This policy applies to the Sticitt Android app and the broader Sticitt platform operated by Sticitt (Pty) Ltd.

In line with Section 24 of the Protection of Personal Information Act, 2013 (POPIA), you have the right to request the correction or deletion of personal information that Sticitt holds about you. As a regulated Fintech and Accountable Institution under South African financial law, certain records must be retained for a statutory period before they can be destroyed — these are detailed below.

How to submit a request

 1. Download and complete the Sticitt Data Deletion & Correction Form.
 2. Attach a copy of your South African ID or passport (and company registration documents if you are requesting on behalf of a business) so we can verify your identity.
 3. Email the completed form and supporting documents to compliance@sticitt.co.za with the subject line "Account Deletion Request".
 4. Sticitt's Information Officer will acknowledge your request within 7 business days and action it within 30 days of identity verification.

Information Officer: Mitch Dart
Compliance Officer: Marizanne Fourie

What we delete on request

Once your identity is verified, and provided the data is not subject to a statutory retention obligation, we will delete:

 - Profile information: name, surname, cellphone number, email address, residential address
 - Authentication credentials and active sessions
 - Push notification tokens and device identifiers
 - Marketing preferences and product analytics identifiers
 - Any other personal information not covered by the retention obligations below

What we are required to retain

As an Accountable Institution under South African law, Sticitt must retain certain records for statutory periods even if a deletion request is received:

 - Financial Intelligence Centre Act (FICA) — 5 years, from the date of account closure or the conclusion of a single transaction. Covers KYC documents (ID/passport/proof of address), beneficial ownership details, and related business correspondence.
 - Tax Administration Act (SARS) — 5 years, from the date the tax return is submitted for the period in which the transaction occurred. Covers transaction history, invoices, and ledger entries.
 - Companies Act — 7 years. Covers formal business agreements, financial statements, and board-level communications.

How your data is handled during the retention period

If you submit a deletion request while your data is still within a mandatory retention window:

 - Restriction of processing: your data is frozen — removed from active use and from marketing lists.
 - Secure archive: the data is moved to an encrypted archive accessible only to the Compliance and Legal teams for audit purposes.
 - Automatic purge: once the statutory retention period expires, the records are automatically and permanently destroyed.

Questions

For questions about this policy or the data Sticitt holds about you, contact our Compliance team at compliance@sticitt.co.za.

For our full data handling practices, see the Sticitt Privacy Policy.

‍