Privacy policy

Effective Date: Nov 2025
Last Updated: Nov 2025

Automize RPA SaaS Platform
Capitol Hill Consulting (Pty) Ltd

1. INTRODUCTION

Welcome to Automize. Capitol Hill Consulting (Pty) Ltd ("we", "us", "our", or "Automize") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, store, and protect your information when you use our Robotic Process Automation (RPA) software-as-a-service platform.

Who We Are:

  • Company Name: Capitol Hill Consulting (Pty) Ltd
  • Trading As: Automize
  • Registration Number: 2019/050086/07
  • Registered Address: 4 Muller Street, Bethlehem, Free State, South Africa, 9701
  • Contact Email: privacy@automize.com
  • Website: https://automize.co.za/

Our Commitment: We comply with applicable data protection laws, including:

  • Protection of Personal Information Act (POPIA) - South Africa
  • General Data Protection Regulation (GDPR) - United Kingdom
  • UAE Data Protection Laws - United Arab Emirates

2. SCOPE AND APPLICATION

This Privacy Policy applies to:

  • Visitors to our website
  • Users of the Automize platform (web application and RPA bot software)
  • Clients and their authorized users
  • Third-party consultants using our platform
  • Anyone who contacts us for support or information

This Privacy Policy does NOT cover:

  • Data processed by our RPA bots on your behalf (you are the controller of that data)
  • Websites or services linked from our platform
  • Third-party consultants' own privacy practices with their clients

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

Account Information:

  • Name
  • Email address
  • Phone number
  • Company name and address
  • Job title
  • Billing information (credit card details are processed by our payment provider, not stored by us)

Process Data:

  • Workflow definitions and configurations you create
  • Screenshots captured during process recording (only if you enable this feature)
  • Process names and descriptions
  • Application and file references in your workflows

Communications:

  • Support ticket content
  • Email correspondence
  • Chat messages
  • Phone call records
  • Feedback and survey responses

Identity Verification:

  • Government-issued ID (only when required for data subject requests or high-security operations)

3.2 Information Collected Automatically

Usage Information:

  • Login dates and times
  • Features used
  • Process execution history
  • Clicks and interactions within the platform
  • Pages visited and time spent

Technical Information:

  • IP address
  • Browser type and version
  • Operating system
  • Device identifiers
  • Cookies and similar technologies

Performance Data:

  • Error logs
  • System performance metrics
  • API usage statistics

3.3 Information We Do NOT Collect

Important: We do NOT collect or store:

  • Transactional data processed by your RPA bots (this stays on your systems)
  • Personal data from files your bots process (unless captured in screenshots you enable)
  • Passwords you use in your automated processes (stored only in your device's native keychain)
  • Content of documents your bots work with

4. HOW WE USE YOUR INFORMATION

We process your information based on the following legal grounds:

Contract Performance:

  • Providing Automize services you've subscribed to
  • Managing your account
  • Processing payments
  • Delivering customer support

Legitimate Interests:

  • Improving our platform and services
  • Security monitoring and fraud prevention
  • Analytics and performance optimization
  • Marketing (with opt-out option)

Consent:

  • Marketing communications (where required by law)
  • Non-essential cookies
  • Optional features like screenshot capture

Legal Obligation:

  • Complying with tax and accounting requirements
  • Responding to legal requests
  • Regulatory reporting

4.2 Specific Uses

To Provide Services:

  • Create and manage your account
  • Enable RPA bot functionality
  • Store and execute your process definitions
  • Provide technical support
  • Process billing and payments

To Improve Services:

  • Analyze usage patterns
  • Identify and fix bugs
  • Develop new features
  • Optimize performance
  • Conduct research and analytics

To Communicate:

  • Send service updates and notifications
  • Respond to inquiries
  • Provide customer support
  • Send security alerts
  • Marketing (with your consent)

To Ensure Security:

  • Detect and prevent fraud
  • Monitor for security threats
  • Investigate security incidents
  • Enforce our terms of service

5. DATA SHARING AND DISCLOSURE

5.1 We Share Information With:

Service Providers (Sub-processors):

  • Amazon Web Services (AWS): Cloud hosting and infrastructure (Data location: Ireland)
  • Payment Processors: Processing subscription payments (we do not store full credit card details)
  • Email Service Providers: Sending service communications
  • Support Tools: Managing customer support tickets

All sub-processors are contractually bound to protect your data and use it only for specified purposes.

