Privacy Policy

Molo Online (Pty) Ltd

Effective Date: 2025-02-10
Last Updated: 2026-02-29
Version: 3.0

1. Introduction

Molo Online (Pty) Ltd ("Molo", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services.

By using our services, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

2. The Four-Party Model

Our services involve four distinct parties, each with different data responsibilities:

Molo (Platform Provider)

Data responsibilities:

• Secure storage and transmission of all data
• Encryption at rest and in transit
• Access controls and audit logging
• Processing deletion requests
• Breach notification to affected parties and regulators
• Orchestrating third-party data processors

Data Molo does NOT control:

• Accuracy of Company-provided content
• Accuracy of Staff profile information
• Content of End User uploaded files
• Third-party internal data processing

The Company (Molo's Client)

Data responsibilities:

• Accuracy of knowledge base content
• Managing Staff data access permissions
• Staff onboarding data setup
• Staff offboarding data removal
• Ensuring departed Staff profiles are removed promptly
• Compliance with industry-specific data regulations

Staff (Company's Employees)

Data responsibilities:

• Accuracy of their own profile information
• Consent decisions for public data display
• Keeping profile data current
• Requesting data updates or removal
• Notifying Company of data changes when leaving

Data rights:

• Explicit consent required before public display
• Full visibility of what data will be displayed
• Update data at any time
• Withdraw consent at any time
• Data removal within 48 hours of withdrawal

End User

Data responsibilities:

• Accuracy of information shared in conversations
• Content of files uploaded
• Verifying responses against source documents

Data rights:

• Transparency via KFT system
• Access to personal data held
• Correction of inaccurate data
• Deletion of chat history
• Withdrawal of consent

3. Information We Collect

Information You Provide Directly

• Contact Information: Name, email address, phone number
• Communication Data: Records of correspondence and chat conversations
• Uploaded Content: Documents or files you upload to our services

Information Collected Automatically

• Usage Data: How you interact with our platform, pages visited, features used
• Device Information: Browser type, IP address, device identifiers, operating system
• Location Data: General geographic location based on IP address

Google Analytics Tracking

We use Google Analytics, a web analytics service provided by Google LLC, to understand how visitors use our website.

What Google Analytics collects:

• Traffic Data: Number of visitors, page views, session duration, bounce rate
• Acquisition Data: How you arrived at our site (search engine, direct, referral)
• Behaviour Data: Pages viewed, click paths, interactions with site elements
• Demographics: General age range and interests (where available)
• Technology Data: Browser, device type, screen resolution, operating system

What Google Analytics does NOT collect:

• Your chat conversations
• Your uploaded files
• Staff profile information

Google Analytics uses cookies to collect this information. Data is processed by Google in accordance with Google's Privacy Policy (https://policies.google.com/privacy).

Your opt-out options:

• Install the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout)
• Manage or delete cookies through your browser settings
• Use browser privacy modes which limit tracking

We use Google Analytics data in aggregate form to improve our services, not to personally identify you.

Cookies and Similar Technologies

Our website uses cookies to:

• Ensure proper website functionality
• Remember your preferences and settings
• Analyse website traffic (via Google Analytics)
• Improve user experience

You can manage cookie preferences through your browser settings. Blocking cookies may affect website functionality.

4. Third-Party Data Processing

Our services use third-party providers to process data:

• Analytics Services: Google Analytics (website usage analysis)
• AI/LLM Providers: For generating AI responses
• File Processing Services: For extracting text from uploaded documents
• Cloud Infrastructure: For hosting and data storage

Each third-party operates according to its own data policies. Molo selects enterprise-grade providers but cannot control their internal data processing. No party in the four-party model is liable for third-party data handling.

5. Staff Profile Pages

When Companies deploy Molo, Staff members may create public profile pages. This section explains data handling specific to Staff.

