;
• Writing preferences and topics;
• Reader engagement data;
• Professional biography and credentials.
FitSocial:
• Fitness activity data and workout logs;
• Health and wellness goals;
• Physical measurements and progress data;
• Dietary preferences (if provided);
• Social connections within the platform;
• Gamification achievements and challenges.
The Connect and Stitches:
• Business registration details (for Sellers);
• Product listings and inventory data;
• Sales and transaction records;
• Customer service communications;
• Shipping and logistics information.
KenganStudy:
• Educational background and qualifications;
• Learning preferences and progress;
• Course enrollment and completion data;
• AI interaction logs and tutoring sessions;
• Academic performance metrics.
KenganSocial:
• Social media account connections and authorizations;
• Content scheduling preferences;
• Analytics data from connected social media accounts;
• Campaign performance data.
5.1.6 Communications Data:
• Emails and messages sent to us;
• Customer service interactions;
• Survey responses and feedback;
• Marketing preferences and consent records.
5.2 We do not collect Special Personal Information unless specifically required for a particular service and with your explicit consent, or where otherwise permitted by law.

6. HOW WE COLLECT PERSONAL INFORMATION

6.1 Direct Collection: We collect Personal Information directly from you when you:
• Register for an Account on our Platforms;
• Complete user profiles or preference settings;
• Make purchases or transactions;
• Post content or interact with Platform features;
• Contact our customer support;
• Participate in surveys, promotions, or competitions;
• Subscribe to newsletters or marketing communications.
6.2 Automated Collection: We automatically collect certain information through:
• Cookies and similar tracking technologies;
• Server logs and analytics tools;
• Device and browser information;
• Usage patterns and interaction data;
• IP address and location data.
6.3 Collection from Third Parties: We may receive Personal Information from:
• Payment processors regarding transaction status;
• Identity verification services;
• Social media platforms (when you choose to connect accounts);
• Business partners and service providers;
• Publicly available sources (for verification purposes).
6.4 Collection from Operators: Where we engage Operators to process Personal Information on our behalf, such collection is governed by written agreements ensuring POPIA compliance.

7. PURPOSE OF PROCESSING PERSONAL INFORMATION

7.1 We process your Personal Information for the following specific, explicitly defined, and legitimate purposes:
7.1.1 Platform Operation and Service Delivery:
• Creating and managing your Account;
• Providing access to Platform features and Services;
• Processing transactions and payments;
• Facilitating marketplace transactions between Sellers and Customers;
• Delivering AI-enhanced educational content (KenganStudy);
• Enabling social media management functions (KenganSocial).
7.1.2 Personalization and User Experience:
• Customizing content and features to your preferences;
• Providing personalized recommendations;
• Adapting interfaces to your usage patterns;
• Enabling gamification and progress tracking (FitSocial);
• Delivering personalized learning experiences (KenganStudy).
7.1.3 Communication and Customer Support:
• Responding to inquiries and support requests;
• Sending service-related notifications;
• Providing updates about Platform changes;
• Marketing communications (with your consent);
• Sending administrative and legal notices.
7.1.4 Security and Fraud Prevention:
• Verifying identity and preventing unauthorized access;
• Detecting and preventing fraud, abuse, or illegal activity;
• Maintaining the security and integrity of our systems;
• Complying with legal and regulatory obligations.
7.1.5 Analytics and Improvement:
• Analyzing Platform usage and performance;
• Conducting research to improve our Services;
• Developing new features and products;
• Generating aggregated, anonymized statistics.
7.1.6 Legal and Regulatory Compliance:
• Complying with applicable laws and regulations;
• Responding to legal requests and court orders;
• Enforcing our Terms and Conditions;
• Protecting our rights, property, and safety.
7.1.7 Business Operations:
• Managing our relationship with you;
• Conducting audits and quality assurance;
• Business planning and forecasting;
• Corporate transactions (mergers, acquisitions, asset sales).
7.2 We will not process your Personal Information for purposes incompatible with those disclosed in this Privacy Policy, unless required by law or with your additional consent.

