01Definitions

In this Manual, unless the context indicates otherwise, the words and expressions set out below shall have the meanings assigned to them, and cognate expressions shall have a corresponding meaning:

• "Act" or "PAIA" means the Promotion of Access to Information Act, 2 of 2000, as amended from time to time;

• "Constitution" means the Constitution of the Republic of South Africa, 1996;

• "Information Officer" means the head of the private body as defined in section 1 of PAIA, being the person named as such in this Manual;

• "Information Regulator" means the Information Regulator (South Africa) established in terms of section 39 of the Protection of Personal Information Act, 4 of 2013;

• "Manual" means this information manual, published in terms of section 51(1) of the Act;

• "Personal Information" has the meaning given to that term in section 1 of POPIA;

• "POPIA" means the Protection of Personal Information Act, 4 of 2013, as amended from time to time;

• "Regulations" means the regulations published from time to time under the Act;

• "Request for Access" means a request for access to a record held by Weeva lodged in terms of the Act;

• "Requester" has the meaning given to that term in section 1 of the Act, and includes any person making a Request for Access, and any person acting on behalf of such a person;

• "Weeva" means Choccy AI (Pty) Ltd, a private company duly incorporated in accordance with the laws of the Republic of South Africa with registration number 2025/148892/07, trading as Weeva AI, and includes, where the context requires, its directors, officers, employees, agents, and duly authorised representatives.

02Introduction

This Manual is published in terms of section 51(1) of the Act. The Act gives effect to the provisions of section 32 of the Constitution, which provides for the right of access to:

• any information held by the state; and

• any information that is held by another person and that is required for the exercise or protection of any rights.

The Act sets out the procedural requirements applicable to Requests for Access, the requirements which such requests must meet, and the grounds on which access may be refused. This Manual informs Requesters of the procedural and other requirements which a request must meet.

The Act recognises that the right of access to information must be balanced with other rights, and should be subject to limitations that are aimed at the reasonable protection of privacy, commercial confidentiality, and effective, efficient, and good governance, in a manner that is consistent with the Constitution.

The reference in this Manual to information in addition to that specifically required in terms of section 51 of the Act does not create any right or entitlement, whether contractual or otherwise, to receive such information, other than in terms of the Act.

This Manual is made available for inspection, free of charge, at the offices of Weeva during ordinary office hours, on the Weeva website, and on request from the Information Officer. The Manual will be updated from time to time as required.

03Overview Of Weeva

Choccy AI (Pty) Ltd is a private company, duly incorporated in accordance with the laws of the Republic of South Africa and trading as Weeva AI. Weeva designs, develops, and delivers artificial intelligence ("AI") and automation solutions, as well as related professional services, primarily to organisations operating in the insurance and financial services sectors.

Weeva's business activities include, without limitation:

• the development, licensing, and support of AI-powered software products used by insurers, brokers, and financial services providers;

• the delivery of automation, integration, and machine learning projects; and

• the provision of professional services, consulting, training, and advisory services in support of its products and customer initiatives.

Weeva supports the constitutional right of access to information and is committed to providing Requesters with access to its records in accordance with the provisions of the Act, the confidentiality that it owes to third parties, and the principles of South African law.

04Particulars In Terms Of Section 51(1)(A)

The following are the contact details of Weeva for the purposes of PAIA:

Name of private body:	Choccy AI (Pty) Ltd (trading as Weeva AI)
Registration number:	2025/148892/07
Information Officer:	Jordan Haskel
Deputy Information Officer:	Not presently appointed. The Information Officer is the primary contact.
Information Officer email:	hello@weeva.ai
General email:	hello@weeva.ai
Head office / physical address:	4th Floor, 20 The Piazza, Whiteley Road, Melrose, Johannesburg, Gauteng, 2076, South Africa
Postal address:	4th Floor, 20 The Piazza, Whiteley Road, Melrose, Johannesburg, Gauteng, 2076, South Africa
Website:	https://www.weeva.ai

05Guide On How To Use The Act

In terms of section 10 of the Act, the Information Regulator has updated and made available a guide on how to use the Act (the "Guide"). The Guide contains such information as may reasonably be required by a person who wishes to exercise any right contemplated in the Act.

