VaultFuzionVaultFuzionBY KAPARDYN

POPIA,bydesign

Every sensitive data flow is covered by a formal POPIA Data Protection Impact Assessment. Every retention window is tenant-configurable. Every purge emits a tamper-evident destruction certificate.

VaultFuzion is a product of Kapardyn, a subsidiary of Synchplus Consulting (Pty) Ltd — a company registered in the Republic of South Africa. All customer data is processed under South African law.

Data Protection Impact Assessments

Each entry below summarises a formal DPIA we maintain on record. Specific retention parameters are confirmed in your signed agreement and surfaced to you through the Partner Portal.

Federated cross-MSP reputation

Legal basis: POPIA §11(1)(a) — consent; §11(1)(d) — legitimate interest

Retention: Tenant-configurable participation; opt-out available at any time

Isolation session recordings

Legal basis: POPIA §11(1)(d) — legitimate interest

Retention: Tenant-configurable retention; destruction certificate on purge

Pre-delivery threat containment

Legal basis: POPIA §11(1)(d) — legitimate interest; contract performance

Retention: No long-term retention; threat evidence follows mailbox-backup policy

Teams · SharePoint · OneDrive scanning

Legal basis: POPIA §11(1)(d) — legitimate interest via your Microsoft data-processing agreement

Retention: Follows your existing mailbox-backup retention; no additional storage class

Retention lifecycle and destruction

Legal basis: POPIA §14 — purpose limitation and minimum-retention principle

Retention: Tenant-configurable schedules; tamper-evident destruction certificates

Continuous compliance checks

The platform runs these checks for every tenant on an ongoing basis, surfacing any gap to the responsible partner before it becomes an audit finding.

Retention policy present and current
Encryption at rest and in transit
Tamper-evident audit trail active
Active backup protection in place
Role-based access controls configured
Data residency confirmed (South Africa)
Consent and legal basis recorded
Legal-hold awareness enabled
Proof of deletion available
Purpose limitation respected
Data minimisation applied
Breach notification readiness
Right-to-deletion workflow enabled

LAST REVIEWED · 2026-05-07 · POPIA scoring is operational, not a regulatory verdict.