How to evaluate data ownership and export rights

Why data ownership and export rights matter

Property management runs on continuity. A sectional title scheme's financial history, a managing agent's trust-account ledgers, a landlord's lease and arrears record — these are not disposable. They support audits, CSOS reporting, SARS obligations, AGM packs, levy clearance certificates and, when relationships sour, dispute resolution. If that history lives inside a system you cannot fully export, your ability to switch providers, satisfy an auditor or hand over a scheme to a new managing agent is constrained by the vendor's goodwill rather than your rights.

There is also a legal dimension. Under the Property Practitioners Act (Act 22 of 2019), property practitioners handling trust money are subject to record-keeping and trust-accounting duties, and section 54 deals with the keeping of accounting records and trust accounts. Community schemes governed by the STSMA (Act 8 of 2011) and overseen under the CSOS Act (Act 9 of 2011) must maintain proper financial and member records. You cannot reliably meet those duties if your records are trapped in a format only one vendor can read.

Treat data ownership as a commercial-risk question, not an IT detail. The cost of a platform is not just the monthly fee; it is also the cost and difficulty of leaving. A vendor confident in its product will make export easy because it competes on service, not on lock-in.

Who owns the data — read the contract, not the brochure

Start with the written agreement. Marketing pages often say "your data is yours"; the contract is where that either holds or evaporates. Look for an explicit clause stating that the customer retains ownership of all customer data and content, and that the provider's rights are limited to processing that data to deliver the service. Be wary of broad licences that grant the vendor rights to use, aggregate or commercialise your data beyond running the platform.

Distinguish ownership from custody. A platform legitimately stores and processes your data, but storing it does not make the vendor the owner. The clause you want makes the relationship clear: you own the records, the vendor is the processor or operator acting on your instructions. For personal information, POPIA frames this as a responsible party (you) and an operator (the vendor), and a written operator agreement is generally expected.

For community schemes specifically, clarify who the "customer" is. The data of a body corporate or HOA belongs to that scheme, not to the managing agent personally. If you are the managing agent, ensure the contract and export rights survive a change of agent so the scheme can be handed over cleanly. Regalis is designed to support clean scheme-level ownership so that records follow the scheme, not the agent.

• Is there an explicit clause that the customer owns its data?
• Is the vendor's licence limited to operating the service?
• Does the agreement avoid granting rights to commercialise or resell your data?
• For schemes: does ownership and export sit with the body corporate or HOA, not the agent?

What a complete, usable export actually looks like

"You can export your data" is only meaningful if the export is complete and usable. Completeness means every category of record you rely on: financial ledgers and trial balances, individual transactions with dates and references, owner and tenant contact details, lease and tenancy histories, levy rolls and arrears, maintenance and inspection logs, and stored documents such as leases, invoices and statements. Usability means open, widely readable formats — CSV or Excel for tabular data, PDF for statements and documents — rather than a proprietary file only the original system can open.

Ask about metadata and relationships, not just rows. A list of transactions is far less useful if it loses the link between a payment, the unit it belongs to, and the owner who made it. A good export preserves the relationships that let you reconstruct a ledger or a levy roll in another system. Ask whether documents come out as actual files (with sensible names) or only as links that expire when your subscription ends.

Finally, test it. During evaluation, ask the vendor to run a sample export on demo or trial data and inspect what you receive. The gap between "export available" and "export I can actually rebuild my books from" is where buyers get caught.

• Open formats: CSV, Excel, PDF — not proprietary-only files
• Coverage: ledgers, transactions, contacts, leases, levy rolls, documents
• Preserved relationships between transactions, units, owners and tenants
• Documents delivered as real files, not expiring links
• A test export you have actually opened and checked

Retention and deletion under POPIA

POPIA generally treats the personal information of owners, tenants, trustees and staff as something you are accountable for. Two principles bear directly on your software choice. First, information should not be kept longer than necessary for the purpose it was collected for, unless another law requires longer retention — which is common in property, where accounting and trust records often must be kept for set periods. Second, data subjects can request access to, correction of, and in some cases deletion of their personal information.

Ask how the platform handles this in practice. Can you set or apply retention periods? When a tenant or owner asks for deletion, can the system action that request, and does it distinguish between records you must keep for legal reasons and those you may remove? When you eventually leave the vendor, what happens to the personal information they hold — is it deleted on a defined schedule, and do you get confirmation of secure disposal?

Retention and export are two sides of the same coin. You need to be able to take your records out (export) and to ensure the vendor does not keep personal information indefinitely once you are gone (deletion). Confirm both are addressed in the contract and supported in the product. Regalis is designed to support POPIA-aligned retention, data-subject request handling and deletion workflows so these obligations are manageable rather than ad hoc.

Portability if you leave — plan the exit before you enter

The real test of data ownership is the exit. Ask the vendor to describe, step by step, what happens when you give notice: what you receive, in what formats, how long it takes, and whether there is any charge for accessing your own data. A reasonable provider gives you a full export at no extra cost and within a sensible window; a charge to release your own records, or a delay that risks your audit or handover, is a red flag.

Clarify the transition period. After your subscription ends, how long can you still log in or request data? If access is cut immediately, you must complete your export before the final day — so the notice and export process need to be clear in advance. For managing agents handing a scheme to a successor, confirm that the export is detailed enough for the new agent or platform to import and continue without gaps.

Put portability commitments in writing. Verbal assurances that "we'll sort it out" do not help during a contested exit. The contract or an annexed data-handling schedule should set out export scope, format, timing and cost so that leaving is a documented right, not a negotiation.

• What exactly is exported, and in which formats?
• How long does export take, and is there a fee?
• How long is access retained after cancellation?
• Is the export sufficient for a successor agent or platform to import?

Sub-processors — who else touches your data

Modern platforms rely on third parties: cloud hosting, payment and collection providers, tenant-screening or credit-check services, email and SMS delivery, and document storage. Under POPIA these are typically further operators (sub-processors), and you generally remain accountable for the personal information they process on your behalf. You cannot assess your own compliance without knowing who they are.

Ask for a list of sub-processors and what each one does with your data. Confirm where data is hosted — data residency matters for POPIA, and South African or appropriately safeguarded hosting reduces cross-border complexity. Ask whether sub-processors are bound by written agreements with adequate security obligations, and how you would be notified if the vendor changes a sub-processor.

Be especially careful with payment and screening providers, which handle sensitive financial and identity data. Knowing the chain of custody — from your platform to its sub-processors — lets you answer an auditor, a regulator or a data subject with confidence rather than guesswork.

• A disclosed list of sub-processors and their roles
• Where your data is hosted (data residency)
• Written security obligations on each sub-processor
• Notice when a sub-processor changes

A buyer's checklist you can use in demos

Bring these questions to every vendor demo and ask for the answers in writing. Treat reluctance to answer plainly as part of the answer. The goal is not to catch anyone out, but to confirm that the platform competes on the quality of its service rather than on how hard it is to leave.

Score each provider on the same questions so you compare approaches, not sales pitches. The vendor that gives clear, specific, contract-backed answers on ownership, export completeness, POPIA retention and deletion, exit portability and sub-processors is the one that has thought about your interests, not just its own retention rate.

• Does the contract say in plain words that we own our data?
• Can we get a complete export (ledgers, contacts, leases, levy rolls, documents) in open formats?
• Will you run a sample export for us during evaluation?
• How do you support POPIA retention, data-subject requests and deletion?
• On exit, what do we get, how fast, and at what cost?
• Who are your sub-processors and where is data hosted?
• How long do we retain access after cancellation?