01About this policy
This Privacy Policy explains how Instant Fund ("we", "us", "our") collects, uses, stores and shares your personal information when you use the website at www.instantfund.co.za and our loan-matching service ("the Service").
We have written it to satisfy Section 18 of the Protection of Personal Information Act 4 of 2013 ("POPIA"), which is the law that gives you the right to know how your information is being handled by South African businesses.
It sits alongside our Terms of Use. The Terms set out the rules for using the Service. This policy tells you what we do with the data you give us when you do.
If anything in this policy is unclear, please contact our Information Officer using the details in section 02 or section 15.
02Who we are & Information Officer
Instant Fund is the operating brand of an independent online loan-matching and comparison service in South Africa. We are the responsible party as defined in POPIA. Our head office is in Sandton, Johannesburg.
We have appointed an Information Officer who is responsible for our POPIA compliance and who is your point of contact for any privacy question, access request, correction request or complaint.
- Information Officer
- [NAME TO BE INSERTED ONCE REGISTERED]
- [email protected]
- Phone
- 0860 INSTANT (0860 467 826), Mon–Fri 8am–6pm
- Postal address
- Information Officer, Instant Fund, Sandton City, Sandton 2196, Johannesburg, ZA
- Regulator registration
- Registered with the Information Regulator of South Africa (inforegulator.org.za)
03What information we collect
We collect three categories of information from you. The table below covers what we collect and where it comes from.
| Category | What we collect |
|---|---|
| Identity & contact | Full name, South African ID number, date of birth, residential address, email address, cellphone number. |
| Financial & employment | Employment status, employer name, monthly income, payslip information, bank account details (account number, branch code, bank name), copies of recent bank statements. |
| Application context | The loan amount and term you are requesting, the date and time you applied, the form version you submitted, the consent checkboxes you ticked. |
| Uploaded documents | Copies of your SA ID (book or card), recent payslips or three months of bank statements, and a bank-stamped account confirmation if you supply one. |
| Verification information | Results from identity verification and fraud-screening checks run by our verification providers against the details you submit. |
| Technical information | IP address, browser type and version, device type, operating system, pages visited, referring URL, and timestamps. Collected automatically when you use the website. |
| Communications | Any correspondence you send to us (email, contact form, WhatsApp, phone calls), and any notes our team makes when responding. |
We do not knowingly collect special personal information as defined in POPIA (such as health, religious belief, race, political views). If any such information is contained in a document you upload — for example, on a bank statement — we treat it as ordinary supporting evidence and do not process it for any other purpose.
04Why we collect it
We collect your information for specific, named purposes. We do not use it for anything else without coming back to you first.
- To match you with a lender. We share your application with a panel of South African credit providers, registered with the National Credit Regulator (NCR), so that one or more of them can decide whether to offer you a loan.
- To verify your identity and screen for fraud. We run your details through identity verification and fraud-screening providers to confirm you are who you say you are and that the application is not fraudulent.
- To improve the Service. We use anonymous and aggregated technical information to understand how the website is being used and to fix problems.
- To communicate with you. We send you transactional emails and SMSes about your application (received, in review, offer available, declined). We also reply to anything you write to us.
- To meet our legal obligations. We retain records to satisfy POPIA, anti-money-laundering law (FICA), tax law, and to respond to lawful requests from regulators or courts.
- To prevent and investigate fraud. Where we suspect a fraudulent application, we may share details with the South African Fraud Prevention Service (SAFPS) and, where appropriate, the South African Police Service.
05Our lawful basis for processing
POPIA requires us to have a lawful basis for every processing activity. We rely on the following, depending on the purpose:
- Your consent (Section 11(1)(a)). When you tick the consent box at the end of the application form, you consent to your information being shared with our panel of NCR-registered lenders for the purpose of considering your application. We log the consent, the timestamp and the form version against your record.
- Necessary to conclude or perform a contract (Section 11(1)(b)). Processing your information is necessary to perform the matching service you have asked us to perform.
- Compliance with a legal obligation (Section 11(1)(c)). Retention periods, fraud reporting and responses to lawful requests rely on this basis.
- Legitimate interest (Section 11(1)(f)). Fraud prevention, security monitoring, and limited record-keeping after a declined application rely on legitimate interest. We have balanced this against your privacy and limited the processing accordingly.
You can withdraw your consent at any time by emailing [email protected]. Withdrawal does not affect processing that already happened lawfully — for example, if a lender has already approved your application and paid out funds, that loan agreement is between you and that lender and continues to be governed by it.
07Cross-border data transfers
Some of the service providers we use are based outside South Africa or process data in data centres outside South Africa. Where that is the case, Section 72 of POPIA requires us to ensure your information continues to receive an adequate level of protection.
We meet this obligation by contracting only with providers that are either (a) located in jurisdictions whose laws give effect to similar information-protection principles to POPIA, or (b) bound by written contracts that impose POPIA-equivalent obligations on them as our operators.
If you would like a current list of operators that process your information outside South Africa, and the jurisdictions involved, contact our Information Officer.
08How long we keep your information
We keep your information only for as long as we need it for the purpose we collected it. After that, we delete or anonymise it.
| Information type | Retention period |
|---|---|
| Applications that resulted in a signed loan | Kept for 5 years after the loan is settled, to comply with FICA and NCA record-keeping obligations. |
| Applications that were declined or abandoned | Kept for 12 months from the application date, then deleted. Aggregated, anonymised statistics may be retained longer. |
| Email and support correspondence | Kept for 3 years from the last reply, unless you ask us to delete it sooner. |
| Website analytics & technical logs | Identifiable logs kept for 30 days. Aggregated analytics kept indefinitely. |
| Consent records (timestamp, form version) | Kept for the life of the related application record, plus the regulatory retention period that applies to it. |
Retention is enforced by a scheduled deletion task that runs monthly. If you believe your information has been kept beyond these periods, please contact our Information Officer.
10How we keep your information safe
POPIA requires us to take "appropriate, reasonable technical and organisational measures" to keep your information safe. In practice that means:
- All traffic between your browser and our servers is encrypted using TLS (256-bit SSL).
- Sensitive fields are encrypted at rest in our database.
- Access to live data is restricted to staff who need it for their role, behind multi-factor authentication.
- Our hosting and operator providers are reviewed annually for their own security posture.
- We maintain backup and disaster-recovery processes so your information is not lost in the event of a system failure.
- We monitor for unauthorised access and have an incident-response process. If we discover a security compromise that affects your information, we will notify you and the Information Regulator without undue delay, as Section 22 of POPIA requires.
No system is perfect. If you believe your information has been involved in a security incident, please email [email protected] so we can investigate.
11Your rights under POPIA
POPIA gives you specific rights over your personal information. They are:
- The right to be informed — what this policy is for.
- The right of access. You can ask us to confirm what personal information we hold about you, and to provide you with a copy of it. The first copy is free; we may charge a reasonable fee for additional copies in line with the Promotion of Access to Information Act (PAIA).
- The right to correction. You can ask us to correct information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained.
- The right to deletion. You can ask us to delete information we no longer need to keep, subject to legal retention requirements.
- The right to object. You can object to our processing of your information on reasonable grounds, and to processing for direct marketing.
- The right to withdraw consent at any time, where consent is the basis for the processing.
- The right to complain to us, and to the Information Regulator if you are not satisfied with our response.
To exercise any of these rights, email [email protected]. We will respond within 30 days. We may ask you to verify your identity before we act on the request, to make sure we are not handing your information to someone else.
12Direct marketing
We send transactional communications about your application (received, in review, offer available, declined) as part of the Service. These are not direct marketing.
We will only send you direct marketing — for example, an email about a new product on the panel — if you have opted in, or if you are an existing user and the message is about a similar service to one you have already used (as Section 69 of POPIA allows). Every marketing message includes a one-click unsubscribe link. You can also email [email protected] to opt out of all marketing at any time.
13Children
The Service is not available to anyone under 18. We do not knowingly collect personal information from children. If we discover that we have collected information from a child without verified parental consent, we will delete it.
14Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top of the page changes whenever we do. If we make a material change — for example, adding a new category of data we collect, or a new third party we share with — we will post a notice on the home page for at least 14 days before the change takes effect, and email you if you have an active application with us.
We keep previous versions on file. If you would like to see an earlier version, contact the Information Officer.
15How to contact us or complain
If you have any question about this policy, or you want to exercise one of your POPIA rights, please contact our Information Officer first. We will acknowledge your request within 5 working days and respond fully within 30 days.
- [email protected]
- Phone
- 0860 INSTANT (0860 467 826)
- Post
- Information Officer, Instant Fund, Sandton City, Sandton 2196, Johannesburg, ZA
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Regulator of South Africa:
- Website
- inforegulator.org.za
- [email protected]
- Complaints
- [email protected]
- Address
- JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
If your complaint relates to one of the matched lenders rather than to us, the Credit Ombud handles those: creditombud.org.za.