Third-Party Consultants: If you are serviced by an independent consultant using Automize, they have access only to their own client data (yours), not other users' data.

5.2 We Do NOT:

  • Sell your personal information to anyone
  • Share your data for third-party marketing purposes
  • Provide access to your process data to other clients or consultants
  • Use your data for purposes unrelated to providing services

We may disclose information when required by law:

  • In response to court orders or subpoenas
  • To comply with legal obligations
  • To protect our rights or property
  • To prevent fraud or security threats
  • In connection with business transactions (merger, acquisition)

In such cases, we will notify you unless legally prohibited.

6. DATA STORAGE AND SECURITY

6.1 Where We Store Your Data

Cloud Infrastructure:

  • Primary storage: AWS data centers in Ireland
  • Backup storage: AWS secondary region for disaster recovery
  • Your data does not leave our controlled infrastructure except for sub-processors listed above

Client-Side Storage:

  • RPA bot log files are stored on your own PCs/virtual desktops
  • Passwords are stored in your device's native keychain (Windows Credential Manager, macOS Keychain)
  • You control and are responsible for security of client-side data

International Transfers: If your data is transferred internationally, we use appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by EU Commission
  • Adequate security measures equivalent to GDPR/POPIA requirements

6.2 How We Protect Your Data

Technical Security Measures:

  • Encryption in transit (TLS 1.2 or higher)
  • Encryption at rest (AES-256)
  • Secure password storage (hashed and salted)
  • Regular security updates and patches
  • Automated daily backups
  • Firewall and intrusion detection
  • Access controls and authentication

Organizational Security Measures:

  • Limited access to data (need-to-know basis)
  • Confidentiality agreements for all personnel
  • Regular security training
  • Incident response procedures
  • Vendor security assessments
  • Security policy enforcement

Your Responsibilities:

  • Use strong, unique passwords
  • Do not share login credentials
  • Enable multi-factor authentication (when available)
  • Secure your own devices and networks
  • Report security concerns immediately

6.3 Data Retention

We retain your data for:

Data Type Retention Period Reason
Account data Duration of service + 30 days Contract fulfillment
Process definitions Until you delete them Service provision
Billing records 7 years Legal/tax requirements
Support tickets 3 years Service improvement
System logs 90 days Security monitoring
Marketing data Until you opt-out Consent-based

Upon Service Cancellation:

  • You have 30 days to export your data
  • After 30 days, we delete all your data except billing records
  • Backups are purged within 30 days
  • We provide written confirmation of deletion upon request

7. YOUR RIGHTS AND CHOICES

7.1 Your Data Protection Rights

Under GDPR, POPIA, and UAE data protection laws, you have the right to:

Right to Access:

  • Request a copy of your personal information
  • Know how we're using your data
  • Receive information about our processing activities

Right to Rectification:

  • Correct inaccurate information
  • Complete incomplete information

Right to Erasure ("Right to be Forgotten"):

  • Request deletion of your personal information
  • Subject to legal retention requirements

Right to Restriction:

  • Limit how we process your data in certain circumstances
  • Object to processing based on legitimate interests

Right to Data Portability:

  • Receive your data in machine-readable format (JSON, CSV)
  • Transfer your data to another service provider

Right to Object:

  • Object to processing for direct marketing
  • Object to automated decision-making
  • Object to processing based on legitimate interests

Right to Withdraw Consent:

  • Withdraw consent at any time (where consent is the legal basis)
  • Does not affect lawfulness of prior processing

Right to Lodge a Complaint:

  • File a complaint with supervisory authorities (contact info below)

7.2 How to Exercise Your Rights

To exercise any of these rights:

  1. Email: privacy@automize.com
  2. Subject line: "Data Subject Request - [Your Right]"
  3. Include: Your name, email, and specific request
  4. Verification: We may ask for ID to verify your identity

Response Time: We will respond within 30 days (may be extended by 2 months for complex requests).

