1. Introduction
This Privacy Policy explains how MindSpyr (Pty) Ltd ("MindSpyr", "we", "us", or "our"), a company incorporated in the Republic of South Africa, collects, uses, stores, and protects your personal information when you use Keen CX ("Keen", "the Platform").
Keen is a customer experience platform that enables frontline staff to capture customer sentiment, complete staff wellbeing check-ins, and provides managers with dashboards to surface patterns and insights. We are committed to protecting your privacy in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable data protection legislation.
2. Information We Collect
We collect the following categories of personal information:
- Account information: Name, email address, job title, role, and organisational affiliation, as provided by you or your employer during account setup.
- Mood and sentiment data: Customer sentiment ratings captured by staff via one-tap mood icons after interactions, and staff mood check-in responses submitted at regular intervals.
- Interaction metadata: Timestamps, interaction counts, and contextual tags associated with sentiment captures.
- SOS and alert data: Records of SOS button activations and related alert information used to coordinate immediate support.
- Device and technical information: Browser type, operating system, IP address, device identifiers, and access logs collected automatically when you use the Platform.
- Usage data: Feature usage patterns, session durations, and navigation data used to improve the Platform.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: To operate the Platform, including sentiment capture, mood check-ins, SOS alerts, and dashboard reporting.
- Analytics and insights: To aggregate and analyse sentiment and mood data, identify patterns and trends, and generate reports for your organisation's managers and administrators.
- Correlation analysis: To correlate staff mood data with customer sentiment outcomes, helping organisations understand the relationship between team wellbeing and customer experience.
- Alerts and notifications: To trigger real-time alerts for SOS requests, sentiment anomalies, and other configurable thresholds.
- Platform improvement: To understand how the Platform is used and to improve features, performance, and reliability.
- Communication: To send service-related notifications, updates, and support correspondence.
4. Legal Basis for Processing
Under POPIA, we process your personal information on the following lawful grounds:
- Contractual necessity: Processing is necessary to fulfil our obligations under the service agreement between MindSpyr and your employer or organisation.
- Legitimate interest: Processing is necessary for the legitimate interests of your organisation in understanding and improving customer experience and staff wellbeing, provided these interests are not overridden by your rights.
- Consent: Where required, we obtain your explicit consent before processing personal information, particularly for mood check-in data and sentiment captures. You may withdraw consent at any time.
- Legal obligation: Processing may be necessary to comply with applicable laws and regulations.
5. Data Sharing
Your personal information is shared only in the following circumstances:
- Your employer or organisation: Sentiment data, mood check-in data, and aggregated analytics are shared with the organisation that subscribes to Keen. Managers and administrators within your organisation may access dashboards, reports, and alerts in accordance with their assigned permissions.
- Service providers: We may engage trusted third-party service providers (such as cloud hosting and infrastructure providers) who process data on our behalf, subject to strict data processing agreements.
- Legal requirements: We may disclose personal information where required by law, regulation, or court order.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
6. Data Retention
We retain your personal information for as long as your organisation's Keen account remains active, or as needed to provide the Platform services. Specific retention periods may be configured by your organisation in accordance with their data governance policies.
Upon account termination or at your organisation's request, we will delete or anonymise your personal information within a reasonable period, unless we are required by law to retain it for longer.
7. Your Rights Under POPIA
As a data subject under POPIA, you have the following rights:
- Right of access: You may request confirmation of whether we hold your personal information and request a copy of it.
- Right to correction: You may request that we correct or update inaccurate or incomplete personal information.
- Right to deletion: You may request the deletion of your personal information, subject to legal and contractual obligations.
- Right to object: You may object to the processing of your personal information on grounds of legitimate interest.
- Right to data portability: You may request that your personal information be provided in a structured, commonly used, and machine-readable format.
- Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
- Right to lodge a complaint: You may lodge a complaint with the Information Regulator of South Africa if you believe your rights have been infringed.
To exercise any of these rights, please contact our Information Officer at privacy@keen.cx.
8. Information Officer
MindSpyr has appointed an Information Officer in compliance with POPIA. For any privacy-related queries, requests, or complaints, please contact:
- Email: privacy@keen.cx
- Entity: MindSpyr (Pty) Ltd
- Jurisdiction: Republic of South Africa
9. Data Security
We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, loss, destruction, or alteration. These measures include:
- Encryption of data in transit (TLS) and at rest.
- Role-based access controls to limit data access to authorised personnel.
- Regular security assessments and monitoring.
- Secure cloud infrastructure with industry-standard certifications.
- Incident response procedures for prompt detection and handling of data breaches.
While we take reasonable steps to protect your information, no method of electronic transmission or storage is completely secure. We encourage you to use strong passwords and to keep your login credentials confidential.
10. Cookies and Tracking
Keen uses only minimal, functional cookies that are strictly necessary for the operation of the Platform. These include:
- Session cookies to maintain your authenticated session.
- Preference cookies to remember your settings and configuration.
We do not use third-party tracking cookies, advertising cookies, or analytics trackers that profile your behaviour across other websites.
11. International Data Transfers
Your personal information may be processed and stored on servers located outside of the Republic of South Africa. Where such transfers occur, we ensure that adequate safeguards are in place in accordance with POPIA Section 72, including:
- Transfers to jurisdictions with adequate levels of data protection.
- Binding contractual agreements with data processors that enforce equivalent protection standards.
- Consent from the data subject, where applicable.
12. Children's Privacy
Keen is not directed at children under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform features. When we make material changes, we will notify affected users through the Platform or via email. The "Effective date" at the top of this page indicates when the policy was last revised.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: privacy@keen.cx
- Entity: MindSpyr (Pty) Ltd
- Country: Republic of South Africa