The Guide is available in each of the official languages, and in Braille, on the website of the Information Regulator at https://inforegulator.org.za. Copies of the Guide may also be obtained from the Information Regulator at the following contact details:

Information Regulator (South Africa)

JD House, 27 Stiemens Street, Braamfontein, Johannesburg, 2001

P.O. Box 31533, Braamfontein, Johannesburg, 2017

Tel: +27 10 023 5207

Email: inforeg@justice.gov.za

PAIA complaints: PAIAComplaints@inforegulator.org.za

POPIA complaints: POPIAComplaints@inforegulator.org.za

Website: https://inforegulator.org.za

06Records Automatically Available Without Request (Section 52)

No notice has been published by Weeva under section 52(2) of the Act listing categories of records that are automatically available without a person having to request access in terms of the Act. However, the following Weeva records are, as a matter of practice, available without the need for a formal PAIA Request:

• general information about Weeva, its products, and its services, as published on the Weeva website;

• the Weeva Privacy Policy, Cookie Policy, and Terms of Use;

• this PAIA Manual; and

• other content that Weeva elects to make available to the public from time to time through its website, social media channels, marketing materials, or press releases.

07Categories Of Records Held By Weeva

7.1 Records held in accordance with other legislation

Weeva maintains records required to be kept in compliance with, among others, the following legislation:

• Basic Conditions of Employment Act, 75 of 1997;

• Broad-Based Black Economic Empowerment Act, 53 of 2003;

• Companies Act, 71 of 2008;

• Compensation for Occupational Injuries and Diseases Act, 130 of 1993;

• Consumer Protection Act, 68 of 2008;

• Copyright Act, 98 of 1978;

• Cybercrimes Act, 19 of 2020;

• Electronic Communications and Transactions Act, 25 of 2002;

• Employment Equity Act, 55 of 1998;

• Financial Intelligence Centre Act, 38 of 2001 (to the extent applicable);

• Income Tax Act, 58 of 1962;

• Labour Relations Act, 66 of 1995;

• National Credit Act, 34 of 2005 (to the extent applicable);

• Occupational Health and Safety Act, 85 of 1993;

• Protection of Personal Information Act, 4 of 2013;

• Promotion of Access to Information Act, 2 of 2000;

• Skills Development Act, 97 of 1998;

• Skills Development Levies Act, 9 of 1999;

• Tax Administration Act, 28 of 2011;

• Unemployment Insurance Act, 63 of 2001;

• Unemployment Insurance Contributions Act, 4 of 2002; and

• Value Added Tax Act, 89 of 1991.

Access to these records is subject to the provisions of the relevant legislation. Nothing in this Manual confers any right to access records which are subject to mandatory protection under any other law.

7.2 Records held by Weeva in the ordinary course of business

Subject to the provisions of the Act, Weeva may hold the following categories of records in the ordinary course of its business:

7.2.1 Company records

• Memorandum of Incorporation and other founding documents;

• records relating to the appointment of directors, officers, and the company secretary (if applicable);

• shareholder records, share register, and share certificates;

• minutes of meetings of shareholders, directors, and committees;

• statutory registers and returns;

• licences, authorisations, certificates, and permits; and

• general correspondence.

7.2.2 Financial records

• accounting records and ledgers;

• annual financial statements and audit reports;

• tax records, including VAT, PAYE, and income tax returns;

• bank statements, invoices, receipts, and vouchers;

• management accounts and budgets; and

• asset and investment registers.

7.2.3 Employment and human resources records

• employment contracts and related correspondence;

• personnel files, including performance appraisals and disciplinary records;

• payroll records, including salary, benefits, and tax information;

• leave records;

• health and safety records;

• employment equity records; and

• training and skills development records.

7.2.4 Customer, supplier, and contract records

• contracts, statements of work, order forms, and related schedules with customers and suppliers;

• data processing agreements and other agreements relating to the processing of personal information;

• correspondence and project documentation relating to customer engagements;

• customer onboarding and due diligence records; and

• records relating to the performance, delivery, and support of products and services.

7.2.5 Product, technology, and operational records

• product specifications, design documentation, and technical documentation;

• source code, configuration files, and build artefacts, subject to confidentiality and intellectual property protections;

• system logs, audit trails, and monitoring records;

• information security policies, procedures, and incident records;

• business continuity and disaster recovery plans; and

• records relating to the management of sub-processors and service providers.

7.2.6 Marketing and communications records

• marketing materials, proposals, and presentations;

• customer relationship management data;

• event and campaign records; and

• records relating to opt-ins, opt-outs, and communications preferences.

7.2.7 Legal, compliance, and risk records

• legal opinions and correspondence with external advisors (subject to legal professional privilege);

• compliance policies, procedures, and training records;

• risk registers and incident logs;

• records relating to regulatory engagement and correspondence; and

• records relating to actual or threatened disputes, investigations, or litigation.

7.2.8 Personal information records

• personal information processed as a Responsible Party in respect of prospects, customers' representatives, suppliers' representatives, website visitors, marketing recipients, and employees; and

• personal information processed as an Operator on behalf of our customers, which is held in accordance with the terms of our data processing agreements with those customers. Data subjects seeking access to personal information held by Weeva as an Operator should direct their request to the relevant Responsible Party (Weeva's customer).

08Processing Of Personal Information (Popia)

Weeva processes Personal Information in accordance with POPIA and its Privacy Policy. The Privacy Policy is available on the Weeva website and sets out, amongst other things:

• the categories of Personal Information Weeva processes;

• the purposes and lawful bases for such processing;

• the parties with whom Personal Information is shared;

• the measures Weeva takes to safeguard Personal Information; and

• the rights of data subjects and how to exercise them.

8.1 Purpose of processing

Weeva processes Personal Information for the purposes described in its Privacy Policy, including, amongst others, responding to enquiries, performing contracts with customers and suppliers, providing and improving its products and services, complying with legal and regulatory obligations, managing employment relationships, and protecting the security of its systems and information.

8.2 Categories of data subjects and of personal information

The categories of data subjects whose Personal Information Weeva processes include, without limitation:

• representatives of current, prospective, and former customers;

• representatives of current, prospective, and former suppliers, service providers, and business partners;

• website visitors and enquirers;

• applicants, employees, contractors, and former employees and contractors;

• directors and officers of Weeva; and

• individuals whose Personal Information is processed on behalf of Weeva's customers in the ordinary course of providing Weeva's products and services.

Categories of Personal Information that may be processed include identity and contact information, employment-related information, authentication and account information, transaction and billing information, technical and usage information, marketing preferences, and, where relevant, Special Personal Information as defined in POPIA.

8.3 Recipients of personal information

Personal Information may be disclosed to the recipients described in the Privacy Policy, including group companies (where applicable), service providers, professional advisors, regulators, and law enforcement authorities.

8.4 Cross-border transfers

Personal Information may be transferred across borders, as more fully described in the Privacy Policy, in compliance with the requirements of section 72 of POPIA and, where applicable, Chapter V of the GDPR.

8.5 Security measures

Weeva has implemented appropriate technical and organisational measures to protect Personal Information against loss, damage, unauthorised destruction, and unlawful access or processing, including access controls, encryption, network security controls, vetting of service providers, and employee training.

09Request Procedure

9.1 Form of request

A Request for Access to a record held by Weeva must be made on the prescribed form ("Form 2") set out in Annexure A to the Regulations. The form is available from the Information Officer, the Information Regulator's website (https://inforegulator.org.za), and the Weeva website. The completed Form 2 must be delivered, emailed, or posted to the Information Officer at the address specified in section 4 above.

The Request must:

• provide sufficient particulars to enable the Information Officer to identify the record requested and the Requester;

• indicate the form of access required;

• specify a postal address, fax number, or email address of the Requester in South Africa;

• identify the right the Requester is seeking to exercise or protect, and provide an explanation of why the requested record is required for the exercise or protection of that right;

• if the Request is made on behalf of another person, submit proof of the capacity in which the Requester is making the request, to the reasonable satisfaction of the Information Officer; and

• if the Requester wishes to be informed of the decision on the Request in a particular manner, state that manner and provide the necessary particulars to be so informed.

