Sign in
Legal and compliance

Terms, privacy and security

Worthic Privacy Policy

Effective date
02/06/2026

This Privacy Policy explains how Worthic Systems (Pty) Ltd, trading as Worthic ("Worthic", "we", "us", or "our"), collects, uses, stores, shares, and protects personal information when you use Worthic websites, applications, services, and related support channels (the "Service").

Worthic is a document-first accounting and finance workspace for individuals and businesses. The Service helps users upload, organise, extract, review, categorise, and analyse financial and administrative records. This policy is written to a high transparency standard and should be read together with our Terms of Service, Cookie Notice, Subprocessors List, and AI and Data Processing Statement.

1. Who is responsible for your information

Worthic Systems (Pty) Ltd is the responsible party/controller for personal information that we collect and determine how to use, including account, billing, product, support, security, and operational data.

For customer content uploaded into a workspace, including financial and administrative documents, transactions, notes, and workspace records, Worthic generally acts as a service provider/processor where we process that information on behalf of the workspace owner or authorised user according to their instructions and the Service functionality.

If you use Worthic on behalf of a business, family office, trust, partnership, or other organisation, that organisation may also be responsible for how your information is used inside the workspace.

2. Minimum age

Worthic is intended for users who are at least 18 years old. We do not knowingly allow children to create accounts or use the Service.

3. Information we collect

We collect information in the following categories.

Account and profile information

This may include your name, email address, password or authentication credentials, workspace membership, role, preferences, notification settings, and account status.

Workspace and financial information

This may include accounts, transactions, balances, currencies, tags, budgets, cashflow records, investments, real estate records, reports, categories, reporting lines, workspace settings, notes, and related user-entered data.

Documents and extracted document information

You may upload financial and administrative documents to Worthic. Examples include bank statements, invoices, receipts, payslips, tax records, contracts, real estate records, investment documents, identity or compliance documents, and other records used to operate or evidence your financial affairs.

When Worthic processes documents, we may create extracted or derived information such as text, document type, dates, parties, amounts, transaction candidates, routing suggestions, document metadata, review status, and audit or processing state.

AI-related information

Worthic may process user content through AI-assisted features. This includes:

  • input data provided to an AI workflow, such as document text, metadata, transaction descriptions, or workspace context;
  • extracted or derived data produced during processing;
  • AI outputs, such as suggestions, summaries, classifications, routing recommendations, category suggestions, anomaly signals, and review notes;
  • feedback, corrections, confirmations, or rejections you provide.

We do not use customer documents, customer financial data, or workspace content to train third-party foundation models or general AI models unless we first obtain explicit opt-in consent.

Billing and subscription information

If paid subscriptions or add-ons are enabled, we may collect subscription plan, billing status, invoice, payment method reference, tax, and transaction information. Payment card or banking details may be handled by a payment processor rather than stored directly by Worthic.

Support and communications

If you contact us, we may collect the content of your message, contact details, support history, diagnostics, and any files or screenshots you choose to provide.

Usage, device, and technical information

We may collect IP address, device type, browser type, operating system, approximate location derived from IP, session identifiers, authentication logs, security events, page or feature usage, diagnostic logs, error reports, and cookie or similar technology identifiers.

Administrative access logs

Where authorised Worthic administrators access customer data for troubleshooting, security, abuse prevention, or support, we keep an auditable log of admin data access sessions.

4. How we collect information

We collect information:

  • directly from you when you create an account, upload documents, enter records, use the Service, contact support, or configure settings;
  • automatically through the Service, logs, cookies, and security systems;
  • from workspace owners or administrators who invite you or upload records involving you;
  • from service providers that support hosting, storage, email, AI processing, billing, analytics, security, and customer support;
  • from integrations you connect or authorise, if and when integrations are enabled.

5. Why we use information

We use information for the following purposes:

  • to provide, operate, maintain, secure, and improve the Service;
  • to create and manage accounts, sessions, workspaces, roles, subscriptions, and settings;
  • to upload, store, organise, extract, analyse, route, and retrieve documents;
  • to process transactions, reports, real estate records, investments, budgets, cashflow records, and related workspace data;
  • to provide AI-assisted suggestions, summaries, extraction, categorisation, review, and workflow assistance;
  • to communicate with you about the Service, security, support, billing, product changes, and administrative matters;
  • to process payments, invoices, subscriptions, credits, and add-ons;
  • to detect, prevent, investigate, and respond to security incidents, fraud, misuse, bugs, and technical problems;
  • to comply with legal, tax, accounting, regulatory, sanctions, dispute, and law-enforcement obligations;
  • to enforce our Terms of Service and protect Worthic, users, and the public;
  • to generate aggregated or de-identified statistics that do not identify a person or customer workspace.

6. Legal bases for processing

Depending on where you are located, we rely on one or more lawful bases, including:

  • performance of a contract, where processing is needed to provide the Service;
  • consent, where required for optional features, cookies, marketing, or specific processing;
  • legitimate interests, such as product security, service improvement, fraud prevention, support, and internal administration, balanced against your rights;
  • compliance with legal obligations;
  • establishment, exercise, or defence of legal claims;
  • processing on instructions from a workspace owner or authorised controller.

For South African POPIA purposes, we process personal information under lawful processing conditions including accountability, processing limitation, purpose specification, further processing limitation, information quality, openness, security safeguards, and data subject participation.