What Data May Be Displayed

Staff profile pages may include:

• Full name
• Professional title or role
• Business email address
• Business phone number
• Profile photograph
• Professional biography
• Links to professional social media

We recommend Staff use business contact details rather than personal details.

Consent for Public Display

The Company is responsible for ensuring Staff consent is obtained. Molo provides the consent mechanism.

The consent process requires:

• Clear statement that data will be publicly visible
• Explicit list of which data will be displayed
• Active confirmation (no pre-ticked boxes)
• Timestamp recording of consent
• Information about withdrawal process

Staff Data Rights

Staff have the right to:

• Update: Modify profile data at any time
• Remove: Request removal from public display at any time
• Withdraw Consent: Revoke consent, with removal within 48 hours
• Access: Request a copy of all data held

To exercise these rights: Contact your Company administrator or email hello@molo.page

Security of Staff Profile Data

Understanding public vs. private data:

Once data is published on a public page with consent, it is intentionally accessible. This is different from private data in our systems.

For publicly displayed data, Molo implements:

• Rate limiting to slow automated scraping
• Bot detection to discourage harvesting
• Monitoring for unusual access patterns
• HTTPS encryption for all access

For database-stored profile data, Molo implements:

• Encryption at rest and in transit
• Access controls limiting who can modify records
• Regular security assessments
• Audit logging of all changes

Important: No system can prevent all misuse of publicly displayed data. By consenting to public display, Staff acknowledge their contact data may be viewed, copied, or used by third parties.

Data Responsibility Matrix for Staff Profiles

Molo is responsible for:

• Platform security
• Consent mechanism functionality
• Processing removal requests within 48 hours
• Breach notification

The Company is responsible for:

• Ensuring Staff consent is properly obtained
• Managing Staff access
• Removing departed Staff profiles promptly
• Staff data onboarding/offboarding procedures

Staff are responsible for:

• Accuracy of data they provide
• Keeping data current
• Notifying Company when leaving
• Deciding whether to consent

6. How We Use Data

We use data to:

• Provide, maintain, and improve our services
• Respond to inquiries and support requests
• Send relevant communications (with consent)
• Comply with legal obligations
• Analyse usage patterns (via Google Analytics and internal analytics)
• Protect against fraud and unauthorised access
• Display Staff profile pages (with explicit consent)

7. Data Sharing

Who We Share With:

• Service providers assisting our operations (cloud hosting, AI processing, analytics)
• Legal authorities when required by law
• Business partners only with explicit consent

What We Do NOT Do:

We do NOT sell personal information to third parties. This is a firm commitment.

8. Data Security

Molo implements security measures including:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and multi-factor authentication
• Staff training on data protection
• Intrusion detection and monitoring
• Regular backup and disaster recovery

No system is 100% secure. If a breach occurs affecting your data, Molo will notify you and the Information Regulator as required by POPIA.

9. Your Rights Under POPIA

Under the Protection of Personal Information Act (POPIA), you have the right to:

• Access your personal information
• Request correction of inaccurate data
• Request deletion of your data
• Object to certain processing activities
• Data portability
• Withdraw consent at any time
• Lodge a complaint with the Information Regulator

To exercise these rights, contact our Information Officer at hello@molo.page.

10. Data Retention

We retain personal information only as long as necessary:

• Chat conversation logs: Per Company deployment configuration
• Staff profile data: Until consent is withdrawn or employment ends
• Analytics data: 26 months (Google Analytics default)
• Backup data: 90 days after primary deletion

You may request deletion at any time, subject to legal retention requirements.

11. Contact Information

Molo Online (Pty) Ltd

• Registration: 2018/378189/07
• Address: 15 Kromhout Road, Hartzenbergfontein, Gauteng, 1876
• General: hello@molo.page
• Information Officer: hello@molo.page
• Legal queries: pieter@molo.page
• Technical queries: garth@molo.page
• Website: molo.page

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted with an updated revision date. Continued use of our services after changes constitutes acceptance of the revised policy.