8. LEGAL BASIS FOR PROCESSING

8.1 We process Personal Information only when a valid legal basis exists under POPIA, including:
8.1.1 Consent: Where you have given explicit, informed, and voluntary consent for specific processing activities, particularly for:
• Direct marketing communications;
• Processing of Special Personal Information;
• Automated decision-making with significant effects;
• Cross-border transfers to jurisdictions without adequate protection.
8.1.2 Contractual Necessity: Where processing is necessary to fulfill our contractual obligations to you or to take steps at your request prior to entering into a contract, including:
• Account creation and management;
• Service delivery and transaction processing;
• Customer support and communication.
8.1.3 Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject, including:
• Tax and accounting record-keeping;
• Regulatory reporting;
• Compliance with court orders or legal process;
• Cooperation with law enforcement.
8.1.4 Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided such interests are not overridden by your fundamental rights and freedoms, including:
• Fraud prevention and security;
• Network and information security;
• Analytics and service improvement;
• Corporate governance and internal investigations.
8.1.5 Protection of Vital Interests: Where processing is necessary to protect your vital interests or those of another natural person, in emergency situations.
8.1.6 Public Interest: Where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
8.2 When we rely on legitimate interests, we conduct a balancing test to ensure that our interests do not override your privacy rights.

9. SENSITIVE PERSONAL INFORMATION AND SPECIAL PERSONAL INFORMATION

9.1 Special Personal Information is afforded enhanced protection under POPIA. We generally do not collect Special Personal Information unless:
• You have provided explicit consent;
• Collection is necessary for the establishment, exercise, or defense of a legal claim;
• Collection is necessary to comply with an obligation of international public law;
• Collection is for historical, statistical, or research purposes with appropriate safeguards;
• Collection is required by law.
9.2 Platform-Specific Special Personal Information:
Prosoche:
• You may voluntarily provide information concerning religious or philosophical beliefs, mental health, or sexual life as part of reflective journaling.
• Such information is processed only with your explicit consent and with enhanced security measures.
• You may delete such information at any time through your Account settings.
FitSocial:
• Health-related information (physical health, medical conditions, disabilities) may be provided voluntarily for fitness tracking.
• This information is processed only to provide the requested fitness services and is not shared with third parties for marketing purposes.
9.3 Biometric Information: We do not currently collect biometric information. If we implement biometric features in the future, we will obtain explicit consent and implement enhanced security measures.
9.4 Processing of Special Personal Information is subject to:
• Enhanced security measures;
• Strict purpose limitation;
• Regular review of necessity;
• Your right to withdraw consent at any time.

10. DATA SUBJECTS UNDER 18 YEARS OF AGE
10.1 Our Platforms are not intended for use by Children under 18 years of age without parental or guardian consent and supervision.
10.2 We do not knowingly collect Personal Information from Children without appropriate authorization:
10.2.1 For Children under 13 years of age: We require verifiable parental consent before collecting any Personal Information.
10.2.2 For Children between 13 and 17 years of age: We require either parental consent or the Child's consent with parental notification, depending on the nature of the service.
10.3 If we discover that we have collected Personal Information from a Child without appropriate consent, we will delete that information as quickly as possible.
10.4 Parents or guardians may:
• Review their Child's Personal Information;
• Request deletion of their Child's Personal Information;
• Refuse further collection or use of their Child's Personal Information;
• Request that we stop communicating with their Child.
10.5 To exercise these rights, parents or guardians should contact us at info@miraistack.co.za with proof of their relationship to the Child.
10.6 Certain Platforms may have specific age restrictions:
• KenganStudy: May be used by educational institutions for students under 18 with institutional consent and appropriate safeguards;
• FitSocial: Users under 16 should have parental consent and supervision;
• Prosoche: Not recommended for users under 16 without appropriate support.

