POPIA live · FICA on the roadmap

Compliance you can prove, not just promise.

Stratumbase turns POPIA and FICA obligations into a living layer of audit-ready evidence — not another folder of policy templates nobody reads.

~30kSA SMEs in scope
8compliance modules
R699from / month
app.stratumbase.co.za — Information Officer dashboard
STRATUMBASE / IO DASHBOARD
Good morning. Everything is evidenced.
Evidence records
14,820
+312 this week
Open SARs
3
All inside statutory clock
Retention jobs run
92
Deletions self-logged
Latest evidence
Deletion executed · payroll batch · S1409:41
Consent v2 captured · marketing list · S1109:12
SAR #0143 closed · exported trail · S2308:47
RoPA updated · new processor added · S17Yesterday
Evidence accumulated · 8 weeks
Mapped to POPIAFICA roadmapBuilt in South AfricaBilled in Rand
The gap

An auditor doesn't want your policy. They want your proof.

Most SMEs "do POPIA" with a pack of policy documents filed away in a drive. The moment the Information Regulator — or a FICA inspector — asks show me, the paper trail isn't there.

Policy-pack compliance

  • A PDF policy nobody updates after signing
  • Consent assumed, never recorded or revocable
  • Data-subject requests handled over email, untraceable
  • No record of what was deleted, when, or why

Operational evidence

  • A live register reflecting what you actually process
  • Every consent captured, timestamped, withdrawable
  • SARs run on a clock with a full exportable trail
  • Retention rules that fire and log their own deletions
What's inside

Eight modules. One evidence spine.

Each module maps to a statutory obligation and produces the evidence that satisfies it. See all eight →

Core

Everything writes to one audit trail

RoPA, consent, SARs, retention, breach — every action timestamps itself into a single tamper-evident spine. An inspection becomes an export.

RoPA
Consent
SAR
New FICA

Built for the enforcement wave

CDD, beneficial ownership, screening, and a Section 42 RMCP that proves itself — for the accountable institutions the FIC is actively inspecting.

CDD · RMCP · roadmap
POPIA · S17

RoPA

A living record of every data flow, purpose, and lawful basis.

Section 17
POPIA · S11

Consent ledger

Captured, versioned, withdrawable — with the receipt to prove it.

Section 11
POPIA · S23–25

SAR workflow

Requests on a statutory clock with a complete exportable trail.

Sections 23–25
POPIA · S14

Retention & deletion

Rules fire automatically and log their own deletions as evidence.

Section 14
POPIA · S22

Breach module

Structured incident response with the 72-hour timeline built in.

Section 22
POPIA · S55–56

IO dashboard

Every obligation, deadline, and gap in one view.

Sections 55–56
How it works

From obligation to evidence, in four moves.

01

Map

Onboarding builds your RoPA and identifies which obligations apply to your business.

02

Operate

Your team captures consent, handles requests, and logs incidents through guided workflows.

03

Accumulate

Every action timestamps itself into a single, tamper-evident evidence layer.

04

Prove

When the regulator asks, you export the trail. Inspection becomes a download.

15 minutes · no card

See whether your business could survive an inspection.

We'll walk your current compliance posture and show you exactly where the evidence gaps are.