SmartAlex South African Electronic Communications Notice (RICA, ECTA and ECA)
1. Purpose and scope
This South African Electronic Communications Notice (the "Notice") explains how THERCSGROUP PTE. LTD., trading as SmartAlex ("SmartAlex", "we", "us", or "our"), addresses three South African statutes when the SmartAlex platform, websites, applications, and APIs (the "Services") are used to make, receive, record, transcribe, or conclude business through telephone and voice communications in the Republic of South Africa. Those statutes are the Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2002 ("RICA"), the Electronic Communications and Transactions Act 25 of 2002 ("ECTA"), and the Electronic Communications Act 36 of 2005 (the "ECA").
It supplements our Privacy Policy, our POPIA Notice, our Telephony and Call Recording Notice, and our Data Processing Addendum. Those documents own the data-protection and recording-consent detail. This Notice deals only with the RICA interception question, the ECTA electronic-contracting question, and the ECA licensing question, and it points to the other documents rather than repeating them. Where there is a conflict between this Notice and any of those documents on a South African communications-law question, the more specific provision in this Notice applies. Where there is a conflict between this Notice and the negotiated agreement between SmartAlex and a Customer, that agreement prevails as between SmartAlex and the Customer.
This Notice is a statement of how SmartAlex approaches these laws. It is not legal advice, and it does not create a contract or vary any agreement between you and us. A Customer that uses the Services in South Africa remains responsible for its own compliance and should take its own advice on how these statutes apply to its business.
A note on jurisdiction. SmartAlex is incorporated in Singapore. That does not place the Services outside South African law. Each of these statutes attaches to conduct and its effects inside South Africa, not to where a company is registered. RICA applies to the interception of communications carried on South African networks or involving South African parties, ECTA applies to data messages and transactions connected with the Republic, and the ECA applies to electronic-communications services provided in South Africa. We treat South African law as applying to the South African use of the Services and do not rely on our place of incorporation as a shield.
2. Definitions
The following defined terms are used in this Notice. Terms defined in our Privacy Policy, our POPIA Notice, or our Data Processing Addendum carry the meaning given there unless stated otherwise.
- Customer means the business that holds a SmartAlex account and configures and uses the Services. In data-protection terms the Customer is the responsible party (controller). In telephony terms the Customer is the operator of the line and the party to the calls its agents make and receive.
- End User means an individual the Customer interacts with through the Services, such as the person at the other end of a call. In data-protection terms the End User is the data subject.
- Voice agent means an automated voice assistant configured on the Services that speaks with a person in real time and can, where a Customer enables it, record and transcribe the call and help conclude a transaction.
- Recording means the capture of call audio, and any transcript, summary, or record derived from it.
- Interception has the meaning given in RICA: broadly, the acquisition of the contents of a communication in the course of its transmission, through the use of any means.
- Electronic agent has the meaning given in ECTA: a computer program, or an electronic or other automated means, used independently to initiate an action or to respond to data messages, in whole or in part, without review by a natural person. A SmartAlex voice agent is an electronic agent for the purposes of ECTA.
- ICASA means the Independent Communications Authority of South Africa, the regulator established under the ECA.
- Information Regulator means the Information Regulator (South Africa) established under POPIA.
- Subprocessor means a third party we engage to help provide the Services, such as our telephony provider or our speech and language AI providers. The current list is published at our Subprocessor List.
3. Where SmartAlex sits, and who does what
SmartAlex is an application layer. It provides the software that runs a voice agent, and it arranges the underlying telephone carriage through duly licensed telecommunications providers. It does not own a telephone network, and it is not the licensed operator of the line. The Customer configures the agent, decides who is called and when, decides whether calls are recorded, and is the party to the conversations its agent has. This division matters because the three statutes fall on different parties.
The table below summarises the allocation. It is explained in the sections that follow.
| Question | Governing law | Primary responsibility |
|---|---|---|
| May this call be recorded at all? | RICA | The Customer, as a party to the call and the operator of the line, with SmartAlex providing the notice and consent tooling. |
| How must the recording then be handled, stored, and shared? | POPIA | Owned by our POPIA Notice and Privacy Policy. Not repeated here. |
| Is an agreement the agent forms with a caller legally valid? | ECTA | SmartAlex provides an electronic agent that can form valid agreements; the Customer, as principal, is bound by and responsible for what its agent agrees. |
| Who may lawfully carry the call over a network? | ECA | Duly licensed telecommunications providers engaged as Subprocessors. SmartAlex is not itself a licensed operator. |
4. RICA: interception and the recording of calls
4.1 The general prohibition
RICA makes it a criminal offence to intentionally intercept, or to procure another person to intercept, a communication in the course of its transmission, unless the interception falls within one of the exceptions the Act allows. Recording a live call is capable of being interception. Every recording made through the Services must therefore fit squarely within a RICA exception, or it must not be made. We design the Services on that basis.
4.2 Our lawful basis: a party to the communication
RICA permits interception by a person who is a party to the communication. It separately allows interception with the prior consent of a party, but that consent exception requires the consent to be given in writing. The basis the Services rely on is the party exception. When a SmartAlex voice agent handles a call, the Customer, on whose behalf the agent acts, is a party to that call, on the same footing as any call centre or business that records the calls it participates in, and SmartAlex captures the audio as the Customer's service provider, at the Customer's instruction. The notice given at the start of a call, and the caller's continuation, reinforce this basis and create a record of what was disclosed. They are evidentiary and support the POPIA lawful-processing position; they are not relied on as RICA's written-consent exception.
This exception has a hard limit that we build into the product: it covers only the call that the Customer is a party to. It does not authorise capturing a communication that neither the Customer nor SmartAlex is a party to. The Services do not offer, and must not be used for, the covert interception of conversations between other people.
4.3 Notice and consent at the start of the call
Recording that relies on a party or consent basis is strengthened by clear, early notice, and in some jurisdictions notice or consent is required. The Services support this at the point of the call:
- a configurable pre-recording disclosure can be played at the start of a call, for example "This call may be recorded and transcribed for quality and compliance purposes, please confirm to continue";
- a live disclosure tells the person they are speaking with an automated assistant and that the call may be recorded;
- the caller's continuation, and any affirmative consent given, is captured together with the wording that was presented and the time it was presented, so that both the Customer and SmartAlex can later show what was disclosed; and
- consent capture is region aware, so that a stricter standard can be applied where local law requires it.
The mechanics of consent capture, the one-party and all-party consent framework, and the POPIA section 18 notification are set out in our Telephony and Call Recording Notice and our Recording Consent Notice. This Notice does not repeat them.
4.4 Business-purpose interception and monitoring of a Customer's own staff
RICA separately allows interception in connection with the carrying on of a business, for defined purposes such as recording transactions, establishing facts, or monitoring standards and compliance, provided that the person who controls the relevant system has made all reasonable efforts to inform every user of that system, in advance, that their communications may be intercepted, or the user has consented. Where a Customer uses the Services to record or monitor calls made by its own staff on its own system, the Customer is the controller of that system for this purpose. The Customer must give its staff and other users of the system advance notice that their communications may be intercepted. By using the Services for this purpose, the Customer confirms that it has given, or will give, that notice and holds any consent it requires.
4.5 What SmartAlex does not do
SmartAlex records only calls that its agents, and the Customers on whose behalf they act, are parties to. SmartAlex does not intercept the communications of third parties, and it holds no lawful-interception direction and no obligation to obtain one, because it does not perform the kind of third-party interception that the State-authorised regime in RICA governs. We do not hold ourselves out as performing lawful interception on behalf of any authority, and the Services are not offered for that purpose.
4.6 RICA under reform
Parts of RICA that concern State surveillance and interception directions were found to be constitutionally deficient by the Constitutional Court in AmaBhungane Centre for Investigative Journalism v Minister of Justice and Correctional Services, and the legislative response remains in progress. That process concerns State interception, not the private party-to-call recording that the Services rely on. The exceptions that permit a party to a call to record that call remain in force and are not affected. We monitor the reform and will update this Notice if the private-recording position changes.
4.7 What happens to a recording after it is made
RICA governs whether a call may be captured. What then happens to the recording, being how it is stored, secured, retained, shared, transferred across borders, and deleted, and the rights of the person recorded, is governed by POPIA. Those matters are dealt with in our POPIA Notice and Privacy Policy, and, between SmartAlex and a Customer, in our Data Processing Addendum. This Notice does not restate them.
5. ECTA: electronic transactions, signatures and automated agents
5.1 Records and transcripts have legal force
ECTA gives legal recognition to information in the form of a data message. A record is not without legal force merely because it is electronic. It provides that a requirement for information to be in writing is met by a data message that is accessible for later reference, that a data message may be admitted in evidence, and that a data message retained in its accessible and reproducible form, with its origin, destination, and the date and time it was sent or received, satisfies a legal requirement to retain information. In practical terms, the transcripts, confirmations, summaries, and in-app records that the Services generate are legally cognisable, can be admitted as evidence of what was said and agreed, and can satisfy writing and retention requirements, provided their integrity is preserved. We retain recordings and transcripts with their timestamps and metadata so that this remains true.