11. DISCLOSURE AND SHARING OF PERSONAL INFORMATION

11.1 We may disclose your Personal Information to the following categories of recipients:
11.1.1 Mirai Stack Group Entities:
• Other companies within our corporate group for operational efficiency and service delivery;
• Subject to the same data protection standards and this Privacy Policy.
11.1.2 Service Providers and Operators: We engage trusted third-party service providers to perform functions and provide services on our behalf, including:
• Cloud hosting and data storage providers;
• Payment processing services;
• Customer support and communication platforms;
• Analytics and performance monitoring services;
• Marketing and advertising partners (with your consent);
• Identity verification services;
• Cybersecurity and fraud prevention services.
11.1.3 Sellers and Customers (Marketplace Platforms):
• On The Connect and Stitches, necessary transaction information is shared between Sellers and Customers to facilitate purchases;
• This includes names, contact details, shipping addresses, and order information;
• Sellers are contractually obligated to protect this information and use it only for transaction fulfillment.
11.1.4 Business Partners:
• Partners with whom we jointly offer products or services;
• Only with your consent or where necessary for the service provided.
11.1.5 Legal and Regulatory Authorities:
• When required by law, court order, or legal process;
• To protect our rights, property, or safety, or that of our users or others;
• To investigate fraud, security breaches, or other illegal activities;
• To respond to government or regulatory requests.
11.1.6 Corporate Transactions:
• In connection with a merger, acquisition, reorganization, or sale of assets;
• Personal Information may be transferred as part of the transaction, subject to confidentiality agreements.
11.2 We require all third-party recipients to:
• Process Personal Information only for specified purposes;
• Implement appropriate security measures;
• Comply with POPIA and this Privacy Policy;
• Not disclose Personal Information further without our authorization.
11.3 We do not sell your Personal Information to third parties for their marketing purposes without your explicit consent.

12. CROSS-BORDER TRANSFERS OF PERSONAL INFORMATION

12.1 We may transfer your Personal Information to recipients in other countries ("cross-border transfer") in the following circumstances:
12.1.1 Cloud hosting services may store data in data centers located outside South Africa;
12.1.2 Some of our service providers may process data from locations outside South Africa;
12.1.3 International marketplace transactions may require data transfer to facilitate shipping and customs clearance.
12.2 Cross-border transfers are conducted only when:
12.2.1 The recipient country has adequate data protection laws substantially similar to POPIA;
12.2.2 We have implemented appropriate safeguards, such as:
• Binding corporate rules;
• Standard contractual clauses approved by the Information Regulator;
• Codes of conduct or certification mechanisms;
• Explicit consent from the Data Subject.
12.3 For transfers to countries without adequate protection, we will:
• Obtain your explicit consent after full disclosure of risks;
• Implement additional contractual safeguards;
• Ensure the transfer is necessary for the performance of a contract or pre-contractual measures taken at your request.
12.4 Current cross-border transfers primarily involve:
• Cloud infrastructure providers with data centers in the European Union, United States, and other jurisdictions;
• Payment processors operating internationally;
• Analytics and support service providers.
12.5 We monitor the adequacy decisions of the Information Regulator and adjust our transfer mechanisms accordingly.

