Privacy Policy
Molo Online (Pty) Ltd
Effective Date: 2025-02-10
Last Updated: 2026-02-29
Version: 3.0
1. Introduction
Molo Online (Pty) Ltd ("Molo", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services.
By using our services, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.
2. The Four-Party Model
Our services involve four distinct parties, each with different data responsibilities:
Molo (Platform Provider)
Data responsibilities:
- Secure storage and transmission of all data
- Encryption at rest and in transit
- Access controls and audit logging
- Processing deletion requests
- Breach notification to affected parties and regulators
- Orchestrating third-party data processors
Data Molo does NOT control:
- Accuracy of Company-provided content
- Accuracy of Staff profile information
- Content of End User uploaded files
- Third-party internal data processing
The Company (Molo's Client)
Data responsibilities:
- Accuracy of knowledge base content
- Managing Staff data access permissions
- Staff onboarding data setup
- Staff offboarding data removal
- Ensuring departed Staff profiles are removed promptly
- Compliance with industry-specific data regulations
Staff (Company's Employees)
Data responsibilities:
- Accuracy of their own profile information
- Consent decisions for public data display
- Keeping profile data current
- Requesting data updates or removal
- Notifying Company of data changes when leaving
Data rights:
- Explicit consent required before public display
- Full visibility of what data will be displayed
- Update data at any time
- Withdraw consent at any time
- Data removal within 48 hours of withdrawal
End User
Data responsibilities:
- Accuracy of information shared in conversations
- Content of files uploaded
- Verifying responses against source documents
Data rights:
- Transparency via KFT system
- Access to personal data held
- Correction of inaccurate data
- Deletion of chat history
- Withdrawal of consent
3. Information We Collect
Information You Provide Directly
- Contact Information: Name, email address, phone number
- Communication Data: Records of correspondence and chat conversations
- Uploaded Content: Documents or files you upload to our services
Information Collected Automatically
- Usage Data: How you interact with our platform, pages visited, features used
- Device Information: Browser type, IP address, device identifiers, operating system
- Location Data: General geographic location based on IP address
Google Analytics Tracking
We use Google Analytics, a web analytics service provided by Google LLC, to understand how visitors use our website.
What Google Analytics collects:
- Traffic Data: Number of visitors, page views, session duration, bounce rate
- Acquisition Data: How you arrived at our site (search engine, direct, referral)
- Behaviour Data: Pages viewed, click paths, interactions with site elements
- Demographics: General age range and interests (where available)
- Technology Data: Browser, device type, screen resolution, operating system
What Google Analytics does NOT collect:
- Your chat conversations
- Your uploaded files
- Staff profile information
Google Analytics uses cookies to collect this information. Data is processed by Google in accordance with Google's Privacy Policy (https://policies.google.com/privacy).
Your opt-out options:
- Install the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout)
- Manage or delete cookies through your browser settings
- Use browser privacy modes which limit tracking
We use Google Analytics data in aggregate form to improve our services, not to personally identify you.
Cookies and Similar Technologies
Our website uses cookies to:
- Ensure proper website functionality
- Remember your preferences and settings
- Analyse website traffic (via Google Analytics)
- Improve user experience
You can manage cookie preferences through your browser settings. Blocking cookies may affect website functionality.
4. Third-Party Data Processing
Our services use third-party providers to process data:
- Analytics Services: Google Analytics (website usage analysis)
- AI/LLM Providers: For generating AI responses
- File Processing Services: For extracting text from uploaded documents
- Cloud Infrastructure: For hosting and data storage
Each third-party operates according to its own data policies. Molo selects enterprise-grade providers but cannot control their internal data processing. No party in the four-party model is liable for third-party data handling.
5. Staff Profile Pages
When Companies deploy Molo, Staff members may create public profile pages. This section explains data handling specific to Staff.
What Data May Be Displayed
Staff profile pages may include:
- Full name
- Professional title or role
- Business email address
- Business phone number
- Profile photograph
- Professional biography
- Links to professional social media
We recommend Staff use business contact details rather than personal details.