No Fee: Exercising your rights is generally free, unless requests are manifestly unfounded or excessive.

7.3 Account Management

You can directly:

  • Update account information in your profile settings
  • Delete processes and screenshots at any time
  • Export your data in JSON or CSV format
  • Cancel your subscription (30-day data export window applies)

7.4 Marketing Communications

Opt-out options:

  • Click "unsubscribe" in marketing emails
  • Email: privacy@automize.com with "Unsubscribe" in subject
  • Adjust preferences in your account settings

Note: You cannot opt-out of essential service communications (security alerts, billing notifications, terms updates).

8. COOKIES AND TRACKING

8.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our services.

8.2 Types of Cookies We Use

Essential Cookies (Required):

  • Authentication and session management
  • Security features
  • Load balancing
  • These cannot be disabled without affecting functionality

Functional Cookies (Optional):

  • Remember your preferences
  • Language settings
  • UI customization

Analytics Cookies (Optional):

  • Understand how you use the platform
  • Improve user experience
  • Identify performance issues

We do NOT use:

  • Third-party advertising cookies
  • Cross-site tracking cookies
  • Social media tracking pixels

8.3 Managing Cookies

Browser Settings: You can control cookies through your browser settings. Note that blocking essential cookies will prevent you from using the platform.

Our Cookie Preference Tool: You can manage optional cookies through our cookie preference center.

Do Not Track: We respect "Do Not Track" signals where technically feasible.

9. CHILDREN'S PRIVACY

Automize is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

If you believe we have inadvertently collected information from a child:

  • Contact us immediately at privacy@automize.com
  • We will delete the information promptly

10. CHANGES TO THIS PRIVACY POLICY

10.1 Updates

We may update this Privacy Policy to reflect:

  • Changes in laws or regulations
  • New features or services
  • Improvements to our practices

10.2 Notification

Material Changes:

  • Email notification to registered users
  • Prominent notice on our website
  • 30 days' notice before changes take effect

Minor Changes:

  • Updated "Last Updated" date
  • Notification via platform

10.3 Your Options

If you disagree with changes:

  • You may terminate your account
  • You have 30 days to export your data
  • Continued use constitutes acceptance

11. THIRD-PARTY CONSULTANTS

11.1 If You Use a Consultant

If an independent consultant provides RPA services to you using Automize:

Your Relationship:

  • The consultant is your service provider
  • You should have a separate agreement with them
  • They determine how your data is processed

Our Role:

  • We provide the platform infrastructure
  • We process data on the consultant's instructions
  • We maintain platform security and compliance

Data Access:

  • The consultant has access to data they create for you
  • They cannot access other clients' data
  • We do not share your data with other consultants

Privacy Concerns:

  • Contact your consultant about their data practices
  • Contact us about platform security or our processing activities

11.2 If You Are a Consultant

If you use Automize to service your own clients:

Your Responsibilities:

  • You are the data controller for your clients' data
  • You must have Data Processing Agreements with your clients
  • You must comply with applicable data protection laws
  • You must provide privacy notices to your data subjects

Our Responsibilities:

  • We process data according to your instructions
  • We maintain platform security
  • We provide data processing terms in your service agreement

12. BUSINESS TRANSFERS

In the event of a merger, acquisition, reorganization, or sale of assets:

  • Your information may be transferred to the new entity
  • We will notify you before transfer
  • The new entity will be bound by this Privacy Policy
  • You will have the option to delete your account

13. CONTACT INFORMATION

13.1 Data Controller

Capitol Hill Consulting (Pty) Ltd

  • Email: privacy@automize.com
  • Address: 4 Muller Street, Bethlehem, Free State, South Africa, 9701
  • Phone: +27 82 884 5000

13.2 Data Protection Queries

For privacy questions or data subject requests:

  • Email: privacy@automize.com
  • Subject: "Privacy Inquiry" or "Data Subject Request"
  • Response time: 5 business days for inquiries, 30 days for formal requests

13.3 Security Concerns

To report security issues:

  • Email: security@automize.com
  • Subject: "Security Concern"
  • Response time: 24 hours for critical issues

14. SUPERVISORY AUTHORITIES

14.1 Your Right to Complain

If you're unhappy with how we handle your data, you have the right to lodge a complaint with the relevant supervisory authority.

14.2 Contact Information for Authorities

United Kingdom (GDPR): Information Commissioner's Office (ICO)

  • Website: https://ico.org.uk
  • Phone: 0303 123 1113
  • Email: casework@ico.org.uk
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

South Africa (POPIA): Information Regulator

United Arab Emirates: [Contact relevant emirate authority - e.g., Dubai International Financial Centre Data Protection Commissioner if applicable]

15. SPECIAL SITUATIONS

15.1 Remote Access by Automize

If you purchase managed services where we remotely access your systems:

  • We will access only authorized systems
  • We follow strict security protocols
  • All access is logged and auditable
  • We do not access your data beyond what's necessary for service delivery
  • Refer to our Remote Access Policy in your service agreement

15.2 Data Breaches

In the event of a data breach affecting your personal information:

  • We will notify you within 72 hours
  • We will explain what happened and what data was affected
  • We will tell you what steps we're taking
  • We will advise you on protective measures
  • We will notify relevant authorities as required by law

15.3 Law Enforcement Requests

If we receive a legal demand for your information:

  • We will notify you if legally permitted
  • We will challenge overbroad requests
  • We will provide only the minimum information required

16. YOUR CLIENT-SIDE DATA

16.1 Data That Stays On Your Systems

Important Clarification: The following data remains on your systems and is NOT stored on Automize servers:

  • Actual transactional data processed by RPA bots
  • Content of files your bots work with
  • Personal data from documents (unless captured in screenshots you enable)
  • Log files on your local machines

Your Responsibilities:

  • Secure your own PCs and virtual desktops
  • Control access to log files
  • Implement encryption where appropriate
  • Follow your own data protection policies
  • Train your staff on data handling

Our Guidance: We provide best practice recommendations for client-side security in our documentation.

16.2 Client-Side Logs

Log Files on Your Systems:

  • May contain sensitive data depending on your processes
  • Are your responsibility to secure and manage
  • Should be retained according to your policies
  • Should be encrypted where they contain personal data

Our Recommendations:

  • Review our Log Management Guide
  • Implement file access controls
  • Regular log rotation and cleanup
  • Include in your backup procedures

17. DATA PROTECTION IMPACT ASSESSMENTS

For high-risk processing activities, we conduct Data Protection Impact Assessments (DPIAs) to ensure adequate safeguards.

When we conduct DPIAs:

  • New features involving personal data
  • Changes to data processing activities
  • Use of new technologies
  • When required by law

Your DPIAs: If your use of Automize involves high-risk processing (large-scale processing of sensitive data, systematic monitoring, etc.), you may need to conduct your own DPIA. We will assist you with information about our processing activities.

18. AUTOMATED DECISION-MAKING

We do not use your personal information for:

  • Automated decision-making with legal or significant effects
  • Profiling that affects your rights
  • AI-driven decisions about your account

Any automated systems we use (e.g., fraud detection) include human oversight and you can request human review of decisions.

19. GLOSSARY

Personal Data / Personal Information: Any information relating to an identified or identifiable individual.

Processing: Any operation performed on personal data (collection, storage, use, disclosure, deletion, etc.).

Data Controller: The entity that determines the purposes and means of processing personal data.

Data Processor: The entity that processes personal data on behalf of the controller.

Data Subject: The individual to whom personal data relates.

Sub-processor: A third party engaged by the processor to process data.

RPA (Robotic Process Automation): Technology that uses software bots to automate repetitive tasks.

20. ADDITIONAL RESOURCES

Learn More:

  • Terms of Service: Terms of Service
  • Service Level Agreement: Available upon request
  • Security Whitepaper: Available upon request
  • Data Processing Agreement: Available upon request
  • Cookie Policy: Cookie Policy

Help Center:

  • FAQs: Available in Help
  • Documentation: Available in Help
  • Best Practices: Available in Help
  • Contact Support: support@automize.com

ACKNOWLEDGMENT

By using Automize, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.

Questions? Contact us at privacy@automize.com - we're here to help!

Document Version: 1.0
Effective Date: Nov 2025
Last Reviewed: Nov 2025
Next Review: Nov 2026