Privacy Policy

Last updated: March 2026

1. Introduction

Kryohm (Pty) Ltd ("Kryohm", "we", "us") is committed to protecting your personal information in accordance with the Protection of Personal Information Act, 2013 (POPIA) and other applicable South African legislation.

This policy explains how we collect, use, store, and protect your personal information when you use our website, IoT platform, and prepaid metering services.

2. Information We Collect

We may collect the following personal information:

  • Contact details: Name, email address, phone number, company name
  • Account information: Login credentials, user role, assigned meters
  • Transaction data: Credit purchases, payment history, token records
  • Device data: Meter readings, sensor telemetry, device identifiers
  • Usage data: Platform interactions, feature usage, login history
  • Communication data: Enquiries submitted through our contact forms

3. How We Use Your Information

We process your personal information for the following purposes:

  • Providing and maintaining our IoT and prepaid metering services
  • Processing credit purchases and generating prepaid tokens
  • Sending transaction confirmations and token delivery emails
  • Responding to enquiries and providing customer support
  • Generating usage reports and analytics for vendors
  • Improving our products, platform, and services
  • Complying with legal obligations

4. Legal Basis for Processing (POPIA)

We process your information based on one or more of the following grounds:

  • Consent: Where you have given us explicit consent
  • Contract: Where processing is necessary to fulfil our services to you
  • Legal obligation: Where required by South African law
  • Legitimate interest: Where necessary for our business operations, provided your rights are not overridden

5. Third-party Services

We share personal information with the following third parties, only as necessary to provide our services:

  • Paystack: Payment processing (transaction and card data)
  • Calin: STS token generation (meter identifiers only)
  • Email service providers: Sending transactional emails

We do not sell your personal information to third parties.

6. Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes outlined in this policy, or as required by law. Transaction records are retained for a minimum of 5 years in accordance with South African tax and financial regulations.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal information, including:

  • AES-256 encryption for data in transit and at rest
  • Role-based access control
  • Audit logging of all data access
  • Regular security assessments
  • Brute-force login protection

8. Your Rights Under POPIA

You have the right to:

  • Request access to your personal information
  • Request correction of inaccurate information
  • Request deletion of your personal information
  • Object to the processing of your information
  • Withdraw consent at any time
  • Lodge a complaint with the Information Regulator

9. Cookies

Our website uses essential cookies for session management and platform functionality. We do not use tracking or advertising cookies.

10. Contact Us

For any privacy-related queries or to exercise your rights, contact us at: