VerifySchool

POPIA Act — What This Means for You

Plain-language explainer, not the law itself

POPIA (the Protection of Personal Information Act) is South Africa's data protection law. It sets rules for how organisations like VerifySchool must collect, use, store, and protect your personal information. Here's what that means in practice for how we operate:

Our POPIA commitments

  • Purpose limitation: we only collect the information we actually need for the specific reason stated at the point of collection (e.g., your enquiry message goes to the institution you're contacting, nothing more).
  • Data minimisation: our core product — verification search — needs zero personal information from you, by design.
  • Security safeguards: personal data (enquiries, reports, account credentials) is stored using industry-standard encryption and access controls, with row-level access restrictions so information is only visible to the parties who genuinely need it (e.g., an institution can only see enquiries sent to them, never another institution's).
  • Accountability: we maintain audit trails for actions taken on sensitive data (such as changes to an institution's verification status), so decisions are traceable, not silent.
  • Cross-border consideration: as VerifySchool operates across Zimbabwe, South Africa, and Botswana, we handle data with POPIA's standards as our baseline, recognising this is currently our strictest applicable framework.

Who regulates this

POPIA compliance in South Africa is overseen by the Information Regulator (South Africa). If you believe we have not handled your information appropriately, you may lodge a complaint with us directly first (see Log a Complaint), or escalate to the Information Regulator.