7. AI processing

Worthic uses AI-assisted features to help process and review financial and administrative records. AI outputs are assistance only and may be incomplete, inaccurate, or inappropriate for your circumstances.

You remain responsible for reviewing and verifying AI outputs, extracted data, reports, classifications, categories, tax-sensitive treatment, legal-sensitive treatment, and any decisions made using the Service.

We do not use customer documents, financial data, or workspace content to train general AI models without explicit opt-in consent. More detail is provided in our AI and Data Processing Statement.

8. Human access to customer data

Worthic is designed to limit human access to customer data. Administrative access is role-limited and based on need.

Worthic personnel may access customer information only for authorised operational purposes, such as providing support, investigating security or reliability issues, resolving billing or account access issues, complying with legal obligations, enforcing the Terms of Service, or acting at the customer’s request.

Worthic personnel with such access are subject to confidentiality obligations. Administrative access may be logged, reviewed, and retained as part of Worthic’s security and compliance records.

Worthic support or administrators do not access customer documents as a routine support practice. Worthic may access limited user data or workspace data where necessary for troubleshooting, security, abuse prevention, legal compliance, or support, subject to internal controls and auditable admin access logs.

Customers may request information about administrative access to their workspace. Worthic may provide appropriate summaries where legally and operationally reasonable, subject to limits needed to protect security, privacy of others, confidential investigations, and abuse-prevention controls.

Where a user voluntarily sends a file, screenshot, export, or document to support, we may process that support material for the purpose of handling the request.

9. How we share information

We may share information with:

  • service providers and subprocessors that host, store, secure, process, email, analyse, bill, or support the Service;
  • payment processors and billing providers;
  • AI processing providers where AI features are used;
  • professional advisers, auditors, insurers, legal counsel, accountants, and compliance providers;
  • authorities, regulators, courts, or law-enforcement bodies where required or permitted by law;
  • buyers, investors, successors, or advisers in a merger, acquisition, financing, restructuring, or sale of assets, subject to appropriate protections;
  • workspace owners, administrators, and authorised users according to workspace permissions.

We do not sell personal information. We do not share personal information for cross-context behavioural advertising unless we provide any legally required notice and choice.

10. Subprocessors

We use third-party service providers to operate the Service. Our Subprocessor List provides details of contracted third-party porcessors, including their purpose and relevant processing role where practical.

We require service providers to process information only for authorised purposes and to protect information using appropriate safeguards.

11. International transfers

Worthic is operated by a South African company and may process, store, or access information in South Africa, the United States, the European Economic Area, the United Kingdom, or other countries where we, our personnel, or our service providers operate.

Where required, we use appropriate transfer safeguards, contractual protections, and risk-based assessments for international transfers, including measures intended to satisfy POPIA, GDPR/UK GDPR, and other applicable data protection laws.

12. Security

We use technical, organisational, and administrative safeguards designed to protect information against unauthorised access, loss, misuse, alteration, and disclosure. These may include encryption in transit, access controls, authentication, logging, environment separation, audit trails, secure storage, backups, and security monitoring.

No online service can guarantee absolute security. You are responsible for protecting your account credentials, using strong passwords, controlling workspace invitations, and reviewing access permissions.

13. Retention

We retain information for as long as reasonably necessary to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and support legitimate business purposes.

If a workspace is deleted, Worthic retains workspace data and documents for 14 days to allow export and recovery. After that period, production data is scheduled for deletion or de-identification, subject to limited retention in backups, logs, audit records, billing records, security records, legal holds, or compliance records.

Backups and logs may be retained for a limited period and then deleted or overwritten according to our operational schedules.

14. Your rights and choices

Depending on your location and relationship to Worthic, you may have rights to:

  • access personal information;
  • correct inaccurate information;
  • delete information;
  • object to or restrict processing;
  • withdraw consent where processing is based on consent;
  • request portability or export;
  • opt out of marketing communications;
  • object to certain automated or AI-assisted processing where applicable;
  • lodge a complaint with a data protection authority.

To exercise rights, contact hello@worthic.ai. We may need to verify your identity and authority before acting on a request. If your information is controlled by a workspace owner, we may direct your request to that workspace owner.

15. Region-specific notices

South Africa

Worthic Systems (Pty) Ltd is a South African company. You may have rights under the Protection of Personal Information Act, 2013 (POPIA). You may contact us at hello@worthic.ai or lodge a complaint with the Information Regulator South Africa.

European Economic Area, United Kingdom, and Switzerland

Where GDPR, UK GDPR, or similar laws apply, you have the rights described in this policy. Worthic relies on the lawful bases listed above. Where required, we will identify or appoint an appropriate representative or contact point before actively targeting users in jurisdictions requiring it.

California and other US state privacy laws

Depending on whether applicable thresholds are met, residents of California and other US states may have rights to know, access, correct, delete, opt out of sale or sharing, limit certain sensitive personal information uses, and avoid discrimination for exercising privacy rights. Worthic does not sell personal information.

16. Cookies and similar technologies

We use cookies and similar technologies for authentication, security, preferences, analytics, performance, and service operation. See our Cookie Notice for more detail.

17. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will take reasonable steps to notify users, such as by email, in-app notice, or posting an updated effective date.

18. Contact

Worthic Systems (Pty) Ltd

Email: hello@worthic.ai

www.worthic.ai