R
RekonSign in

Privacy Policy

Last updated: 13 June 2026

Rekon is an AI-powered financial document intelligence platform for accountants in Namibia and South Africa, operated by Ian Louw (“Rekon”, “we”, “us”). This policy explains what personal information we process, why, and the rights you have over it. It is written to align with South Africa’s Protection of Personal Information Act 4 of 2013 (“POPIA”) and with Namibia’s developing data protection framework. Where Namibian data protection legislation comes into force, we will comply with it in addition to the commitments below.

Rekon serves accounting firms. The firm you work with is the “responsible party” for its clients’ personal information under POPIA; Rekon processes that information as an operator on the firm’s instructions, and acts as a responsible party for the account and usage data described below.

1. What we collect

  • Account data — name, email address, phone number, company name, tax number, and authentication records when you create or accept an account.
  • Uploaded financial documents — bank statements and similar documents (PDF, CSV, or images) uploaded by you or your accounting firm, which may contain personal and financial information about you or third parties.
  • Transaction data — transactions extracted from those documents, including dates, descriptions, amounts, counterparties, and the categories assigned to them.
  • Usage logs — audit trails of actions taken in the platform (uploads, edits, exports, sign-ins), technical logs, and limited device information used for security and troubleshooting.

2. Why we process it (purpose and legal basis)

  • to provide the Service: extracting, categorising, and reporting on financial transactions (performance of a contract / mandate with the accounting firm);
  • to maintain security, prevent abuse, and keep audit trails (legitimate interest and legal obligation);
  • to comply with legal obligations, including financial record retention requirements; and
  • to improve extraction and categorisation accuracy within your own tenant — for example, learning from your category corrections (legitimate interest; corrections train models scoped to your tenant only).

We do not sell personal information, and we do not use your data for third-party advertising.

3. AI processing disclosure

To categorise transactions and answer document queries, extracted transaction text may be sent to third-party AI services — currently Anthropic Claude. This means portions of document content (such as transaction descriptions and amounts) are processed by Anthropic as a sub-operator under contractual confidentiality terms. AI processing may involve transfer of data outside Namibia and South Africa; we only use providers that offer safeguards consistent with section 72 of POPIA. AI categorisation is assistive: results can be reviewed and corrected by your accountant, and the platform can operate without AI categorisation.

4. Storage and security

  • data is encrypted in transit (TLS) and at rest;
  • each accounting firm’s data is isolated in its own tenant, enforced at the database level with row-level security;
  • access is authenticated and role-based, and administrative actions are recorded in an audit log; and
  • backups are taken regularly and stored securely.

5. Retention and deletion

Financial records (uploaded documents and extracted transactions) are retained for five (5) years in line with the retention obligations applicable to accountable institutions under the Financial Intelligence Act (Namibia) and the Financial Intelligence Centre Act (South Africa), unless a longer period is required by law or agreed with your accounting firm.

When a tenant requests deletion, the tenant enters a 30-day cooling-off period during which the deletion can be cancelled. After that period, data is permanently erased from live systems and object storage, except where statutory retention obligations require specific records to be kept. Individual users may request erasure of their personal information as described under data subject rights below.

6. Your rights (data subjects)

Under POPIA you have the right to:

  • access — request confirmation of, and access to, the personal information we hold about you;
  • correction — request correction of inaccurate or incomplete information;
  • erasure — request deletion of your personal information, subject to statutory retention obligations;
  • objection — object to processing based on legitimate interest, and withdraw consent where processing is based on consent.

If your data was uploaded by an accounting firm, we may refer your request to that firm as the responsible party, and will assist them in fulfilling it. You may also lodge a complaint with the Information Regulator (South Africa) where applicable.

7. Cookies

Rekon uses only strictly necessary cookies: session authentication cookies that keep you signed in, and related session-duration cookies. We do not use advertising, analytics, or cross-site tracking cookies, so no cookie consent banner is required.

8. Breach notification

If we become aware of a security compromise affecting personal information, we will notify the affected accounting firm and, where required by section 22 of POPIA, the Information Regulator and affected data subjects, as soon as reasonably possible after discovery, together with the information needed to take protective measures.

9. Changes to this policy

We may update this policy from time to time. Material changes will be notified via the Service or by email before they take effect, and the “Last updated” date above will change.

10. Contact (information officer)

Operator and contact for privacy requests: Ian Louw, ian@ianlouw.com. See also our Terms of Service.

Summary of key facts

  • Operator: Ian Louw (ian@ianlouw.com)
  • Data: account details, uploaded financial documents, extracted transactions, usage logs
  • AI sub-operator: Anthropic Claude (categorisation/queries)
  • Retention: 5 years for financial records (FIA/FICA)
  • Deletion: on request, with a 30-day cooling-off for tenants
  • Cookies: session authentication only