Compliance you can prove, not just promise.
Stratumbase turns POPIA and FICA obligations into a living layer of audit-ready evidence — not another folder of policy templates nobody reads.
Good morning. Everything is evidenced.
An auditor doesn't want your policy. They want your proof.
Most SMEs "do POPIA" with a pack of policy documents filed away in a drive. The moment the Information Regulator — or a FICA inspector — asks show me, the paper trail isn't there.
Policy-pack compliance
- A PDF policy nobody updates after signing
- Consent assumed, never recorded or revocable
- Data-subject requests handled over email, untraceable
- No record of what was deleted, when, or why
Operational evidence
- A live register reflecting what you actually process
- Every consent captured, timestamped, withdrawable
- SARs run on a clock with a full exportable trail
- Retention rules that fire and log their own deletions
Eight modules. One evidence spine.
Each module maps to a statutory obligation and produces the evidence that satisfies it. See all eight →
Everything writes to one audit trail
RoPA, consent, SARs, retention, breach — every action timestamps itself into a single tamper-evident spine. An inspection becomes an export.
Built for the enforcement wave
CDD, beneficial ownership, screening, and a Section 42 RMCP that proves itself — for the accountable institutions the FIC is actively inspecting.
CDD · RMCP · roadmapRoPA
A living record of every data flow, purpose, and lawful basis.
Section 17Consent ledger
Captured, versioned, withdrawable — with the receipt to prove it.
Section 11SAR workflow
Requests on a statutory clock with a complete exportable trail.
Sections 23–25Retention & deletion
Rules fire automatically and log their own deletions as evidence.
Section 14Breach module
Structured incident response with the 72-hour timeline built in.
Section 22IO dashboard
Every obligation, deadline, and gap in one view.
Sections 55–56From obligation to evidence, in four moves.
Map
Onboarding builds your RoPA and identifies which obligations apply to your business.
Operate
Your team captures consent, handles requests, and logs incidents through guided workflows.
Accumulate
Every action timestamps itself into a single, tamper-evident evidence layer.
Prove
When the regulator asks, you export the trail. Inspection becomes a download.
See whether your business could survive an inspection.
We'll walk your current compliance posture and show you exactly where the evidence gaps are.