Consent for Public Display
The Company is responsible for ensuring Staff consent is obtained. Molo provides the consent mechanism.
The consent process requires:
- Clear statement that data will be publicly visible
- Explicit list of which data will be displayed
- Active confirmation (no pre-ticked boxes)
- Timestamp recording of consent
- Information about withdrawal process
Staff Data Rights
Staff have the right to:
- Update: Modify profile data at any time
- Remove: Request removal from public display at any time
- Withdraw Consent: Revoke consent, with removal within 48 hours
- Access: Request a copy of all data held
To exercise these rights: Contact your Company administrator or email hello@molo.page
Security of Staff Profile Data
Understanding public vs. private data:
Once data is published on a public page with consent, it is intentionally accessible. This is different from private data in our systems.
For publicly displayed data, Molo implements:
- Rate limiting to slow automated scraping
- Bot detection to discourage harvesting
- Monitoring for unusual access patterns
- HTTPS encryption for all access
For database-stored profile data, Molo implements:
- Encryption at rest and in transit
- Access controls limiting who can modify records
- Regular security assessments
- Audit logging of all changes
Important: No system can prevent all misuse of publicly displayed data. By consenting to public display, Staff acknowledge their contact data may be viewed, copied, or used by third parties.
Data Responsibility Matrix for Staff Profiles
Molo is responsible for:
- Platform security
- Consent mechanism functionality
- Processing removal requests within 48 hours
- Breach notification
The Company is responsible for:
- Ensuring Staff consent is properly obtained
- Managing Staff access
- Removing departed Staff profiles promptly
- Staff data onboarding/offboarding procedures
Staff are responsible for:
- Accuracy of data they provide
- Keeping data current
- Notifying Company when leaving
- Deciding whether to consent
6. How We Use Data
We use data to:
- Provide, maintain, and improve our services
- Respond to inquiries and support requests
- Send relevant communications (with consent)
- Comply with legal obligations
- Analyse usage patterns (via Google Analytics and internal analytics)
- Protect against fraud and unauthorised access
- Display Staff profile pages (with explicit consent)
7. Data Sharing
Who We Share With:
- Service providers assisting our operations (cloud hosting, AI processing, analytics)
- Legal authorities when required by law
- Business partners only with explicit consent
What We Do NOT Do:
We do NOT sell personal information to third parties. This is a firm commitment.
8. Data Security
Molo implements security measures including:
- Encryption of data in transit and at rest
- Regular security assessments
- Access controls and multi-factor authentication
- Staff training on data protection
- Intrusion detection and monitoring
- Regular backup and disaster recovery
No system is 100% secure. If a breach occurs affecting your data, Molo will notify you and the Information Regulator as required by POPIA.
9. Your Rights Under POPIA
Under the Protection of Personal Information Act (POPIA), you have the right to:
- Access your personal information
- Request correction of inaccurate data
- Request deletion of your data
- Object to certain processing activities
- Data portability
- Withdraw consent at any time
- Lodge a complaint with the Information Regulator
To exercise these rights, contact our Information Officer at hello@molo.page.
10. Data Retention
We retain personal information only as long as necessary:
- Chat conversation logs: Per Company deployment configuration
- Staff profile data: Until consent is withdrawn or employment ends
- Analytics data: 26 months (Google Analytics default)
- Backup data: 90 days after primary deletion
You may request deletion at any time, subject to legal retention requirements.
11. Contact Information
Molo Online (Pty) Ltd
- Registration: 2018/378189/07
- Address: 15 Kromhout Road, Hartzenbergfontein, Gauteng, 1876
- General: hello@molo.page
- Information Officer: hello@molo.page
- Legal queries: pieter@molo.page
- Technical queries: garth@molo.page
- Website: molo.page
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted with an updated revision date. Continued use of our services after changes constitutes acceptance of the revised policy.