Last updated: 12 March 2026
AmbitX.ai (Pty) Ltd is committed to full compliance with the Protection of Personal Information Act, 2013 (Act 4 of 2013) ("POPIA"). This page describes how Conversio meets each of the eight conditions for lawful processing as defined in Chapter 3 of POPIA, and outlines your rights as a data subject.
POPIA is not an afterthought for Conversio — it is embedded in our architecture. Every database table enforces Row Level Security. Every contact interaction records consent. Every data flow is audited. We believe that respecting the privacy of your contacts is not just a legal requirement, but a competitive advantage.
AmbitX.ai has appointed an Information Officer who is responsible for ensuring compliance with POPIA across all our products, including Conversio. We maintain internal policies, conduct regular compliance reviews, and ensure all staff who handle personal information are trained in data protection principles. Our Information Officer can be reached at privacy@ambitx.ai.
We collect only the personal information that is necessary to provide the Conversio service. Contact data (names, phone numbers, emails) is collected because it is essential for lead management and WhatsApp messaging. We do not collect sensitive personal information such as race, health data, or political opinions. All processing is based on a lawful ground: contractual necessity, legitimate interest, or explicit consent.
Personal information is collected for clearly defined purposes: CRM functionality, lead qualification, message delivery, sales pipeline management, and billing. These purposes are communicated to data subjects through our Privacy Policy at the point of data collection. Data is not retained longer than necessary to fulfil these purposes.
We do not use personal information for purposes beyond those for which it was originally collected, unless we obtain additional consent from the data subject. We do not sell, rent, or share personal information with third parties for their marketing purposes. If we ever need to process data for a new purpose, we will seek explicit consent before doing so.
We take reasonable steps to ensure that personal information is complete, accurate, and not misleading. Users can view and correct contact information directly within the Conversio dashboard. Data subjects can request corrections by contacting us at privacy@ambitx.ai. We process correction requests within 30 days.
We are transparent about our data processing practices. This POPIA Compliance page, our Privacy Policy, and our Cookie Policy are publicly accessible and written in plain language. We have registered with the Information Regulator as required by POPIA Section 55.
We implement appropriate technical and organisational measures to protect personal information against loss, damage, unauthorised access, or unlawful processing:
Data subjects have the right to access, correct, and delete their personal information. These rights can be exercised by contacting our Information Officer at privacy@ambitx.ai. We respond to all requests within 30 days. We also provide data export functionality so that data subjects can receive their information in a structured, machine-readable format.
Conversio tracks consent at every stage of the customer journey:
We provide multiple ways for contacts to opt out of communications:
Opt-out requests are processed immediately. No further messages will be sent to an opted-out contact unless they explicitly opt back in.
Any data subject may submit a request to access, correct, or delete their personal information. The process is as follows:
There is no fee for submitting a DSAR. We may charge a reasonable fee only if requests are manifestly unfounded or excessive, as permitted by POPIA.
In accordance with POPIA Section 22, in the event of a data breach that compromises personal information, we will:
If you are not satisfied with our response to a privacy-related query or request, you have the right to lodge a complaint with the Information Regulator of South Africa: