Privacy Policy & POPIA Notice

The responsible party for purposes of POPIA is Roar Exclamation (Pty) Ltd, a private company registered in South Africa. Our Information Officer is responsible for ensuring compliance with POPIA and can be reached at privacy@roarexclamation.com.

We collect personal information that you voluntarily provide when you:

• Complete our Strategy Session request form (name, email address, company name, business stage, cloud spend range, team size, and biggest technology challenge).
• Request our Cloud FinOps ROI Audit tool (email address and cloud spend inputs).
• Contact us directly by email or social media (any information contained in your correspondence).

We also automatically collect limited technical information via cookies and analytics tools (Google Tag Manager, Google Analytics/Ads) including your IP address, browser type, pages visited, and session duration. This information is used in aggregate and is not linked to your identity without your consent.

We process personal information for the following purposes, as required by POPIA section 13:

• To respond to enquiries — Scheduling strategy sessions and responding to service enquiries.
• To deliver services — Onboarding and fulfilling contracted engagements (Fractional CTO, Cloud FinOps, Agentic Compliance, Technical Orchestration).
• Legitimate business interest — Improving our website, analysing service demand, and communicating relevant updates to existing clients.
• Compliance with legal obligations — Meeting our obligations under South African law (POPIA, Companies Act, etc.).

We will not use your personal information for any purpose other than those listed above, or for which you have provided separate consent.

We rely on the following grounds for processing personal information under POPIA:

• Your consent — where you have actively ticked the consent checkbox on our forms.
• Contractual necessity — where processing is required to perform a contract with you or take steps at your request prior to entering a contract.
• Legitimate interests — where our legitimate interests (or those of a third party) override your privacy interests, such as website security and analytics.
• Legal obligation — where processing is required by applicable South African law.

We share personal information only where necessary:

• Automation and CRM workflows — We use n8n (self-hosted workflow automation) to route enquiries. Data is processed on servers hosted within the EU under appropriate safeguards.
• Cloud infrastructure — Our website is hosted on Cloudflare's edge network. Cloudflare processes minimal technical data as a data processor on our behalf.
• Analytics — Google Analytics and Google Ads receive anonymised usage data subject to your cookie preferences.
• Legal and regulatory — We may disclose information where required by law, court order, or to protect our legal rights.

We do not sell, rent, or trade personal information to third parties for marketing purposes.

Where personal information is transferred outside the Republic of South Africa (for example, to cloud service providers or workflow automation tools operating in the EU), we ensure that adequate safeguards are in place in accordance with POPIA section 72. This includes reliance on standard contractual clauses, adequacy decisions, or equivalent mechanisms.

We retain personal information only for as long as necessary to fulfil the purpose for which it was collected, or as required by law:

• Strategy session enquiries and pre-sales contact data: up to 24 months from last interaction.
• Active client engagement data: duration of engagement plus 5 years (for tax and contractual record-keeping).
• Website analytics: as per Google Analytics' default retention settings (14 months).

Once the retention period expires, personal information is securely deleted or anonymised.

Our website uses cookies and similar tracking technologies for the following purposes:

• Strictly necessary — Essential for the website to function.
• Analytics — Google Analytics (GA4) to understand how visitors use our site.
• Advertising — Google Ads conversion tracking to measure the effectiveness of paid campaigns.

By continuing to browse our site you consent to our use of non-essential cookies. You can withdraw consent at any time by clearing your browser cookies.

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, disclosure, alteration, or destruction. These include TLS encryption in transit, access controls, and periodic security reviews. Despite these measures, no internet transmission is completely secure, and we cannot guarantee absolute security.

Under POPIA, you have the following rights regarding your personal information:

• Right of access — Request a copy of the personal information we hold about you.
• Right to correction — Request correction of inaccurate or incomplete personal information.
• Right to deletion — Request deletion of your personal information (subject to legal retention requirements).
• Right to object — Object to the processing of your personal information on grounds of legitimate interests.
• Right to withdraw consent — Withdraw any consent previously given at any time.
• Right to lodge a complaint — Lodge a complaint with the Information Regulator of South Africa at inforegulator@justice.gov.za.

To exercise any of these rights, use the POPIA Data Subject Request form below. We will respond within 30 days of receiving a valid request, in accordance with POPIA.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated to active clients by email. The date at the top of this page indicates when the Policy was last revised.

For any privacy-related queries or to exercise your rights, contact our Information Officer:

Roar Exclamation (Pty) Ltd
Email: privacy@roarexclamation.com