SC Spheres

SC Spheres Application Privacy Notice

Updated version: 14 July 2026

This Privacy Notice explains how personal information is processed in connection with use of the SC Spheres application. It is intended for prospective and existing clients, users, and other people whose personal information may be processed through or in connection with the SC Spheres platform.

Who Is Responsible For Personal Information

Each client organisation that uses its own SC Spheres instance is generally responsible for the Client Data and user access decisions in that instance. This includes deciding what documents, messages, signatures, initials, text fields, records, and other content are uploaded to or managed through SC Spheres, who may access that content, and the lawful basis for using SC Spheres for those purposes.

SC Technology (Pty) Ltd operates, develops, administers and maintains SC Spheres. SC Spheres (UK) Ltd and Greenfields Data Solutions (Pty) Ltd license SC Spheres in their respective territories. These entities may process personal information to provide, secure, support, monitor, maintain, improve and administer SC Spheres and their related business operations.

Personal Information Processed

SC Spheres may process the following information:

  • Account and user information, including names, email addresses, roles, account status, organisation access, group memberships, and terms acceptance versions.
  • Client Data uploaded or generated by users, including documents, messages, notes, pack and meeting records, organisation settings, signatures, initials, signing text fields, and related metadata.
  • Authentication and security information, including login timestamps, last active timestamps, failed login attempts, IP addresses, browser/user-agent details, trusted-browser identifiers, and multi-factor authentication records where applicable.
  • Audit records, including actions performed on the platform, timestamps, IP addresses, user names and email addresses, and related document, pack, group, declaration, signing workflow, or platform metadata.
  • Signing evidence, including signature, initials and text-field completion timestamps, IP addresses, browser/user-agent details, and completed signing data.
  • Technical and diagnostic information, including error reports, application logs, browser details, device details, operating system details, and information included in support requests.
  • Communication information, including email addresses, names, message content, delivery information, engagement information, and subscription or communication preferences where relevant.

Why Personal Information Is Processed

Personal information is processed to provide and administer SC Spheres, manage user access, secure the platform, maintain audit trails, support electronic signing workflows, communicate with users and clients, provide support, investigate issues, prevent misuse, maintain backups, monitor and improve the service, comply with legal obligations, and protect the rights and interests of SC Spheres, clients and users.

Audit, Security And Diagnostic Records

SC Spheres records account, security, audit and technical information in order to operate, secure, monitor, support and evidence use of the platform. Site Administrators may access audit logs for their SC Spheres instance. Audit and security records may be retained as evidence of platform activity, including where related documents, users or other records are later changed or deleted.

Local Browser And Device Storage

SC Spheres may store or cache platform data in a user's browser or on a user's device to support normal platform functionality, performance and offline access. Users remain responsible for securing any device, browser profile or network used to access SC Spheres.

Security Safeguards

SC Spheres uses technical and organisational safeguards designed to protect Client Data and personal information. These include access controls, client instance isolation, encryption at rest for protected platform data types, HTTPS/TLS for web traffic, encrypted offsite backups, audit logging, vulnerability management, incident response procedures, and documented backup and recovery processes. Some security features, such as email-based multi-factor authentication and account lockout, are configurable by client Site Administrators.

Sub-Processors And International Processing

SC Spheres uses selected third-party service providers and sub-processors to host, secure, support, back up, monitor and communicate about the service. A current list is available on the SC Spheres application sub-processors page.

Personal information may be processed in South Africa, the United Kingdom, the European Union, the United States, and other countries where SC Spheres entities or their service providers operate. Where personal information is transferred internationally, SC Spheres seeks to use appropriate safeguards, contracts, data processing terms, or other lawful transfer mechanisms where required.

Data Subject Rights

Data subjects may have rights under POPIA, GDPR or other applicable laws, including rights to request access to personal information, correction or deletion in appropriate circumstances, objection to certain processing, restriction of processing, and information about automated decision-making. The availability and handling of these rights depends on the applicable law, the type of data, and whether the relevant request relates to Client Data controlled by a client organisation or to SC Spheres business/account data.

Requests relating to Client Data may need to be referred to the relevant client organisation. Privacy and data-subject requests may be sent to support@scspheres.com. PAIA and POPIA request information for South African entities is available in the PAIA Manual.

Why
·
Copyright © SC Spheres (UK) Ltd. All rights reserved.