5.2 Electronic signatures
ECTA recognises electronic signatures. For most commercial purposes an ordinary electronic signature is valid, being any mark or method by which a person indicates approval of the information, where the method is reliable and appropriate to the purpose. Parties may agree what will count as a signature between them. This is the basis on which acceptance of terms at sign-up, and the electronic signing of documents such as non-disclosure agreements through the Services, are valid and binding.
Two limits apply, and the Services respect them. First, where a law specifically requires a signature and the parties have not agreed on the type, ECTA requires an advanced electronic signature, which is one produced by a process accredited by the Authority under the Act. The Services do not present an ordinary electronic signature as satisfying a legal requirement that calls for an advanced electronic signature. Second, ECTA excludes certain instruments from being concluded electronically at all, including wills, and certain dealings in immovable property. The Services are not to be used to purport to conclude those instruments electronically.
5.3 Agreements formed by the voice agent
This is the provision that matters most to an automated voice service. ECTA expressly recognises agreements formed by an electronic agent. An agreement is not without legal force merely because an electronic agent performed an action required for its formation without review by a natural person, and an agreement formed through the interaction of an electronic agent and a natural person is valid. Because a SmartAlex voice agent is an electronic agent, an agreement or confirmation it reaches with a caller can bind the Customer, as the principal on whose behalf the agent acts, in the same way as if a human representative of the Customer had reached it.
ECTA attaches two conditions to this recognition, and both are built into how the Services are designed to be used:
- A chance to review. A natural person is not bound by terms that they had no opportunity to review before agreeing. Where the Customer configures the agent to conclude or confirm an agreement, the flow should present the material terms to the caller, in a form the caller can take in, before the caller commits.
- A chance to catch and correct an error. A person is not bound where a material error was made in a transaction with an electronic agent and the system did not give them an opportunity to prevent or correct the error, provided they act promptly and take no benefit from it. The Services support, and Customers should use, a read-back and confirmation step so that the caller can hear back what has been captured and correct it before it is treated as final.
Customers that use the agent to conclude agreements are responsible for configuring these review and correction steps and for the terms their agent presents. The agent is the Customer's electronic agent, and the Customer is bound by and responsible for what it agrees.
5.4 When and where an agreement is formed
ECTA sets rules for when and where an agreement formed by data messages is concluded, based on when a message enters an information system capable of retrieval and on the usual place of business of the sender and the recipient. These rules can determine when a binding agreement exists and which forum and law govern it. Customers operating across borders should take these rules into account when they configure agreements that the agent concludes.
5.5 Selling to consumers
Where the Services are used to offer or conclude a transaction with a consumer, being a natural person acting for private purposes, ECTA provides consumer protections for electronic transactions. These include prescribed pre-contract disclosures, such as the identity of the supplier, the price, and the terms, and a cooling-off right that allows the consumer to cancel certain electronic transactions within seven days without reason or penalty, subject to the exemptions ECTA sets. These protections overlap with the Consumer Protection Act 68 of 2008, which has its own disclosure and cooling-off regime, and some of them cannot be excluded by agreement. Where a Customer uses a voice agent to sell to consumers, the Customer, as the supplier, is responsible for making the required disclosures and for honouring any cooling-off and cancellation rights. The Services can help surface those disclosures, but the obligation rests with the Customer.
5.6 Data protection is governed by POPIA, not by ECTA
ECTA once contained a voluntary chapter of data-protection principles. Those principles have been overtaken by POPIA, which is now the governing data-protection law in South Africa. We treat the protection of personal information as a POPIA matter, and our practices are set out in our POPIA Notice and Privacy Policy. The direct-marketing and automated-calling rules, including the consent standard for electronic direct marketing, are dealt with in section 6.4 below and in those documents.
6. The ECA: electronic communications and licensing
6.1 SmartAlex operates above the licensed carriage layer
The ECA regulates electronic-communications networks and services in South Africa through a licensing framework administered by ICASA. It creates licence categories for those who provide network services and communications services to the public. SmartAlex owns no network and does not, in its own right, provide the conveyance of signals that a network or communications licence covers. It is a software service that runs a voice agent and that consumes carriage from licensed operators. On that basis we take the position that SmartAlex is not an ICASA licensee and that the software service does not require a network or communications-service licence. That position depends on SmartAlex remaining above the carriage layer, as described in section 6.5.
Four things follow from that position, and we hold ourselves to them.
6.2 We do not hold ourselves out as a licensed operator
SmartAlex does not describe itself as a telecommunications carrier, a network operator, or a licensed communications provider, in its marketing, its interface, or its documents. It provides a voice service that runs over carriage supplied by others.
