Xillo TruePotential LogoXillo TruePotential

Xillo TruePotential: Privacy Policy

Effective Date: January 1, 2026

Our Commitment to Your Privacy

Xillo TruePotential is a mission-driven project of the National Zakat Foundation (NZF) NPC. We are committed to safeguarding your personal and cognitive information in accordance with the Protection of Personal Information Act (POPIA). This policy explains how we collect, use, and protect your data.

Information We Collect

We only collect information that is necessary to provide the TruePotential™ experience:

  • Personal Identifiers: Name, email address, and unique user ID (UID).
  • Cognitive Data: Your scores, response times, and patterns from gamified assessments.
  • Billing Information: Payment history and subscription status. (Note: Credit card details are handled exclusively by Payfast and are never stored on our servers).
  • Usage Data: IP addresses and device information to ensure security and prevent fraud.

Why We Process Your Data (Purpose Specification)

We process your information for the following specific purposes:

  • Service Delivery: To calculate your Multiple Intelligence scores and generate your leadership reports.
  • Personalization: To suggest specific "Enhancement" games based on your skill gaps.
  • Impact Reporting: To measure the collective growth of our users as part of the National Zakat Foundation’s social empowerment initiatives (this data is always anonymized).
  • Legal Compliance: To maintain records required by the South African Revenue Service (SARS) and the NPC's governing mandates.

Third-Party Data Operators

We do not sell your data. We only share information with "Operators" who help us run the service under strict confidentiality:

  • Google Firebase: For secure data storage and authentication.
  • Payfast (Pty) Ltd: For secure payment processing in ZAR.
  • Google Gemini (AI): For generating deep-dive cognitive analytics (data sent to the AI is stripped of personal identifiers).

Data Security & Retention

We implement industry-standard technical and organizational measures (including encryption and Firebase Security Rules) to prevent unauthorized access.

Retention: We keep your data only as long as your account is active or as required by South African law for financial records (typically 5 years for payment logs).

Your Rights Under POPIA

You have the following rights regarding your personal information:

  • Access: You can request a copy of all data we hold about you.
  • Correction: You can update your profile details at any time.
  • Deletion: You can request that we delete your account and all associated cognitive records.
  • Objection: You can object to the processing of your data for marketing purposes.

Contact Our Information Officer

If you have questions about this policy or wish to exercise your rights, please contact the NZF Information Officer:

Email: connect@nzf.org.za / connect@xillo.io