13. DATA SECURITY MEASURES

13.1 Mirai Stack implements appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of your Personal Information, including:
13.1.1 Technical Measures:
• Encryption of data in transit using TLS/SSL protocols;
• Encryption of sensitive data at rest using AES-256 or equivalent standards;
• Secure authentication mechanisms, including multi-factor authentication where available;
• Regular security assessments and penetration testing;
• Network segmentation and firewalls;
• Intrusion detection and prevention systems;
• Regular software updates and patch management;
• Secure development lifecycle practices.
13.1.2 Organizational Measures:
• Information security policies and procedures;
• Access control and least privilege principles;
• Regular staff training on data protection and security;
• Confidentiality agreements with employees and contractors;
• Incident response and business continuity plans;
• Regular audits and compliance monitoring.
13.2 Security Measures by Platform:
13.2.1 Prosoche: Enhanced encryption for journal entries and reflection data; optional biometric authentication for mobile apps;
13.2.2 Agora: Content protection measures; secure publishing workflows; plagiarism detection;
13.2.3 FitSocial: Health data encryption; secure synchronization with fitness devices; privacy controls for social features;
13.2.4 The Connect and Stitches: PCI-DSS compliance for payment data; secure transaction processing; fraud detection systems;
13.2.5 KenganStudy: Educational data protection; AI model security; content filtering;
13.2.6 KenganSocial: Secure API integrations; OAuth authentication; rate limiting and abuse prevention.
13.3 Despite our security measures, no internet transmission or electronic storage is completely secure. We cannot guarantee absolute security but commit to notifying you of any breaches as required by law.
13.4 In the event of a security breach affecting your Personal Information, we will:
• Contain and remediate the breach;
• Assess the impact on affected Data Subjects;
• Notify the Information Regulator without undue delay;
• Notify affected Data Subjects where required by law or where the breach poses a high risk to your rights and freedoms.

14. DATA RETENTION AND DESTRUCTION

14.1 We retain your Personal Information only for as long as necessary to fulfill the purposes for which it was collected, or as required by Applicable Law.
14.2 Retention Periods by Category:
14.2.1 Account Information: Retained for the duration of your Account plus 3 years after closure, unless longer retention is required by law;
14.2.2 Transaction Records: Retained for 5 years in accordance with tax and accounting laws;
14.2.3 Communication Records: Retained for 3 years after the communication date;
14.2.4 Platform Usage Data: Retained for 2 years after collection, then anonymized or deleted;
14.2.5 Marketing Data: Retained until you withdraw consent or object to processing;
14.2.6 Prosoche Journal Entries: Retained according to your settings; deleted immediately upon Account deletion unless you request retention;
14.2.7 Agora Published Content: Retained according to platform policies and your instructions; may be retained in anonymized form for historical purposes;
14.2.8 Legal and Dispute Records: Retained for the duration of any legal proceedings plus applicable limitation periods.
14.3 Destruction Procedures:
• Electronic records are securely deleted using industry-standard methods;
• Physical records are shredded or incinerated;
• Backup data is purged according to retention schedules;
• Destruction is documented and auditable.
14.4 Upon your request and subject to legal retention requirements, we will delete or anonymize your Personal Information within 30 days of verification of your request.

15. YOUR RIGHTS AS A DATA SUBJECT

15.1 Under POPIA, you have the following rights regarding your Personal Information:
15.1.1 Right of Access (Section 23):
• You have the right to request confirmation of whether we hold Personal Information about you;
• You may request a description of such Personal Information;
• You may request information about the identity of third parties who have had access to your Personal Information.
15.2 Right to Correction (Section 24):
• You have the right to request the correction of inaccurate, irrelevant, excessive, out of date, incomplete, misleading, or unlawfully obtained Personal Information;
• You may request the deletion or destruction of Personal Information in certain circumstances;
• You may request the restriction of processing of disputed Personal Information.
15.3 Right to Object to Processing (Section 11(3)):
• You may object on reasonable grounds to the processing of your Personal Information;
• We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, or the processing is required by law.
15.4 Right to Withdraw Consent:
• Where processing is based on consent, you may withdraw consent at any time;
• Withdrawal does not affect the lawfulness of processing prior to withdrawal;
• Withdrawal may result in termination of certain Services.
15.5 Right to Data Portability:
• Where technically feasible, you may request your Personal Information in a structured, commonly used, machine-readable format;
• You may request transmission to another responsible party.
15.6 Right to Object to Direct Marketing:
• You have the right to object at any time to processing for direct marketing purposes;
• We will cease such processing immediately upon objection.
15.7 Right to Lodge a Complaint:
• You have the right to lodge a complaint with the Information Regulator regarding alleged interference with the protection of your Personal Information.
15.8 Right to be Informed:
• You have the right to be informed about the collection and use of your Personal Information, as provided in this Privacy Policy.
15.9 Exercising Your Rights:
• To exercise any of these rights, contact the Information Officer at info@miraistack.co.za;
• We will verify your identity before processing your request;
• We will respond within 30 days of receiving a valid request;
• We may extend this period by 30 days for complex requests, with notification to you;
• We may charge a reasonable fee for manifestly unfounded or excessive requests.

