Your Data

We take privacy and data security very seriously at Fynbos. We don’t make our money through selling or sharing our user’s data and we don’t ever intend to.

We invest a lot of time and effort to protect our systems from compromise, but we know that no protection is 100% guaranteed.

For that reason, we have architected our systems so that even if we did have a breach the risk of our user’s data being compromised is almost zero because we store anything sensitive outside of our systems.

Data Security and Privacy Principals

Our basic principles concerning our user’s data are as follows:

  • Collect as little data as is needed.
  • Encrypt all data, both when it is being transmitted, and when it is being stored.
  • Data is only used to deliver a great service and ensure we are compliant with all relevant laws, it is never sold.
  • Data is only shared with partners we trust to enable them to deliver their services or meet their legal obligations.
  • If we have to share data with partners or regulators we will only share the minimum data required.

Data Capture

Data flow diagram of the data capture process at Fynbos

When we capture data from our users through our website it is encrypted and transmitted securely to our servers, hosted in South Africa, where we process it. If we need to store any data, we ensure that only the minimum data required, and never anything sensitive, is stored in our database.

All sensitive data about our users, including their ID numbers, full names, and bank details, are securely stored with our partner, Persona. Persona are global leaders in personal data protection. Collecting and protecting people’s data is their number one job so we trust them to do it for our users more than anyone else (including ourselves).

When our users complete their identity verification, they will interact with Persona’s website directly in which case, any data collected, such as images of government IDs or selfies, never even passes through Fynbos’s servers, it is collected directly by Persona.

You can read more about Persona’s data security and privacy policies on their website.

Data Usage

A flow diagram showing data usage within Fynbos

We often need to use data we have stored previously, either to display to users in our app, to process internally, or to send to our partners so they can deliver the services we need from them.

These partners include our payments processor, Precium, and our fund administration partner, Automated Outsourcing Services (AOS).

When we need to set up new debit order mandates or process a debit order we will pass our user’s name and bank details to Precium so they are able to do this on our behalf through their bank partner, Standard Bank.

When we are managing investments on behalf of our users we will send instructions to AOS with the user’s name and the details of what investments to make.

The data we store at Persona can be accessed by our compliance partners, Masthead.

Masthead is an FSCA-approved compliance practice and is the registered compliance officer for Life Current the Category I licensed Financial Service Provider that Fynbos represents.

Part of Masthead’s job is to ensure that we are adhering to regulations defined in the Financial Intelligence Centre Act (FICA) by doing random audits of the identity verification we have performed on our users. To do this, Masthead’s staff have the ability to view a dashboard at Persona where they can see the details of the users that have completed identity verification and the outcome of the checks and verifications that were performed. All access to this dashboard is audited and it is not possible for Masthead to edit or download any of this data.