Privacy Policy

Last updated: 16 May 2026

MFTPlus is a product of CoolMinds Software (Pty) Ltd, a South African company. This policy explains how we collect, use, store, and protect your personal information when you use our website (mftplus.co.za), documentation site (docs.mftplus.co.za), and managed file transfer service (dashboard.mftplus.co.za).

We comply with the Protection of Personal Information Act (POPIA), South Africa's data protection law.

1. Information We Collect

Information you provide

• Account details: Name and email address when you sign up for an account.
• Billing information: Name and email address processed by our payment provider (Polar.sh). We do not see or store your credit card details.
• Support queries: Content of emails you send to info@mftplus.co.za or enterprise@mftplus.co.za.

Information generated by the service

• Transfer metadata: Source path, destination path, protocol, file size, timestamp, transfer duration, and SHA-256 checksum for each file transfer. We do not see or store the contents of your files.
• Agent data: Agent identifier, hostname, operating system, IP address (for heartbeat monitoring and IP allowlist enforcement).
• Audit logs: Timestamps, user actions, and system events recorded for operational and compliance purposes.

Website analytics

We use Umami Analytics — a self-hosted, cookie-free analytics tool. It collects anonymized page views and basic navigation data. No personal information is collected. No cookies are set. You may accept or decline analytics tracking via the consent banner on our website.

2. How We Use Your Information

• To provide and operate the MFTPlus service (agent management, transfer scheduling, monitoring, billing)
• To communicate with you about your account, service updates, and support requests
• To process payments via Polar.sh (our Merchant of Record)
• To maintain security, prevent fraud, and enforce our IP allowlist feature
• To generate anonymized, aggregated usage statistics for service improvement

3. How We Protect Your Information

• All data in transit is encrypted using TLS 1.2+
• Agent credentials are encrypted at rest and never transmitted in plaintext
• File contents pass through the agent directly — they are never stored on or accessible from our servers
• Access to personal information is restricted to authorized personnel on a need-to-know basis
• Our servers are hosted on infrastructure with appropriate physical and network security controls

4. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We share data only with:

• Polar.sh: Our payment processor, to handle billing and subscriptions. Polar.sh is the Merchant of Record and processes your payment details directly — we never see your credit card information.
• Service providers: Cloud infrastructure providers that host our servers, bound by data processing agreements.
• Legal requirements: If required by South African law, regulation, or court order.

5. Data Retention

• Account data: Retained while your account is active and for up to 12 months after deletion for legal and billing purposes.
• Transfer metadata and audit logs: Retained according to your plan's retention policy. Community plan retains 30 days. Paid plans offer longer retention.
• Website analytics: Anonymized and retained for 12 months, then deleted.

6. Your Rights Under POPIA

You have the right to:

• Request access to your personal information
• Request correction of inaccurate information
• Request deletion of your personal information (subject to legal retention requirements)
• Object to processing of your personal information
• Withdraw consent for analytics tracking at any time
• Lodge a complaint with the Information Regulator (South Africa)

7. Cookies

Our website does not set tracking cookies. We use one functional cookie to remember your analytics consent preference (accepted/rejected). Our analytics tool (Umami) is cookie-free.

8. International Transfers

Our infrastructure is hosted in the European Union. If you access our service from outside the EU, your data will be transferred to and processed in the EU. By using our service, you consent to this transfer.

9. Children's Privacy

MFTPlus is a business service. We do not knowingly collect personal information from children under 18.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Continued use of the service after changes constitutes acceptance.

← Back to MFTPlus