16. COOKIES AND SIMILAR TECHNOLOGIES

16.1 We use cookies and similar tracking technologies to enhance your experience, analyze usage, and deliver personalized content.
16.2 Types of Cookies We Use:
16.2.1 Essential Cookies: Necessary for the operation of the Platforms; enable core functionality such as security, network management, and Account access;
16.2.2 Functional Cookies: Enable enhanced functionality and personalization; remember your preferences and settings;
16.2.3 Analytics Cookies: Help us understand how visitors interact with our Platforms; collect information in an aggregated, anonymized form;
16.2.4 Marketing Cookies: Used to deliver relevant advertisements and track campaign effectiveness; placed with your consent.
16.3 Third-Party Cookies:
• Some cookies are placed by third-party service providers (e.g., analytics, advertising, social media);
• These providers have their own privacy policies governing their use of cookies.
16.4 Cookie Management:
• You can manage cookie preferences through your browser settings;
• You can opt-out of non-essential cookies through our cookie consent banner;
• Disabling certain cookies may affect Platform functionality.
16.5 Specific Platform Cookies:
• FitSocial: May use cookies to track fitness preferences and device connections;
• KenganStudy: May use cookies to remember learning progress and preferences;
• KenganSocial: May use cookies to manage social media account connections.

17. DIRECT MARKETING AND CONSENT

17.1 We may use your Personal Information for direct marketing purposes only with your consent or where otherwise permitted by law.
17.2 Consent for Direct Marketing:
• We will obtain your explicit consent before sending marketing communications;
• Consent may be given through opt-in checkboxes during registration or Account settings;
• Pre-ticked boxes or implied consent are not used for marketing purposes.
17.3 Types of Direct Marketing:
• Email newsletters and product updates;
• Promotional offers and discounts;
• Event invitations and webinars;
• Personalized recommendations based on your usage.
17.4 Your Choices:
• You may opt-out of direct marketing at any time by:
• Clicking the "unsubscribe" link in marketing emails;
• Updating your preferences in Account settings;
• Contacting us at info@miraistack.co.za.
17.5 We will process your opt-out request within 7 days and ensure you are removed from marketing lists within a reasonable timeframe.
17.6 Even if you opt out of marketing, we will continue to send service-related communications necessary for the performance of our contract with you.
17.7 We do not sell your Personal Information to third parties for their direct marketing purposes without your explicit consent.

18. AUTOMATED DECISION-MAKING AND AI SYSTEMS

18.1 Certain Mirai Stack Platforms utilize artificial intelligence and automated decision-making systems:
18.1.1 KenganStudy: Employs AI to personalize learning content, recommend courses, and provide automated tutoring assistance;
18.1.2 Prosoche: May use AI to analyze reflection patterns and provide insights (with your consent);
18.1.3 FitSocial: May use algorithms to recommend fitness challenges and track progress;
18.1.4 KenganSocial: Uses automation for content scheduling and analytics.
18.2 Automated decision-making that produces legal effects or similarly significant effects concerning you will only occur with your explicit consent, except where authorized by law.
18.3 You have the right to:
• Obtain human intervention in automated decisions;
• Express your point of view regarding automated decisions;
• Contest automated decisions and obtain an explanation.
18.4 AI systems are designed with the following safeguards:
• Transparency regarding AI involvement in content generation or recommendations;
• Human oversight of significant automated decisions;
• Regular auditing for bias and accuracy;
• Data minimization in AI training datasets.
18.5 AI-generated content is clearly labeled where appropriate, and you are informed when interacting with AI systems rather than humans.

19. THIRD-PARTY SERVICES AND INTEGRATIONS

19.1 Our Platforms integrate with various third-party services, each with their own privacy practices:
19.1.1 Payment Processors: We use PCI-DSS compliant payment processors; your payment information is processed according to their privacy policies;
19.1.2 Cloud Infrastructure: Data storage and processing may utilize third-party cloud services with robust security measures;
19.1.3 Analytics Providers: We use analytics services to understand Platform usage; these providers may use cookies and collect usage data;
19.1.4 Social Media Platforms: KenganSocial integrates with social media APIs; your use is subject to those platforms' terms and privacy policies;
19.1.5 Communication Services: Email and messaging services may process your contact information for communications;
19.1.6 AI and Machine Learning Providers: Third-party AI services may process data for KenganStudy features.
19.2 We carefully select third-party providers and require them to maintain appropriate data protection standards.
19.3 This Privacy Policy does not cover the practices of third-party services. We encourage you to review their privacy policies before using integrated services.
19.4 Mirai Stack is not responsible for the privacy practices or content of third-party websites linked from our Platforms.

20. BREACH NOTIFICATION PROCEDURES

20.1 Mirai Stack has implemented procedures to detect, assess, and respond to Personal Information security breaches.
20.2 In the event of a breach affecting your Personal Information:
20.2.1 We will take immediate steps to contain and remediate the breach;
20.2.2 We will assess the likelihood and severity of resulting harm to your rights and freedoms;
20.2.3 We will notify the Information Regulator without undue delay and, where feasible, within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to your rights;
20.2.4 We will notify you directly if the breach is likely to result in a high risk to your rights and freedoms, unless:
• Appropriate technical and organizational protection measures were applied to the affected Personal Information;
• Measures have been taken to ensure high risk is no longer likely to materialize;
• Individual notification would involve disproportionate effort, in which case public communication may be used.
20.3 Breach notifications will include:
• Description of the nature of the breach;
• Categories and approximate number of affected Data Subjects;
• Likely consequences of the breach;
• Measures taken or proposed to address the breach;
• Contact details for further information.
20.4 We maintain records of all Personal Information breaches, including facts, effects, and remedial actions taken.

21. CHANGES TO THIS PRIVACY POLICY

21.1 We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform features.
21.2 Changes will be effective immediately upon posting on our website, with the updated effective date.
21.3 Material changes that affect your rights or our processing activities will be notified to you via:
• Email to your registered email address;
• Prominent notice on our Platforms;
• Notification within the Platform interface.
21.4 We will provide at least 30 days' notice of material changes where required by law or where the changes significantly affect your privacy rights.
21.5 Your continued use of the Platforms after changes constitutes acceptance of the updated Privacy Policy.
21.6 If you do not agree with the changes, you should discontinue use of the Platforms and may request deletion of your Personal Information.

22. COMPLAINTS AND REGULATORY CONTACT

22.1 If you believe we have infringed your privacy rights or violated POPIA, you have the right to lodge a complaint.
22.2 Internal Complaint Process:
• Contact the Information Officer at info@miraistack.co.za;
• Provide details of your complaint, including relevant dates, incidents, and any supporting documentation;
• We will acknowledge receipt within 5 business days;
• We will investigate and respond within 30 days, or provide an interim response if more time is needed;
• We will take appropriate remedial action if your complaint is upheld.
22.3 Information Regulator: If you are not satisfied with our response, or if you prefer to complain directly to the regulatory authority, you may contact:
The Information Regulator (South Africa)
Physical Address: JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
Postal Address: P.O Box 31533, Braamfontein, Johannesburg, 2017
Email: inforeg@justice.gov.za
Website: www.justice.gov.za/inforeg
22.4 We cooperate fully with the Information Regulator in the investigation and resolution of complaints.

ACKNOWLEDGMENT
BY USING MIRAI STACK PLATFORMS AND SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY AND CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION AS DESCRIBED HEREIN.
Last Updated: March 2026

TABLE OF CONTENTS