6.3 Carriage is provided by duly licensed operators
The telephone carriage that underlies a call, being origination, termination, and the numbers used, is provided through telecommunications operators that are duly licensed, or exempt from licensing, under the ECA. We engage those operators as Subprocessors, and where a Customer brings its own carrier, the Customer is responsible for that carrier being duly licensed. The identities of the providers we engage are published in our Subprocessor List.
6.4 Numbering, caller-line identity, and marketing calls
Calls made through the Services present caller-line identity drawn from telephone numbers that have been lawfully allocated to the Customer through a licensed operator. SmartAlex does not support falsifying caller identity to disguise the true origin of a call. Automated and marketing calls are subject to further rules that sit outside the ECA, including the consent standard for electronic direct marketing under POPIA, the Consumer Protection Act, and ICASA end-user and consumer rules. A Customer that uses the Services for outbound or marketing calls is responsible for meeting those rules, including obtaining any consent that direct-marketing law requires. Our approach to direct marketing and consent is described in our Privacy Policy and POPIA Notice, and acceptable use is governed by our Acceptable Use Policy.
6.5 Activities that would change the licensing position
SmartAlex's unlicensed position depends on it staying above the carriage layer. Certain activities could bring a provider within the ECA's licensing net, and we treat them as requiring a licensing or exemption review, with legal sign-off, before they are offered. They include reselling carriage or minutes in our own name, allocating telephone numbers directly to end customers rather than through a licensed operator, conveying third-party voice traffic as a service in our own right, and operating a self-provided network in a way that amounts to providing an electronic-communications service or network to the public. We do not enter any of these without that review.
7. How responsibility is shared
Because these statutes fall on different parties, the practical division of responsibility is as follows.
The Customer, as a party to its calls, the operator of its line, the principal behind its voice agent, and the responsible party for the personal information involved:
- decides whether and when calls are recorded, and ensures that recording has a lawful basis under RICA, using the notice and consent tooling the Services provide;
- gives its own staff advance notice where it monitors their calls;
- configures the review, read-back, and correction steps for any agreement its agent concludes, and stands behind the terms its agent presents;
- meets consumer-protection and direct-marketing obligations where it sells or markets to consumers; and
- ensures any carrier it brings is duly licensed.
SmartAlex, as the application layer:
- designs the Services so that recording relies on a proper RICA basis, so that third-party interception is neither offered nor supported through the product, and so that covert interception of the conversations of others is prohibited by our Acceptable Use Policy;
- provides pre-recording disclosure, live AI and recording disclosure, region-aware consent capture, and a record of the consent given;
- provides an electronic agent capable of forming valid agreements, with support for review and error-correction steps;
- arranges carriage through duly licensed operators, uses lawfully allocated numbers, and presents accurate caller-line identity; and
- does not hold itself out as a licensed operator and submits any activity that would change that position to a licensing review.
8. How this Notice relates to our other policies
This Notice is one part of the SmartAlex legal library, and it is meant to be read with the documents it points to.
- Our Privacy Policy and POPIA Notice govern how personal information, including recordings and transcripts, is processed, secured, retained, and transferred, and the rights of the people concerned.
- Our Telephony and Call Recording Notice and Recording Consent Notice set out the recording-consent framework and the disclosures made on calls.
- Our Data Processing Addendum governs the processing relationship between SmartAlex and a Customer.
- Our Acceptable Use Policy and AI Usage Policy govern what the Services may be used for, including automated and marketing calls and the disclosure that a caller is speaking with an AI.
- Our Subprocessor List names the telephony, voice, and AI providers we engage.
- Individuals who want to exercise data-protection rights can use our Data Subject Request Procedure.
9. Updates and contact
This Notice is reviewed periodically and updated to reflect changes in South African law, the Services, or our Subprocessors, including any change in the reform of RICA or the ECA. The effective date below reflects the most recent revision. Where a change is material, we will take reasonable steps to inform Customers in advance through the platform or by email. For questions about this Notice, contact privacy@getsmartalex.com, and for questions about licensing or electronic contracting, contact legal@getsmartalex.com. A South African data subject who wishes to complain about the processing of personal information may also contact the Information Regulator at POPIAComplaints@inforegulator.org.za or https://inforegulator.org.za.
This Notice is issued by THERCSGROUP PTE. LTD. (UEN 202543608D), 160 Robinson Road, #14-04 Singapore Business Federation Center, Singapore 068914, and is governed by the laws of the Republic of Singapore. Nothing in this governing-law statement limits the application of South African law to the South African use of the Services, as described in section 1.
10. Version and effective date
This South African Electronic Communications Notice is version 1.0 and is effective from 7 July 2026.