RubyFICA is operated by Rubynet (Pty) Ltd, a South African company. We provide digital compliance tools for property practitioners.
Rubynet (Pty) Ltd
Registration number: 2026/345895/07
Registered office and postal address: 4 Flack Place, Durban North, KwaZulu-Natal, 4051, South Africa
Information Officer: Reinhardt Roberts — [email protected]
We collect the following categories of personal information:
We process personal information to assist property practitioners with their legal obligations under the Financial Intelligence Centre Act 38 of 2001 (the FIC Act), specifically:
Most personal information we process for FICA customer due diligence, screening and record-keeping is processed because it is necessary to comply with an obligation imposed by law — in particular the Financial Intelligence Centre Act 38 of 2001 — as contemplated in section 11(1)(c) of POPIA. This processing is mandatory and is not based on consent; it cannot be stopped by withdrawing consent, because the law requires it. We rely on consent only for processing that is genuinely optional, such as marketing communications, which you may withdraw at any time.
Sanctions, PEP and adverse-media screening, and any AI-assisted risk indicators produced by RubyFICA, are decision-support tools only. They do not, on their own, make any decision about a data subject. The property practitioner using RubyFICA reviews the results and makes the final compliance decision. Data subjects have the rights set out in section 71 of POPIA in relation to automated decision-making.
Some data is processed through international service providers, for example:
Some of our service providers are located outside South Africa (for example, hosting and email-delivery providers). Where personal information is transferred outside South Africa, we do so in accordance with section 72 of POPIA — because the recipient is subject to laws, binding rules or a written agreement providing an adequate level of protection, or because the transfer is necessary to perform our contract with you. Screening analysis performed with the assistance of AI service providers is carried out on de-identified information: identifying details are removed and the analysis refers only to “the subject”. All primary database storage remains in South Africa.
We implement appropriate technical and organisational measures including:
If there are reasonable grounds to believe that personal information has been accessed or acquired by an unauthorised person, we will notify the Information Regulator and the affected data subjects as soon as reasonably possible after becoming aware of the compromise, as required by section 22 of POPIA, unless a public body responsible for criminal matters directs otherwise. Notifications to affected data subjects will be in writing and will describe, as far as known, the compromise and the steps they can take to protect themselves.
When you use RubyFICA to process personal information about your own clients, you are the “responsible party” for that information and Rubynet acts as your “operator”, processing it only on your documented instructions and for the purpose of providing the service. We process such information under a written operator agreement and in accordance with section 21 of POPIA, maintain the security measures required by section 19, and will assist you as far as reasonably possible with data-subject requests and with any security compromise. We will not engage a sub-operator to process this information without your authorisation.
You have the right to: be told what personal information we hold about you and to access it; ask us to correct or delete information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or unlawfully obtained; object, on reasonable grounds, to the processing of your personal information; withdraw consent where processing is based on consent (this does not apply to processing the law requires, such as FICA record-keeping); and lodge a complaint with the Information Regulator. You may exercise these rights using the contact details above, and we will respond as POPIA requires. Personal information processed for FICA purposes must be retained for the period required by the FIC Act (generally five years) and cannot be deleted before then.
We use:
We do not knowingly collect personal information from persons under the age of 18. If you believe a child's data has been submitted, please contact us immediately.
We may update this Privacy Policy from time to time. We will notify registered users via email of any material changes. The “Last updated” date at the top of this page indicates the most recent revision.
Information Officer: Reinhardt Roberts
Email: [email protected]
If you are not satisfied with our response, you may lodge a complaint with the Information Regulator:
The Information Regulator (South Africa)
JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001
P.O. Box 31533, Braamfontein, 2017
Telephone: 010 023 5200
Toll-free: 080 001 7160
General enquiries: [email protected]
POPIA complaints: [email protected]
PAIA complaints: [email protected]
Website: inforegulator.org.za