Data Stewardship Statement

Brethxm Vurdop operates on a principle: the information you share with us belongs to you first. Our job is to handle it with care, use it only when necessary, and explain what happens behind the scenes.

This document walks through how we work with your details—from the moment they reach us until they no longer serve a purpose.

Effective: January 2025

What Arrives at Our Systems

Information enters our environment through different routes. When a business representative registers for communication services, we record identity markers—full name, company name, position, and contact coordinates. Email addresses and phone numbers help us maintain the channel you've opened with us.

During service interactions, technical details appear: IP addresses, browser signatures, device types, operating system versions. These emerge automatically as you navigate our platform. We don't hunt for them—they arrive as part of standard web communication protocols.

Communication history forms another layer. Messages sent through our platform, support ticket exchanges, feedback submissions, and consultation requests all get preserved. This creates a record we reference when continuing conversations or resolving technical problems.

Payment information enters the picture for invoicing purposes. We capture billing addresses and transaction references, though financial instrument details pass directly to payment processors—we never hold complete card numbers or banking credentials in our own databases.

When Details Reach Us

Account creation triggers the first intake. At that threshold, you provide credentials and business identifiers. Service usage generates ongoing technical logs. Support interactions produce correspondence records. Each phase adds specific data categories tied to that activity.

Operational Necessity and Purpose Alignment

We don't stockpile information for abstract future possibilities. Each category serves defined operational requirements within our business communications infrastructure.

  • Identity verification prevents unauthorized access and ensures secure account boundaries. Without knowing who you are, we can't protect your workspace from intrusion.
  • Service delivery depends on contact coordinates. When systems need maintenance or messages require routing, communication channels must function reliably.
  • Technical troubleshooting relies on device and connection data. When something breaks, we trace the problem through logs that reveal where communication chains fractured.
  • Financial administration requires billing records and transaction history. Invoicing, payment reconciliation, and accounting compliance all depend on accurate commercial documentation.
  • Platform improvement emerges from usage pattern analysis. Understanding how businesses interact with features helps us refine interfaces and fix friction points.

Here's what matters: if we can't justify a data point through one of these operational needs, we don't keep it. The test is simple—does removing this information break something essential? If the answer is no, it shouldn't be there.

You gain reliability, security, and responsive support. Your communication tools function without interruption, problems get resolved quickly, and billing stays transparent. These aren't abstract benefits—they're the practical outcomes of having accurate, accessible information when operational situations demand it.

Internal Handling and External Movement

Inside our organization, access follows role-based restrictions. Support staff can view correspondence history and account details relevant to resolving your specific inquiry. Technical teams reach diagnostic logs when investigating system issues. Financial personnel handle billing records during invoicing cycles. Marketing staff never touch raw customer databases—they work with anonymized usage statistics.

When Information Leaves Our Control

Certain operations require external partners. Payment processing happens through established financial service providers who maintain their own security frameworks and regulatory compliance. We transmit only what's necessary to complete transactions—never your full account history or unrelated business details.

Cloud infrastructure providers host our platform components. These technical vendors supply server capacity, network routing, and data storage facilities. Contractual agreements mandate that they cannot use hosted information for purposes beyond providing infrastructure services to us.

Legal demands occasionally force disclosure. When South African authorities present valid court orders or regulatory investigators issue lawful data requests, we comply within the scope legally required. We've never received a blanket surveillance directive, and if we did, we'd challenge its validity before complying.

  • Payment processors receive transaction details required to authorize and complete financial exchanges
  • Cloud service providers access only the technical infrastructure layer—they provide the pipes, not the content
  • Legal authorities obtain information strictly within the boundaries of valid requests, nothing more
  • Business consultants working under contract may access specific datasets relevant to their engagement, bound by confidentiality terms

We don't sell customer lists to marketers. We don't trade contact databases with third parties. Your details aren't commercial inventory.

Protection Framework and Remaining Risk

Security doesn't mean invulnerability—it means building layers that make breaches expensive and difficult. Our approach combines technical safeguards, operational procedures, and honest acknowledgment of what can still go wrong.

Encryption protects data during transmission and at rest. Communication between your browser and our servers travels through TLS-secured channels. Database storage uses encryption algorithms that render stolen files useless without corresponding keys. Access authentication requires multi-factor verification for administrative functions.

Automated systems monitor unusual activity patterns. When login attempts spike from unfamiliar locations or data access requests deviate from normal workflows, alerts trigger immediate review. We maintain incident response procedures that activate within minutes, not hours.

Regular security assessments probe for vulnerabilities. External auditors test our defenses periodically. Software updates patch known exploits quickly. Employee training reinforces secure handling practices—because human error remains a persistent threat vector.

Risks That Persist

No system achieves perfect security. Sophisticated attackers with sufficient resources might eventually find entry points. Zero-day exploits—vulnerabilities unknown to software vendors—can expose systems before patches exist. Social engineering attacks might trick authorized users into revealing credentials. Natural disasters could disrupt data centers despite redundancy measures.

We've engineered for resilience, but we can't eliminate risk entirely. What we can do is minimize probability, contain damage when breaches occur, and communicate transparently if your information gets compromised.

Your Control Mechanisms and Retention Logic

Control starts with visibility. You can request a complete export of information we hold about you—account details, communication history, service usage logs, billing records. We provide this in machine-readable format within fifteen business days of your request.

Corrections happen through your account dashboard for most details. Name changes, contact updates, and billing address modifications take effect immediately. For information locked to historical transactions, you can request amendments that we'll implement if they don't compromise record integrity.

  • Deletion requests trigger removal of all non-essential data. Account profiles, preferences, and optional details disappear within thirty days.
  • Objections to processing let you challenge specific uses. If you believe we're handling information beyond operational necessity, you can demand justification or cessation.
  • Marketing opt-outs stop promotional communications immediately. Service-related messages continue because they're essential to platform operation.

How Long We Keep What

Different information categories follow different retention schedules. Active account data persists while your service relationship continues. After account closure, identity markers and contact details remain for six months to handle any final billing or support issues, then get purged.

Financial records stay for seven years—South African tax law mandates this retention period. Communication history linked to legal disputes or compliance investigations remains until those matters conclude. Technical logs typically expire after ninety days unless they document security incidents requiring longer preservation.

We don't keep information "just in case." When retention justification expires, deletion happens automatically through scheduled processes that run weekly. Manual review catches edge cases where automated deletion might remove something still needed for an active purpose.

Questions, Concerns, or Formal Requests

If something here doesn't make sense, if you want to exercise control rights, or if you've spotted a problem with how we're handling your information, start a conversation.

Email us directly: help@molintords.biz

Call our support line: +27 72 906 4837

Send written correspondence to our registered office: 25 Canary Rd, Willowton, Pietermaritzburg, 3201, South Africa

We respond to straightforward questions within two business days. Complex requests requiring legal review or technical investigation might take up to fifteen business days. If you're not satisfied with our response, you can escalate concerns to South Africa's Information Regulator, the authority overseeing data protection compliance in our jurisdiction.