9.2 Fees

The Act provides for two types of fees, namely a Request fee (being a flat fee) and access fees (calculated with reference to time and material costs). Personal requesters (requesting access to their own Personal Information) are not required to pay the Request fee. All other Requesters are required to pay the Request fee before the Request will be processed.

Access fees, where applicable, must be paid before access to the record is provided. The Information Officer will notify the Requester of the amount of the access fee, and, where appropriate, a deposit, in writing. The currently prescribed fees are set out below. These fees may be updated by the Information Regulator from time to time. The prevailing fees, as published by the Information Regulator, shall apply.

Item	Fee
Request fee (payable by every requester, other than a personal requester, together with the request)	R50.00
Photocopy / printed copy of A4-size page (or part thereof)	R1.10 per page
Copy in a computer-readable form on compact disc	R70.00 per disc
Transcription of visual images: service to produce a copy	R40.00 per A4-size page
Transcription of an audio record: service to produce a transcription	R20.00 per A4-size page
Copy of visual images	R60.00 per copy
Copy of an audio record	R30.00 per copy
To search for and prepare a record for disclosure (for each hour or part of an hour, excluding the first hour)	R30.00 per hour
Deposit (where the Information Officer estimates that the preparation of the record will take more than six hours)	One third of the access fee payable
Postage: actual postage is payable when a copy of a record, or transcription thereof, must be posted to a requester.	At cost

Payment must be made by way of electronic funds transfer to the banking account designated by the Information Officer, or by such other means as the Information Officer may from time to time accept. Proof of payment must be provided together with the Request.

9.3 Time periods

The Information Officer will use reasonable endeavours to respond to a Request within thirty (30) days of receipt of the Request (or proof of payment of the Request fee, whichever is later). This period may be extended by a further period of not more than thirty (30) days if the Request is for a large number of records, or requires a search through a large number of records, and compliance within the original period would unreasonably interfere with the activities of Weeva.

9.4 Grounds for refusal

Access to a record may be refused on any of the grounds for refusal set out in Chapter 4 of Part 3 of the Act. These include, without limitation:

• the mandatory protection of the privacy of a third party who is a natural person (section 63);

• the mandatory protection of the commercial information of a third party (section 64);

• the mandatory protection of certain confidential information of a third party (section 65);

• the mandatory protection of the safety of individuals and the protection of property (section 66);

• the mandatory protection of records privileged from production in legal proceedings (section 67);

• the protection of the commercial activities of a private body (section 68);

• the protection of research information (section 69); and

• requests that are manifestly frivolous or vexatious, or that would substantially and unreasonably divert Weeva's resources.

Where a record contains information that is protected under one or more of the grounds set out above, together with information that is not so protected, the Information Officer will, where reasonably severable, grant access to the portion of the record that does not contain protected information.

9.5 Outcome of request

Upon making a decision on a Request, the Information Officer will notify the Requester in writing of:

• whether access is granted or refused;

• the access fees (if any) to be paid upon access, and the form in which access will be given;

• whether access will be given to the whole or only part of the record; and

• the Requester's right to lodge an internal appeal with the Information Regulator, and/or to apply to a court, against the decision.

10Remedies Available Where A Request Is Refused

Where a Request is refused (whether in whole or in part), the Requester is entitled to lodge a complaint with the Information Regulator in terms of section 77A of the Act, or to apply to a court of competent jurisdiction. A complaint to the Information Regulator must be lodged within 180 days of the decision, using the form and procedure prescribed by the Information Regulator. Details of the Information Regulator are set out in section 5 above.

11Availability Of This Manual

This Manual is available:

• free of charge, for inspection at the head office of Weeva, during ordinary business hours, by arrangement with the Information Officer;

• on the Weeva website at https://www.weeva.ai; and

• from the Information Regulator upon request.

12Updating Of This Manual

Weeva will update this Manual as and when required in order to reflect changes in Weeva's records, its operations, applicable legislation, or other matters that affect the content of this Manual.

13Disclaimer

Nothing in this Manual is intended to, nor should it be construed as, a waiver of any right or remedy available to Weeva under the Act or at law, including without limitation any ground for refusal of access to a record.

This Manual was adopted by Choccy AI (Pty) Ltd on 17 April 2026 in terms of section 51 of the Promotion of Access to Information Act, 2 of 2000.